Split DNS (bind9), match-clients any doesn't work? Announcing the arrival of Valued Associate...
Should I discuss the type of campaign with my players?
How discoverable are IPv6 addresses and AAAA names by potential attackers?
Do you forfeit tax refunds/credits if you aren't required to and don't file by April 15?
What is this single-engine low-wing propeller plane?
Is it true that "carbohydrates are of no use for the basal metabolic need"?
What are the pros and cons of Aerospike nosecones?
How does a Death Domain cleric's Touch of Death feature work with Touch-range spells delivered by familiars?
3 doors, three guards, one stone
Can inflation occur in a positive-sum game currency system such as the Stack Exchange reputation system?
When to stop saving and start investing?
Stars Make Stars
Does accepting a pardon have any bearing on trying that person for the same crime in a sovereign jurisdiction?
Is above average number of years spent on PhD considered a red flag in future academia or industry positions?
Why don't the Weasley twins use magic outside of school if the Trace can only find the location of spells cast?
What does the "x" in "x86" represent?
What are 'alternative tunings' of a guitar and why would you use them? Doesn't it make it more difficult to play?
What do you call a phrase that's not an idiom yet?
Sorting numerically
What makes black pepper strong or mild?
Why did the IBM 650 use bi-quinary?
Should I call the interviewer directly, if HR aren't responding?
Is there a "higher Segal conjecture"?
If 'B is more likely given A', then 'A is more likely given B'
ListPlot join points by nearest neighbor rather than order
Split DNS (bind9), match-clients any doesn't work?
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questiondig @nameserver doesn't workBIND9 as a DNS server refuses requestsHost home.lan.home.lan not found: 4(NOTIMP) error in bind9 (DNS)How to increment serial number in bind9 dns zoneDNS server doesn't workBIND9: DNS resolves sometimes (!) take very long or don't work at allBind9 not forwarding DNSinitial DNS zone transfer too slow, too slow to update, any configuration to speed it up?Have unexpected hostname and IPBIND9 DNS zone file check reveals “ignoring out-of-zone data”
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
1
I've been fighting with this for the last few days. A few of my entries have external and internal IP's. My internal network is 10.0.0.0/8.
When I nslookup pc1.clase.net internally it responds with a 10.0.0.0 address but if I nslookup pc1.clase.net externally it still gives me a 10.0.0.0 address.
I'm on Debian Wheezy.
named.conf
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18;
};
};
};
internal/db.foward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns.clase.net.
ns IN A 10.0.0.10
pc1 IN A 10.0.0.12
external/db.forward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns
IN A 150.210.0.1
ns IN A 150.210.0.1
pc1 IN A 150.210.0.22
debian networking dns bind
asked Oct 20 '13 at 23:26
ultorianultorian
613
bumped to the homepage by Community♦ 3 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
1
I've been fighting with this for the last few days. A few of my entries have external and internal IP's. My internal network is 10.0.0.0/8.
When I nslookup pc1.clase.net internally it responds with a 10.0.0.0 address but if I nslookup pc1.clase.net externally it still gives me a 10.0.0.0 address.
I'm on Debian Wheezy.
named.conf
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18;
};
};
};
internal/db.foward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns.clase.net.
ns IN A 10.0.0.10
pc1 IN A 10.0.0.12
external/db.forward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns
IN A 150.210.0.1
ns IN A 150.210.0.1
pc1 IN A 150.210.0.22
debian networking dns bind
asked Oct 20 '13 at 23:26
ultorianultorian
613
bumped to the homepage by Community♦ 3 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
1
1
1
1
I've been fighting with this for the last few days. A few of my entries have external and internal IP's. My internal network is 10.0.0.0/8.
When I nslookup pc1.clase.net internally it responds with a 10.0.0.0 address but if I nslookup pc1.clase.net externally it still gives me a 10.0.0.0 address.
