Bind VIEWS -> access denied?



  • Hi all!

    I installed the bind package in my pfSense 2.x (up-to-date).

    I can use the pfSense now as resolver as shown:

    root@srv:/# dig @pfsense www.google.de
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @pfsense www.google.de
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65496
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;www.google.de.                 IN      A
    
    ;; ANSWER SECTION:
    www.google.de.          195     IN      A       216.58.209.131
    
    ;; AUTHORITY SECTION:
    google.de.              84734   IN      NS      ns1.google.com.
    google.de.              84734   IN      NS      ns4.google.com.
    google.de.              84734   IN      NS      ns2.google.com.
    google.de.              84734   IN      NS      ns3.google.com.
    
    ;; ADDITIONAL SECTION:
    ns1.google.com.         171073  IN      A       216.239.32.10
    ns2.google.com.         171073  IN      A       216.239.34.10
    ns3.google.com.         171073  IN      A       216.239.36.10
    ns4.google.com.         171073  IN      A       216.239.38.10
    
    ;; Query time: 2 msec
    ;; SERVER: 192.168.10.2#53(192.168.10.2)
    ;; WHEN: Sun Oct 18 20:56:44 2015
    ;; MSG SIZE  rcvd: 193
    

    All seems to be fine. Now I added a zone as a slave zone. Let's call it "local.de". The master server is configured and allows zone transfers.
    See (reverse) log file, so far it is great:

    Oct 18 20:27:32 	named[61931]: running
    Oct 18 20:27:32 	named[61931]: all zones loaded
    Oct 18 20:27:32 	named[61931]: zone local.de/IN/LOCAL: loaded serial 176
    

    I let the ACL settings on the default values so I have any, none, localhost and localnet.
    Then I added a VIEW called "LOCAL" and used for "match-clients" the default ACL "any".

    Now I created a new ZONE (as slave zone), configured the master server properly and assigned the VIEW "LOCAL" to it.

    I still can query the named with any hostnames- but it gives me no result for my "local.de". The log file states "access denied":

    Oct 18 21:02:28 	named[41114]: client 192.168.10.10#48569 (www.local.de): view LOCAL: query 'www.local.de/A/IN' denied
    

    Anyone having a clue what I did wrong here?

    Thanks!

    /KNEBB



  • Hi!

    Solved it on my own!

    I had to set the "allow-query" to localhost and localnets. Even though this setting seems to be irrelevant as it is under the "Master Zone Configuration" part….

    Now it is working fine!

    /KNEBB


Log in to reply