[CentOS] Bind acl statement issue
Indunil Jayasooriya
indunil75 at gmail.com
Thu Jun 12 07:50:55 UTC 2008
Hi,
Here's ONE .
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// ACL statement
acl "trusted-subnet" { 192.168.3.0/24; 192.168.2.0/24; 192.168.4.0/24; };
view "internal" { //what the internal network will see
match-clients { localnets; localhost; "trusted-subnet"; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "abc.com" IN {
type master;
file "internal.abc.zone";
allow-update { none; };
allow-query { any; };
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "internal.reverse.abc.zone";
allow-update { none; };
allow-query { any; };
};
zone "3.168.192.in-addr.arpa" IN {
type master;
file "internal_LAN.reverse.abc.zone";
allow-update { none; };
allow-query { any; };
};
};
view "external" { // what the Internet will see
match-clients { any; };
// recursion no;
zone "abc.com" IN {
type master;
file "abc.zone";
allow-update { none; };
allow-query { any; };
};
zone "138.165.222.in-addr.arpa" IN {
type master;
file "reverse.abc.zone";
allow-update { none; };
allow-query { any; };
};
};
include "/etc/rndc.key";
Hope the above is what u r in search of.
GOOD LUCK
On Thu, Jun 12, 2008 at 1:11 PM, Tim Verhoeven
<tim.verhoeven.be at gmail.com> wrote:
> On Thu, Jun 12, 2008 at 1:09 AM, Joseph L. Casale
> <JCasale at activenetwerx.com> wrote:
>> >From the manual, localnets matches hosts belonging to a network for which the server
>> has an interface in. I have a dns server in a dmz with an ip of 192.168.2.2 in /24. Named.conf
>> has 3 views, localhost_resolver -> localhost, internal -> localnets, and external -> !localnets; !localhost.
>>
>> I have a management workstation in 192.168.0.0/24 that is connecting and receiving the following
>> debug:
>> client 192.168.0.44#2188: no matching view in class 'IN'
>>
>> I don't get it? Obvioulsy if I add all to the external view, it works. How is the failing?
>
> Could you post your complete named.conf file so that we can have a look at it ?
>
> Regards,
> Tim
>
> --
> Tim Verhoeven - tim.verhoeven.be at gmail.com - 0479 / 88 11 83
>
> Hoping the problem magically goes away by ignoring it is the
> "microsoft approach to programming" and should never be allowed.
> (Linus Torvalds)
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Thank you
Indunil Jayasooriya
More information about the CentOS
mailing list