I'm on Debian Wheezy.
named.conf
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18;
};
};
};
internal/db.foward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns.clase.net.
ns IN A 10.0.0.10
pc1 IN A 10.0.0.12
external/db.forward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns
IN A 150.210.0.1
ns IN A 150.210.0.1
pc1 IN A 150.210.0.22
debian networking dns bind
asked Oct 20 '13 at 23:26
ultorianultorian
613
I've been fighting with this for the last few days. A few of my entries have external and internal IP's. My internal network is 10.0.0.0/8.
When I nslookup pc1.clase.net internally it responds with a 10.0.0.0 address but if I nslookup pc1.clase.net externally it still gives me a 10.0.0.0 address.
I'm on Debian Wheezy.
named.conf
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18;
};
};
};
internal/db.foward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns.clase.net.
ns IN A 10.0.0.10
pc1 IN A 10.0.0.12
external/db.forward.net
$TTL 604800
@ IN SOA ns.clase.net. root.clase.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns
IN A 150.210.0.1
ns IN A 150.210.0.1
pc1 IN A 150.210.0.22
debian networking dns bind
debian networking dns bind
asked Oct 20 '13 at 23:26
ultorianultorian
613
asked Oct 20 '13 at 23:26
ultorianultorian
613
edited Oct 21 '13 at 1:05
ultorian
asked Oct 20 '13 at 23:26
ultorianultorian
613
asked Oct 20 '13 at 23:26
ultorianultorian
613
asked Oct 20 '13 at 23:26
ultorianultorian
613
613
bumped to the homepage by Community♦ 3 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 3 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
0
Not sure if this is your issue but in looking at your config file it looks like you have some typos in it.
Example
This block looks like it has too many closing braces (};).
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
Should be this, no?
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; }
};
Cleaned up version of your named.conf file.
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.10/24;};
zone "clase.net" {
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; };
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; };
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18; };
};
};
wrong client network?
These lines look incorrect to me:
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
Should be this, no?
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.0/8; }
};
};
References
- BIND 9 Configure Views To Partition External and Internal DNS Information
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
|
show 5 more comments
0
Finally found out how to do it.
Requires the TSIG keys to differentiate the 2 zones.
Example
answered Oct 27 '13 at 9:47
ultorianultorian
613
2
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
1
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
add a comment |
0
-Here take a look!!!
named.conf
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/t-sig.key";
named.conf.options
acl internals {
127.0.0.0/8;
10.0.0.0/8;
};
options {
directory "/var/cache/bind";
allow-recursion { internals; };
allow-query-cache { internals; };
allow-query { internals; };
dnssec-enable yes;
dnssec-validation yes;
forwarders {
// -Google - JUST FOR SAMPLE!!!
8.8.4.4;
8.8.8.8;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
include "/etc/bind/zones.rfc1918";
acl internals {
127.0.0.0/8;
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "sample.net" {
type master;
file "/etc/bind/db.sample.net";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/127.in-addr.arpa";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.in-addr.arpa";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/0.in-addr.arpa";
allow-query { internals; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/255.in-addr.arpa";
allow-query { internals; };
};
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f96895%2fsplit-dns-bind9-match-clients-any-doesnt-work%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Not sure if this is your issue but in looking at your config file it looks like you have some typos in it.
Example
This block looks like it has too many closing braces (};).
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
Should be this, no?
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; }
};
Cleaned up version of your named.conf file.
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.10/24;};
zone "clase.net" {
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; };
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; };
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18; };
};
};
wrong client network?
These lines look incorrect to me:
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
Should be this, no?
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.0/8; }
};
};
References
- BIND 9 Configure Views To Partition External and Internal DNS Information
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
|
show 5 more comments
0
Not sure if this is your issue but in looking at your config file it looks like you have some typos in it.
Example
This block looks like it has too many closing braces (};).
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
Should be this, no?
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; }
};
Cleaned up version of your named.conf file.
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.10/24;};
zone "clase.net" {
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; };
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; };
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18; };
};
};
wrong client network?
These lines look incorrect to me:
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
Should be this, no?
