From owner-freebsd-current@FreeBSD.ORG Sun Oct 31 13:05:11 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4930716A51F for ; Sun, 31 Oct 2004 13:05:11 +0000 (GMT) Received: from gundel.de.clara.net (gundel.de.clara.net [212.82.225.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B6E843D4C for ; Sun, 31 Oct 2004 13:05:10 +0000 (GMT) (envelope-from jesk@killall.org) Received: from port-212-202-52-250.dynamic.qsc.de ([212.202.52.250] helo=turbofresse) by gundel.de.clara.net with smtp (Exim 4.30; FreeBSD) id 1COFYI-000EUl-TQ for current@freebsd.org; Sun, 31 Oct 2004 14:15:22 +0100 Message-ID: <008701c4bf4a$3d0ec600$45fea8c0@turbofresse> From: "jesk" To: Date: Sun, 31 Oct 2004 14:05:04 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Subject: Bind9.3 Bug? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2004 13:05:11 -0000 Hello, i just configured a classles Reverse Delegation from BIND8 to BIND9.3. the zonename on the BIND9.3 (ns0.example.com) system is "224-239.xxx.xxx.xxx.in-addr.arpa". i configured the zone as follows: --- zone "224-239.xxx.xxx.xxx.in-addr.arpa" { type master; file "master/224-239.xxx.xxx.xxx.in-addr.arpa"; allow-query { any; }; }; --- the zone itself looks like this: --- $TTL 18000 @ IN SOA ns0.example.com. hostmaster.example.com. ( 2004103009 ; Serial number 3H ; Refresh every 3 hours 15M ; Retry after 15 Minutes 1W ; Expire after 1 week 4H ) ; Minimum 4 hourse IN NS ns0.example.com. IN NS ns1.example.com. 225 IN PTR ns0.example.com. 226 IN PTR mx0.example.com. 227 IN PTR www.example.com. --- now i recognized that resolving a ip of the subnet directly from ns0.example.com wont work: --- "host xxx.xxx.xxx.227 ns0.example.com" "Host 227.xxx.xxx.xxx.in-addr.arpa not found: 5(REFUSED)" --- On ns0.example.com BIND9.3 says: --- "named[53719]: client x.x.x.x#58160: query (cache) ' 227.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied" --- It seems that ns0.example.com doesnt feel authoritativ for the zone, cause when setting allow-query { any; }; globally then resolving from a other bind9.3 resolver will work but from a bind8 resolver it wont... Am i totally stupid or whats going on there? When iam commenting out all "allow-query" in named.conf then it will work perfectly, but then recursive resolving will work for everyone. So i tested it with "acl "systemitself" { 127.0.0.1; xx.x.x.x; x.x.x.x/28; };" "allow-recursion { "systemitself"; };" with the goal that only the system itself can resolv recursiv, but that didnt worked too. with this configuration all recursiv lookups worked from everywhere, and authoritativ lookups too, but resolving the reverse zone for which the system should be authoritativ didnt worked. Is this a Bug or are there any hardcore changes to Bind?