[Server-devel] bind problems - HELP!
John Watlington
wad at laptop.org
Fri Jan 11 11:37:21 EST 2008
Sorry for the spam, but I've got a puzzling named problem.
Perhaps someone on this list can redirect this to a bind hacker...
I'm running bind 9.4.2 on a principal school server. An auxiliary
school server is connected to one of its subnets, and both support
a wireless mesh.
Name resolution works fine from the auxiliary school server and from
laptops connecting directly through the principal school server.
Recursive name resolution fails on laptops connected through the
secondary school server.
Routing tables seem fine, as the failing laptop can ping both the
principal school server and the outside world, and the principal
school server can ping the failing laptop. IPv6 is disabled on both
school server (for now!)
Looking at the named logs (trace level 5), shows that accesses from
both laptops are accessing the "internal" view. The problem is that
bind for some reason thinks that recursion is not available when
the requesting machine is not directly attached to one of its subnets.
Here we have a request from a laptop directly connected to the
principal school server:
client @0xb59b1008: udprecv
client 172.18.16.232#32769: UDP request
client 172.18.16.232#32769: view internal: using view 'internal'
client 172.18.16.232#32769: view internal: request is not signed
client 172.18.16.232#32769: view internal: recursion available
client 172.18.16.232#32769: view internal: query
client 172.18.16.232#32769: view internal: query (cache)
'ship2.jabber.laptop.org/A/IN' approved
client 172.18.16.232#32769: view internal: send
client 172.18.16.232#32769: view internal: sendto
client 172.18.16.232#32769: view internal: senddone
client 172.18.16.232#32769: view internal: next
client 172.18.16.232#32769: view internal: endrequest
And here we have a request from a laptop which is routed through
the auxiliary school server:
client @0xb59b1008: udprecv
client 172.18.22.233#32769: UDP request
client 172.18.22.233#32769: view internal: using view 'internal'
client 172.18.22.233#32769: view internal: request is not signed
client 172.18.22.233#32769: view internal: recursion not available
client 172.18.22.233#32769: view internal: query
client 172.18.22.233#32769: view internal: query (cache)
'ship2.jabber.laptop.org/A/IN' denied
client 172.18.22.233#32769: view internal: error
client 172.18.22.233#32769: view internal: send
client 172.18.22.233#32769: view internal: sendto
client 172.18.22.233#32769: view internal: senddone
client 172.18.22.233#32769: view internal: next
client 172.18.22.233#32769: view internal: endrequest
I have recursion enabled in the "internal" view. I've tested with
recusion enabled
globally (in the options), and on all views. Nothing gets recursion
enabled
for laptops connecting through the auxiliary school server. Yet
external requests to
the principal school server recurse and resolve fine !
I'm unsure if this is a real bug with bind 9.4.2 (unlikely ?), or
misconfiguration.
The named.conf file is attached.
Thanks,
wad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: named.conf
Type: application/octet-stream
Size: 4078 bytes
Desc: not available
Url : http://lists.laptop.org/pipermail/server-devel/attachments/20080111/6e50979a/attachment.obj
More information about the Server-devel
mailing list