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.0/8; }
};
};
References
- BIND 9 Configure Views To Partition External and Internal DNS Information
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
|
show 5 more comments
0
0
0
Not sure if this is your issue but in looking at your config file it looks like you have some typos in it.
Example
This block looks like it has too many closing braces (};).
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
Should be this, no?
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; }
};
Cleaned up version of your named.conf file.
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.10/24;};
zone "clase.net" {
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; };
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; };
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18; };
};
};
wrong client network?
These lines look incorrect to me:
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
Should be this, no?
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.0/8; }
};
};
References
- BIND 9 Configure Views To Partition External and Internal DNS Information
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
Not sure if this is your issue but in looking at your config file it looks like you have some typos in it.
Example
This block looks like it has too many closing braces (};).
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8;
};
};
};
Should be this, no?
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; }
};
Cleaned up version of your named.conf file.
include "/etc/bind/named.conf.options";
view "internal" {
match-clients { 10.0.0.10/24;};
zone "clase.net" {
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; };
};
};
include "/etc/bind/named.conf.default-zones";
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/internals/db.reverse.net";
allow-transfer { 10.0.0.11/8; };
};
view "external" {
match-clients { any; };
zone "clase.net" {
type master;
file "/etc/bind/externals/db.forward.net";
allow-transfer { 10.0.0.11/18; };
};
};
wrong client network?
These lines look incorrect to me:
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.11/8; }
};
};
Should be this, no?
view "internal" {
match-clients { 10.0.0.0/8;};
zone "clase.net"{
type master;
file "/etc/bind/internals/db.forward.net";
allow-transfer { 10.0.0.0/8; }
};
};
References
- BIND 9 Configure Views To Partition External and Internal DNS Information
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
edited Oct 21 '13 at 1:29
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
answered Oct 21 '13 at 0:44
slm♦slm
256k71544690
256k71544690
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
|
show 5 more comments
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
Thanks for answering, Afraid that removing the named.conf.default-zones from the internal view gives me a fatal error:Default-zones when using view statements, all zones must be in views And ive noticed a silly error of mine. the clients for internal view is 10.0.0.0/8
– ultorian
Oct 21 '13 at 1:03
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
@ultorian - that was gonna be my next question, the IP's were 10.0.0.11/8 which I thought was wrong. Did that resolve the issue then?
– slm♦
Oct 21 '13 at 1:23
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
nope no luck, it was a typo in the code inserted here, not the real code :( I'm actually starting to doubt my "external" network..
– ultorian
Oct 21 '13 at 1:30
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - can you walk me through how the external hosts are querying the DNS server?
– slm♦
Oct 21 '13 at 1:34
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
@ultorian - also you might want to compare your setup to this one, see if you've missed anything? howtoforge.com/two_in_one_dns_bind9_views
– slm♦
Oct 21 '13 at 1:37
|
show 5 more comments
0
Finally found out how to do it.
Requires the TSIG keys to differentiate the 2 zones.
Example
answered Oct 27 '13 at 9:47
ultorianultorian
613
2
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
1
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
add a comment |
0
Finally found out how to do it.
Requires the TSIG keys to differentiate the 2 zones.
Example
answered Oct 27 '13 at 9:47
ultorianultorian
613
2
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
1
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
add a comment |
0
0
0
Finally found out how to do it.
Requires the TSIG keys to differentiate the 2 zones.
Example
answered Oct 27 '13 at 9:47
ultorianultorian
613
Finally found out how to do it.
Requires the TSIG keys to differentiate the 2 zones.
