LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-01-2017, 07:43 PM   #1
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
BIND madness


I have a system that automatically installs BIND 9 on a Debian derivative. It also starts BIND, and everything is OK.

When I restart BIND (systemctl restart bind9), it immediately complains and stops. The error message is:
Code:
/etc/bind/named.conf.options:22: undefined ACL '10.3.3.101:5354'
You can admire the options file at the end. I can't see anything wrong in it. Neither can this guy:
Code:
# named-checkconf /etc/bind/named.conf
# named-checkconf /etc/bind/named.conf.options
#
I swear on everything dear to me that the options file is in its original form (i.e. the form it was in when the name daemon started without any problem). The timestamp proves it.

Apart from tracing the source code, what can I do to understand what's going on in BIND's warped mind?

Here is the option file:
Code:
# cat /etc/bind/named.conf.options

// This file has been generated by ansible from
// bind/templates/named.conf.options.j2
// It contains the HOS values that apply only to the
// bind service. You may make changes to this file by adding
// sections/options below.

include "/etc/bind/rndc.key";

options {
        directory "/var/cache/bind";

        allow-new-zones yes;
        dnssec-validation auto;
        auth-nxdomain no;
        recursion no;
        minimal-responses yes;

        listen-on port 53 { 10.3.3.101; };
        listen-on port 53 { 10.3.4.2; };

        allow-notify { 10.3.3.101:5354; 10.3.3.102:5354; 10.3.3.103:5354;  };
};

controls {
        inet 10.3.3.101 port 953 allow { 0.0.0.0/0; } keys { "rndc-key"; };
};
 
Old 10-01-2017, 08:03 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,332

Rep: Reputation: Disabled
The allow-notify option takes parameters in the form of one or more address match lists.

named-checkconf doesn't complain because the line itself is syntactically correct; it just assumes that you have an address match list called "10.3.3.101:5354".

To make it work, you first need to define an address match list containing the IP addresses you want to allow, and then reference this list in the allow-notify statement.

Also, I don't think you can specify port numbers in an address match list, only addresses/networks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
creating domain name in bind problems exposing bind to internal network abhijit_mohanta Linux - Networking 1 09-03-2009 02:09 AM
creating domain name in bind problems exposing bind to internal network abhijit_mohanta Linux - Security 1 09-03-2009 02:01 AM
Bind problem: config files are missing after re-install bind 9.5 on Fedora Core 8 elvisious Linux - Software 1 07-15-2008 08:49 PM
More printer madness....... :O M$ISBS Linux - Newbie 15 02-14-2008 11:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration