我已经有一个类似的configuration工作在另一台主机与BIND 8.4.7
我正在迁移到一个新的名称服务器,所以我决定将BIND升级到9.7.3
configuration类似于这个,但我已经添加了一些宽松的(也许是冗余的)限制,试图使其工作。
//named.conf options { listen-on-v6 { any; }; listen-on { any; }; }; acl "lan" { 127.0.0.1; 192.168.x.0/24; }; view "internal" { match-clients { "lan"; }; match-destinations { any; }; zone "foo.com" IN { type master; allow-query { any; }; allow-recursion { any; }; file "foo.com.internal.hosts"; }; }; view "external" { match-clients { any; }; match-destinations { any; }; zone "foo.com" IN { type master; allow-query { any; }; allow-recursion { any; }; file "foo.com.hosts"; }; }; 在localhost上有一些testing。
//nslookup from localhost > server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 > bar Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find bar: NXDOMAIN
在同一个networking上testing。
//nslookup from "lan" > server 192.168.xy Default server: 192.168.xy Address: 192.168.xy#53 > bar Server: 192.168.xy Address: 192.168.xy#53 ** server can't find bar: NXDOMAIN
从另一个networkingtesting失败。
//nslookup from outside "lan", 192.168.xy NAT'd to 192.168.zy > server 192.168.zy Default server: 192.168.zy Address: 192.168.zy#53 > bar Server: 192.168.zy Address: 192.168.zy#53 ** server can't find bar: REFUSED
所以,我的问题是,为什么这个configuration不适用于较新的BIND?
必须指定准确的远程networking规范,那就是我所发现的“any”不能像我们所期望的那样工作,既没有定义比实际查询名称服务器更广泛的networking,例如,如果外部networking是10.2 .11.0 / 24使用定义为10.2.0.0/23的ACL将不匹配,那是我的问题。