Hi there,
I've seen this message in my nameserver's syslog:
named[29961]: client 194.246.96.75#57373: query (cache) denied
I wonder whether my access permissions might be too strict?!
The above client is one of DENIC's nameservers (DENIC is the association that
administers DE domains,) and I've just (successfully) transferred half a dozen
of domains to this host. I don't know whether this was a singular case, or
whether there will be future attempts by other clients (be it nameservers, be
it end-user machines) that may be denied (but shouldn't.)
Here's part of my named.conf:
acl "my-acl" {
127.0.0.0/8;
xxx.xxx.yyy.z; // secondary NS
xxx.xxx.xyz.abc; // primary NS for some domains
xxx.xxx.zzz.bc; // THIS host
aa.bbb.cc.ddd; // my home machine, for testing purposes
};
options {
allow-transfer {
my-acl;
};
allow-recursion {
localhost;
};
// Disable general queries (i.e. for domains we don't own)
// except from local machine
allow-query {
localhost;
};
}
zone "Sample.NET" {
type master;
file "/etc/bind/db.Sample.NET";
forwarders {
// none
};
allow-query { any; };
};
Any advice on this matter?
Thanks,
Ralf
--
L I N U X .~.
The Choice /V\
of a GNU /( )\
Generation ^^-^^
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
