help with NAMED - VMS

This is a discussion on help with NAMED - VMS ; Process Software MultiNet V5.2 Rev A-X, COMPAQ AlphaServer DS20E 833 MHz, OpenVMS AXP V8.2 After the upgrade to the most recent NAMED image the name server answers "query refused" to query coming from external (not localhost) clients. -. The name ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: help with NAMED

  1. help with NAMED

    Process Software MultiNet V5.2 Rev A-X, COMPAQ AlphaServer DS20E 833 MHz,
    OpenVMS AXP V8.2

    After the upgrade to the most recent NAMED image the name
    server answers "query refused" to query coming from external (not localhost)
    clients.

    -. The name server process is running (show system).
    -. I have no allow-query definition in my named config file.
    -. If I remove the new image, the name server start to work again.
    -. This is the first named upgrade for Multinet 5.2 that I have done.
    -. I know (from a site with a similar configuration) that the problem
    appeared since the recent ISC security patch, infact I wait until
    now to do the upgrade on my prodution system.

    What can I do to trace the problem?

    Thanks,
    Francesco

  2. Re: help with NAMED

    Hi Jeremy,

    thank you a lot for your useful answer.
    The problem was exactly what you have described.

    It is strange that there is no hilight about this important change in
    the patch release notes (or perhaps I have missed it).

    Thanks, :-)
    Francesco

    > Hi Francesco,


    > >Process Software MultiNet V5.2 Rev A-X, COMPAQ AlphaServer DS20E 833 MHz,
    > >OpenVMS AXP V8.2
    > >
    > >After the upgrade to the most recent NAMED image the name
    > >server answers "query refused" to query coming from external (not localhost)
    > >clients.


    > I was told by PSC support that the patch implemented a change in behaviour
    > for the allow-query options. The previous behaviour allowed queries from
    > anywhere; the patch changed the default to allow queries only from your
    > local network.


    > If the server in question is supposed to answer queries from external hosts
    > you will have to add this to NAMED.CONF:


    > /* Allow anyone to query us, but only local hosts can use this */
    > /* nameserver for general lookups. All others can query only */
    > /* for domains we are authoratitive for. */


    > allow-query { any; };
    > allow-recursion { 127.0.0.1; a.b.c.d/m; };


    > where 'a.b.c.d/m' is your network starting address and size, e.g. 192.168.1.0/24


    > >-. The name server process is running (show system).
    > >-. I have no allow-query definition in my named config file.
    > >-. If I remove the new image, the name server start to work again.
    > >-. This is the first named upgrade for Multinet 5.2 that I have done.
    > >-. I know (from a site with a similar configuration) that the problem
    > >appeared since the recent ISC security patch, infact I wait until
    > >now to do the upgrade on my prodution system.


    > >What can I do to trace the problem?


    > >Thanks,
    > >Francesco



    > Regards,


    > Jeremy Begg


    > +---------------------------------------------------------+
    > | VSM Software Services Pty. Ltd. |
    > | http://www.vsm.com.au/ |
    > | "OpenVMS Systems Management & Programming" |
    > |---------------------------------------------------------|
    > | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
    > | South Australia 5081 | Phone: +61 8 8221 5188 |
    > |---------------------------| Mobile: 0414 422 947 |
    > | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
    > +---------------------------------------------------------+


+ Reply to Thread