Hi,

OS: FreeBSD 5.3 with Jail system.
BIND: 9.3.0 (no chroot)

HOST: 192.168.1.1 (ANUBIS)
DNS JAIL IP: 192.168.1.2 (THOT)

Everything works very well but i ve strange somethings in log.

When i activated querylog (rndc querylog), i ve loop query from the dns itself:

[...]
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#63917: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#65331: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#49792: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#51018: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#63537: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#62296: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#52123: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#53431: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#63788: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#59672: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#57211: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#65058: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#56968: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#52403: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#55472: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#59002: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#65469: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
Jan 2 15:47:58 thot named[86454]: client 192.168.1.2#51115: view internal: query: 2.1.168.192.in-addr.arpa IN PTR +
[...]

anubis# grep "view internal: query: 2.1.168.192.in-addr.arpa" /var/log/all.log | wc -l
1272808
:-((


If i dig this entry, it works:

thot# dig 2.1.168.192.in-addr.arpa PTR

; <<>> DiG 9.3.0 <<>> 2.1.168.192.in-addr.arpa PTR
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10916
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;2.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
2.1.168.192.in-addr.arpa. 3600 IN PTR thot.crystunix.com.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 3600 IN NS ns1.coltfrance.com.
1.168.192.in-addr.arpa. 3600 IN NS ns0.crystunix.com.
1.168.192.in-addr.arpa. 3600 IN NS ns0.coltfrance.com.

;; ADDITIONAL SECTION:
ns0.crystunix.com. 600 IN A 192.168.1.2
ns0.coltfrance.com. 170896 IN A 195.68.0.11
ns1.coltfrance.com. 170896 IN A 195.68.0.12

;; Query time: 76 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Sun Jan 2 15:45:05 2005
;; MSG SIZE rcvd: 187

My reverse zone:

thot# cat /etc/namedb/internal/rev/1.168.192.in-addr.arpa.db
$TTL 3600

@ IN SOA ns0.crystunix.com. thot.crystunix.com. (
2004042605 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum

IN NS ns0.crystunix.com.
IN NS ns0.coltfrance.com.
IN NS ns1.coltfrance.com.

1 IN PTR seth-gw.crystunix.com.
2 IN PTR thot.crystunix.com.
5 IN PTR andi.crystunix.com.
20 IN PTR portable.crystunix.com.


I'm using "view" for local network and for internet.
Only local view has recursion.

For crystunix.com zone, in internet view, i m using public ip and private ip for internal view.

My configuration (named.conf):

###############################
## ACL #####
##############################

acl home {
localhost;
192.168.1.0/24;
192.168.2.0/24;
192.168.3.0/24;
10.0.0.0/24;
195.68.88.112/29;
};

acl gok {
82.66.146.120/32;
};

acl tayo {
213.56.44.210/32;
};

acl thot {
192.168.1.2/32;
};


###################################
####### OPTIONS ##########
###################################

options {

directory "/etc/namedb";
version "THOT Server";
pid-file "/var/run/named/pid";

query-source address 192.168.1.2 port *;
listen-on port 53 { 192.168.1.2; };

datasize default;
stacksize default;
coresize default;
files unlimited;
notify yes;
auth-nxdomain yes;

lame-ttl 444;
transfer-format one-answer;

cleaning-interval 60;
interface-interval 60;

transfers-in 20;
transfers-per-ns 10;
transfers-out 10;
max-transfer-time-in 4;

};

#####################################
#### RNDC KEY CONFIGURATION ###
#####################################


Include "/etc/namedb/rndc.key";

controls {
inet 192.168.1.2 allow { 192.168.1.2; } keys { rndc-key; };
};

######################################
### LOG #####
######################################


// reduce log verbosity on issues outside our control
logging {
channel queries {
syslog local7;
severity info;
};
category lame-servers { null; };
# category cname { null; };

};

#########################################
#### VUE RESEAU LOCAL ###
#########################################

view "internal" {
match-clients { home; };
recursion yes;
allow-query { home; };

forwarders {
195.68.0.1;
195.68.0.2;
};

zone "." {
type hint;
file "named.root";
};


zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "/etc/namedb/internal/rev/localhost.rev";
};

zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/internal/rev/1.168.192.in-addr.arpa.db";
};

zone "2.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/internal/rev/2.168.192.in-addr.arpa.db";
};

zone "3.168.192.in-addr.arpa" {
type master;
file "/etc/namedb/internal/rev/3.168.192.in-addr.arpa.db";
};

zone "crystunix.com" {
type master;
file "/etc/namedb/internal/com/crystunix.com.db";
};

};

#########################################
#### VUE EXTERNE ###
#########################################

view "internet" {
match-clients { any; !home; };
recursion no;
allow-transfer { 195.68.1.0/24; 195.68.0.12; 195.68.0.0/25; 195.68.75.0/25; 213.41.78.66; };
allow-query { any; };

zone "crystunix.com" {
type master;
file "/etc/namedb/com/crystunix.com.db";
};


Processus on the jail box:

thot# ps auxw
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 32821 1.7 0.2 1348 780 ?? SsJ 3:00PM 2:03.91 /usr/sbin/syslogd -l /var/run/log -l /var/named/var/run/log -s
root 1061 0.0 0.0 3364 216 ?? SsJ Mon08PM 0:01.38 /usr/sbin/sshd
root 1079 0.0 0.0 1384 248 ?? IsJ Mon08PM 0:03.28 /usr/sbin/cron -s
bind 86454 0.0 1.0 6928 5192 ?? SsJ 3:30PM 4:21.57 /usr/sbin/named -u bind -t /var/named
root 25100 0.0 0.1 1364 716 pg R+J 3:52PM 0:00.00 ps auxw
root 87772 0.0 0.1 2276 752 pg SJ Thu07PM 0:01.19 /bin/csh


I don't know why the dns is querying itself, and any suggestions are welcome.

Thanks in advance and happy new year !

Regards

nicolas