3. Bind VIEWS -> access denied?

Bind VIEWS -> access denied?

  • K

    Hi all!

    I installed the bind package in my pfSense 2.x (up-to-date).

    I can use the pfSense now as resolver as shown:

    root@srv:/# dig @pfsense www.google.de

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @pfsense www.google.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65496
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;www.google.de.                 IN      A

;; ANSWER SECTION:
www.google.de.          195     IN      A       216.58.209.131

;; AUTHORITY SECTION:
google.de.              84734   IN      NS      ns1.google.com.
google.de.              84734   IN      NS      ns4.google.com.
google.de.              84734   IN      NS      ns2.google.com.
google.de.              84734   IN      NS      ns3.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.         171073  IN      A       216.239.32.10
ns2.google.com.         171073  IN      A       216.239.34.10
ns3.google.com.         171073  IN      A       216.239.36.10
ns4.google.com.         171073  IN      A       216.239.38.10

;; Query time: 2 msec
;; SERVER: 192.168.10.2#53(192.168.10.2)
;; WHEN: Sun Oct 18 20:56:44 2015
;; MSG SIZE  rcvd: 193

    All seems to be fine. Now I added a zone as a slave zone. Let's call it "local.de". The master server is configured and allows zone transfers.
    See (reverse) log file, so far it is great:

    Oct 18 20:27:32 	named[61931]: running
Oct 18 20:27:32 	named[61931]: all zones loaded
Oct 18 20:27:32 	named[61931]: zone local.de/IN/LOCAL: loaded serial 176

    I let the ACL settings on the default values so I have any, none, localhost and localnet.
    Then I added a VIEW called "LOCAL" and used for "match-clients" the default ACL "any".

    Now I created a new ZONE (as slave zone), configured the master server properly and assigned the VIEW "LOCAL" to it.

    I still can query the named with any hostnames- but it gives me no result for my "local.de". The log file states "access denied":

    Oct 18 21:02:28 	named[41114]: client 192.168.10.10#48569 (www.local.de): view LOCAL: query 'www.local.de/A/IN' denied

    Anyone having a clue what I did wrong here?

    Thanks!

    /KNEBB

    0
  • K

    Hi!

    Solved it on my own!

    I had to set the "allow-query" to localhost and localnets. Even though this setting seems to be irrelevant as it is under the "Master Zone Configuration" part….

    Now it is working fine!

    /KNEBB

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy