FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-11-2008, 11:09 PM
"Joseph L. Casale"
 
Default Bind acl statement issue

>From the manual, localnets matches hosts belonging to a network for which the server
has an interface in. I have a dns server in a dmz with an ip of 192.168.2.2 in /24. Named.conf
has 3 views, localhost_resolver -> localhost, internal -> localnets, and external -> !localnets; !localhost.

I have a management workstation in 192.168.0.0/24 that is connecting and receiving the following
debug:
client 192.168.0.44#2188: no matching view in class 'IN'

I don't get it? Obvioulsy if I add all to the external view, it works. How is the failing?

Thanks!
jlc
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-12-2008, 07:41 AM
"Tim Verhoeven"
 
Default Bind acl statement issue

On Thu, Jun 12, 2008 at 1:09 AM, Joseph L. Casale
<JCasale@activenetwerx.com> wrote:
> >From the manual, localnets matches hosts belonging to a network for which the server
> has an interface in. I have a dns server in a dmz with an ip of 192.168.2.2 in /24. Named.conf
> has 3 views, localhost_resolver -> localhost, internal -> localnets, and external -> !localnets; !localhost.
>
> I have a management workstation in 192.168.0.0/24 that is connecting and receiving the following
> debug:
> client 192.168.0.44#2188: no matching view in class 'IN'
>
> I don't get it? Obvioulsy if I add all to the external view, it works. How is the failing?

Could you post your complete named.conf file so that we can have a look at it ?

Regards,
Tim

--
Tim Verhoeven - tim.verhoeven.be@gmail.com - 0479 / 88 11 83

Hoping the problem magically goes away by ignoring it is the
"microsoft approach to programming" and should never be allowed.
(Linus Torvalds)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-12-2008, 07:50 AM
"Indunil Jayasooriya"
 
Default Bind acl statement issue

Hi,

Here's ONE .


//
// named.conf for Red Hat caching-nameserver
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

// ACL statement

acl "trusted-subnet" { 192.168.3.0/24; 192.168.2.0/24; 192.168.4.0/24; };

view "internal" { //what the internal network will see

match-clients { localnets; localhost; "trusted-subnet"; };

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

zone "abc.com" IN {
type master;
file "internal.abc.zone";
allow-update { none; };
allow-query { any; };
};

zone "2.168.192.in-addr.arpa" IN {
type master;
file "internal.reverse.abc.zone";
allow-update { none; };
allow-query { any; };
};

zone "3.168.192.in-addr.arpa" IN {
type master;
file "internal_LAN.reverse.abc.zone";
allow-update { none; };
allow-query { any; };
};
};

view "external" { // what the Internet will see

match-clients { any; };
// recursion no;

zone "abc.com" IN {
type master;
file "abc.zone";
allow-update { none; };
allow-query { any; };
};

zone "138.165.222.in-addr.arpa" IN {
type master;
file "reverse.abc.zone";
allow-update { none; };
allow-query { any; };
};
};

include "/etc/rndc.key";



Hope the above is what u r in search of.

GOOD LUCK



On Thu, Jun 12, 2008 at 1:11 PM, Tim Verhoeven
<tim.verhoeven.be@gmail.com> wrote:
> On Thu, Jun 12, 2008 at 1:09 AM, Joseph L. Casale
> <JCasale@activenetwerx.com> wrote:
>> >From the manual, localnets matches hosts belonging to a network for which the server
>> has an interface in. I have a dns server in a dmz with an ip of 192.168.2.2 in /24. Named.conf
>> has 3 views, localhost_resolver -> localhost, internal -> localnets, and external -> !localnets; !localhost.
>>
>> I have a management workstation in 192.168.0.0/24 that is connecting and receiving the following
>> debug:
>> client 192.168.0.44#2188: no matching view in class 'IN'
>>
>> I don't get it? Obvioulsy if I add all to the external view, it works. How is the failing?
>
> Could you post your complete named.conf file so that we can have a look at it ?
>
> Regards,
> Tim
>
> --
> Tim Verhoeven - tim.verhoeven.be@gmail.com - 0479 / 88 11 83
>
> Hoping the problem magically goes away by ignoring it is the
> "microsoft approach to programming" and should never be allowed.
> (Linus Torvalds)
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Thank you
Indunil Jayasooriya
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-12-2008, 01:26 PM
"Joseph L. Casale"
 
Default Bind acl statement issue

>view "external" { // what the Internet will see
>
> match-clients { any; };
>

It looks like the example file's "external -> !localnets; !localhost" wouldn't match anything?
I also used "any" and everything is fine. It appears as Bind will stop once matched so this is safe.

Thanks!
jlc
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:23 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org