Dear Friends,
I created um DNS server for network Internal and External same SERVER, but the control by ACLs in named.conf don't work, when I active ACLs the server don't resoluction external domain names.
Please, check NAMED.CONF file.
// // named.conf for Red Hat caching-nameserver //
options { directory "/var/named/"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53;
allow-query { 127.0.0.1/32; 192.168.1.0/24; 200.245.88.23/32; 200.162.222.37/32;};
allow-transfer { 127.0.0.1/32; 192.168.1.0/24; 200.162.222.37/32; 195.20.105.149/32; 193.111.27.194/32; 194.145.96.21/32; 193.23.158.13;};
allow-recursion { 127.0.0.1/32; 192.168.1.0/24; 200.162.222.37/32;};
// allow-notify { 127.0.0.1/32; // 200.245.88.23/32;};
}; // LOG logging { channel query-log { file "/var/named/data/query-log" versions 5 size 50m; }; category queries { query-log; }; };
acl internals { 192.168.1/24; 127/8; };
// // a caching only nameserver config // controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; };
view "external" { match-clients { any; }; recursion no;
zone "conntrust.com" IN { type master; file "conntrust.com.hosts"; allow-update {none;}; allow-query {any;}; allow-transfer {any;}; };
zone "whitelist.conntrust.com" IN { type master; file "whitelist.conntrust.com.hosts"; allow-update {none;}; allow-query {any;}; allow-transfer {any;}; };
}; //acl external
view "internal" { match-clients { internals; }; recursion yes;
zone "." IN { type hint; file "named.ca"; };
zone "localdomain" IN { type master; file "localdomain.zone"; // allow-update { none; }; };
zone "localhost" IN { type master; file "localhost.zone"; // allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; // allow-update { none; }; };
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; // allow-update { none; }; };
zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; // allow-update { none; }; };
zone "0.in-addr.arpa" IN { type master; file "named.zero"; // allow-update { none; }; };
zone "conntrust.com" IN { type master; file "internal.conntrust.com.hosts"; allow-update { internals; };
};
}; // acl internal
include "/etc/rndc.key";
Thanks
Adriano