> On Oct 15, Andris Kalnozols wrote:
>
> Summary: I'm trying to make version.bind and the other similar labels
> available even if options { allow-query { } } restricts queries by
> default.
>
> >Here's how we do this at HP Labs:

> No luck...
>
> I tried this:
>
> view "chaos" chaos {
> match-clients { any; };
> allow-query { any; };
> allow-recursion { any; };
> zone "." {
> type hint;
> file "/dev/null";
> };
> };
>
> But now I get a SERVFAIL:
>
> md@wonderland:~$bindver 213.92.8.2
> VERSION.BIND TXT record in class CH not found, server failure
> md@wonderland:~$
>
> The debugging log is not helpful:
>
> Oct 15 14:43:44.052 client: debug 3: client 151.44.134.16#51090: UDP request
> Oct 15 14:43:44.052 client: debug 5: client 151.44.134.16#51090: using view 'chaos'
> Oct 15 14:43:44.052 client: debug 3: client 151.44.134.16#51090: query
> Oct 15 14:43:44.052 client: debug 10: client 151.44.134.16#51090: ns_client_attach: ref = 1
> Oct 15 14:43:44.053 client: debug 3: client 151.44.134.16#51090: replace
> Oct 15 14:43:44.053 general: debug 3: clientmgr @0x100ae438: createclients
> Oct 15 14:43:44.053 general: debug 3: clientmgr @0x100ae438: recycle
> Oct 15 14:43:44.053 resolver: debug 1: createfetch: VERSION.BIND TXT
> Oct 15 14:43:44.053 resolver: debug 3: fctx 0x10783270: create
> Oct 15 14:43:44.053 client: debug 3: client 151.44.134.16#51090: error
> Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: send
> Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: sendto
> Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: senddone
> Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: next
> Oct 15 14:43:44.054 client: debug 10: client 151.44.134.16#51090: ns_client_detach: ref = 0
> Oct 15 14:43:44.054 client: debug 3: client 151.44.134.16#51090: endrequest
>
>
> Your recipe for BIND 8 does not work either, because the loaded zone
> masks the RR which are usually generated by BIND.
>
> --
> ciao, |
> Marco | [8576 caeWxBWD.4/Pk]



Sorry, I didn't follow this thread from the original post and just
jumped in with a conventional recipe. Here's how to get what you
want:

Move your `allow-query { friends; };' statement out of the global
options and into a view that defines your zones in the IN class,
e.g.,

options {
directory "/var/cache/bind";

allow-recursion { friends; };
...
};

view "default" in {
match-clients { any; };
allow-query { friends; };

zone "bofh.it" {
type master;
...
};
...
};

The default global option of `allow-query { any; };' will still be
in effect for queries in the CHAOS class that match BIND9's built-in
"_bind" view.


Andris