Example
answered Oct 27 '13 at 9:47
ultorianultorian
613
answered Oct 27 '13 at 9:47
ultorianultorian
613
answered Oct 27 '13 at 9:47
ultorianultorian
613
answered Oct 27 '13 at 9:47
ultorianultorian
613
613
2
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
1
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
add a comment |
2
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
1
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
2
2
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
please provide a (full) example in the answer, rather than linking to remote sites (that will happily change URLs,... and no one will be any the wiser). also, if this solves your problem, please accept the answer (even if it's your own)
– umläute
Mar 3 '14 at 9:04
1
1
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
The example you provide is from a master/slave conf; I noticed indeed your configuration in your OP seems correct, does it means you are were dealing with your configuration not working in a SLAVE DNS node? People could not guess. Cheers
– Rui F Ribeiro
Jan 29 '16 at 7:33
add a comment |
0
-Here take a look!!!
named.conf
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/t-sig.key";
named.conf.options
acl internals {
127.0.0.0/8;
10.0.0.0/8;
};
options {
directory "/var/cache/bind";
allow-recursion { internals; };
allow-query-cache { internals; };
allow-query { internals; };
dnssec-enable yes;
dnssec-validation yes;
forwarders {
// -Google - JUST FOR SAMPLE!!!
8.8.4.4;
8.8.8.8;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
include "/etc/bind/zones.rfc1918";
acl internals {
127.0.0.0/8;
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "sample.net" {
type master;
file "/etc/bind/db.sample.net";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/127.in-addr.arpa";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.in-addr.arpa";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/0.in-addr.arpa";
allow-query { internals; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/255.in-addr.arpa";
allow-query { internals; };
};
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
add a comment |
0
-Here take a look!!!
named.conf
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/t-sig.key";
named.conf.options
acl internals {
127.0.0.0/8;
10.0.0.0/8;
};
options {
directory "/var/cache/bind";
allow-recursion { internals; };
allow-query-cache { internals; };
allow-query { internals; };
dnssec-enable yes;
dnssec-validation yes;
forwarders {
// -Google - JUST FOR SAMPLE!!!
8.8.4.4;
8.8.8.8;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
include "/etc/bind/zones.rfc1918";
acl internals {
127.0.0.0/8;
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "sample.net" {
type master;
file "/etc/bind/db.sample.net";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/127.in-addr.arpa";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.in-addr.arpa";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/0.in-addr.arpa";
allow-query { internals; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/255.in-addr.arpa";
allow-query { internals; };
};
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
add a comment |
0
0
0
-Here take a look!!!
named.conf
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/t-sig.key";
named.conf.options
acl internals {
127.0.0.0/8;
10.0.0.0/8;
};
options {
directory "/var/cache/bind";
allow-recursion { internals; };
allow-query-cache { internals; };
allow-query { internals; };
dnssec-enable yes;
dnssec-validation yes;
forwarders {
// -Google - JUST FOR SAMPLE!!!
8.8.4.4;
8.8.8.8;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
include "/etc/bind/zones.rfc1918";
acl internals {
127.0.0.0/8;
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "sample.net" {
type master;
file "/etc/bind/db.sample.net";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/127.in-addr.arpa";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.in-addr.arpa";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/0.in-addr.arpa";
allow-query { internals; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/255.in-addr.arpa";
allow-query { internals; };
};
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
-Here take a look!!!
named.conf
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/t-sig.key";
named.conf.options
acl internals {
127.0.0.0/8;
10.0.0.0/8;
};
options {
directory "/var/cache/bind";
allow-recursion { internals; };
allow-query-cache { internals; };
allow-query { internals; };
dnssec-enable yes;
dnssec-validation yes;
forwarders {
// -Google - JUST FOR SAMPLE!!!
8.8.4.4;
8.8.8.8;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
include "/etc/bind/zones.rfc1918";
acl internals {
127.0.0.0/8;
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "sample.net" {
type master;
file "/etc/bind/db.sample.net";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/127.in-addr.arpa";
allow-query { 127.0.0.0/8; };
allow-transfer { key t-sig.key; };
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.in-addr.arpa";
allow-query { internals; };
allow-transfer { key t-sig.key; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/0.in-addr.arpa";
allow-query { internals; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/255.in-addr.arpa";
allow-query { internals; };
};
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
edited Jan 29 '16 at 3:53
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
answered Jan 29 '16 at 3:20
Joke Sr. OKJoke Sr. OK
6191510
6191510
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f96895%2fsplit-dns-bind9-match-clients-any-doesnt-work%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
