BIND - SERVFAIL errors when using views

domain-name-system bind dns-zone

5,299

Changed this:

view "insideview" {
match-clients { 192.168.100.202; };

zone "internal" IN {

to this:

view "insideview" {
  match-clients { 192.168.100.102; };

  zone"testlab.net" IN {

Now works as expected.

5,299

user53029

Updated on September 18, 2022

Comments

user53029 almost 2 years

Running bind 9.8.2 and getting servfail errors when querying a host that resides in one of my views. Here is a snip of my conf file.

view "insideview" {
    match-clients { 192.168.100.202; };

    zone "internal" IN {
        type master;
        file "/var/named/db.internal.com";
        notify yes;
        allow-update { none; };
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
};

view "external" {
    match-clients { any; };

    extzone1
    extzone2
    extzone3
    extzone4 
    etc, etc...
};

The failures only occur when my client that's in the match list (192.168.100.102) tries to query a host in the internal zone in the internal.com db file. Here is my db file.

$TTL    86400

@       IN      SOA     dns.testlab.net. root.testlab.net. (
                      2015012877
                      28800   ; refresh  8 hours
                      7200    ; retry    2 hours
                      864000  ; expire  10 days
                      86400  ; min ttl  1 day
)
                    IN      NS       dns.testlab.net.

server1             IN      A       192.168.155.206

So when I query server1.testlab.net from 192.168.100.202 I get the servfail. I turned up debugging and here is output from logging.

12-Aug-2016 10:57:59.764 query-errors: debug 1: client  192.168.100.202#41591: view insideview: query failed (SERVFAIL) for  server1.testlab.net/IN/A at query.c:6569
12-Aug-2016 10:57:59.764 query-errors: debug 2: fetch completed at  resolver.c:3076 for server1.testlab.net/A in 0.000047: failure/success  [domain:testlab.net,referral:0,restart:1,qrysent:0,timeout:0,lame:0,nete rr:0,badresp:0,adberr:2,findfail:0,valfail:0]

And here is what /var/log/messages looks like after a service reload:

 received control channel command 'reload'
 loading configuration from '/etc/named.conf'
 reading built-in trusted keys from file '/etc/named.iscdlv.key'
 using default UDP/IPv4 port range: [1024, 65535]
 using default UDP/IPv6 port range: [1024, 65535]
 no IPv6 interfaces found
 sizing zone task pool based on 18 zones
 Warning: view insideview: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
 Warning: view extview: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
 reloading configuration succeeded
 reloading zones succeeded
 zone internal/IN/insideview: loaded serial 2015012877
 zone testlab.net/IN/extview: zone serial (2015091713) unchanged. zone may fail to transfer to slaves.
 zone testlab.net/IN/extview: loaded serial 2015091713
 received control channel command 'stats'
 dumpstats complete

If I query the DNS server from another host IP that falls in the "any" list I can get a result returned, but only for zones listed in the "external" view, so that works as expected. Can anyone help me figure out why my internal view is not working?