From owner-freebsd-questions@FreeBSD.ORG Mon Oct 27 01:34:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6F3F16A4B3 for ; Mon, 27 Oct 2003 01:34:24 -0800 (PST) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4369243F3F for ; Mon, 27 Oct 2003 01:34:21 -0800 (PST) (envelope-from rehsack@liwing.de) Received: (qmail 72485 invoked from network); 27 Oct 2003 09:34:19 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 27 Oct 2003 09:34:19 -0000 Message-ID: <3F9CE69B.1040501@liwing.de> Date: Mon, 27 Oct 2003 09:34:19 +0000 From: Jens Rehsack User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031022 X-Accept-Language: de-de, de, en-us, en MIME-Version: 1.0 To: Vladimir References: <1225931937.20031025184822@aaanet.ru> <3F9AA3D8.9000303@liwing.de> <5714575171.20031026145709@aaanet.ru> <3F9BBE2D.2040402@liwing.de> <1245107859.20031027122032@aaanet.ru> In-Reply-To: <1245107859.20031027122032@aaanet.ru> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: questions@freebsd.org Subject: Re: Bind 9.2.3rc4 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2003 09:34:24 -0000 Vladimir wrote: > Hi, Jens. Hi Vladimir, > JR> You have 2 lines with defined acl's in your config and allow > JR> only for requests matching the one of the list entries. > JR> If I were in your situation, I would remove them for testing > JR> to see whether it works than or not. I don't have any experience > JR> with access control within bind, so I cannot tell you if it's > JR> correct. I you ipf to block request not coming from 10.62.10.0/24 or > JR> 127.0.0.0/8 to this machine. > > I remove all acl's and changed all allow- but dig 127.0.0.1 do not > work. I removed all allow- but it do not work. :-( And restarted you server? Ok, start the named within a script(1) with '-d'. Then it will print whatever it does. On another terminal, start a request, eg. 'dig'. If you cannot find sth. mysterious or unwanted in the output, attach the log. >>>JR> $ dig 127.0.0.1 >>>JR> ; <<>> DiG 8.3 <<>> 127.0.0.1 >>>... >>>JR> ;; MSG SIZE sent: 27 rcvd: 102 >>>Not working. > > JR> Try to connect to internet and see if it works fine than. > Not working. :-( > > JR> If it does, either your /etc/resolve.conf is wrong > > search habanet.local > domain habanet.local > nameserver 192.168.1.4 > > Is it right? I think so. > JR> or your access restriction are. > > >>>JR> As you can see here, my server responds. You should check your logfiles >>>JR> to see why your server denied to answer the request. Maybe you have to >>>JR> increase the verbosity for it. >>> >>>How i can do it? > > JR> named(8) tells you :-) > > You talking about -d option or about "logging"? At first about the '-d' option. >>>Maybe something wrong in my configs? >>>And why mc start so long? I know that because of named, bucaese when I >>>stop it mc start quikly. > > JR> First assumtion of me is your acl's. If they're not, we'll look > JR> deeper :-) > > Problem not in acl. Your the expert :-) No - as long as it doesn't work, the config should be reduced to minimum. Maybe the acl's aren't the problem, maybe they aren't the only one. Maybe they are the only one which is not wrong? Would you please be so kind and attach the config files next time you reply? Jens