BIND DNS Setup Idea?
Fun with BIND and OS X Server. Those who know, know.
What I am trying to archive is to have full control over my domain forward and reverse DNS. I already got the ISP to point to my rDNS they used a "-" instead of "/" so not sure how BIND sees that yet. I have read it's the same only a syntax change. Now to my problem.
I setup the reverse Zone file correctly and all the response to Local CLI where perfect, host, nslookup, dig, etc, including dscacheutil The problem was letting the outside world see it. Every Query that started to come in was (denied) PTR, A, etc. I tried a bunch of different entire to the named.conf and then to the SA file "publicView.conf.apple"
I tried "allow-query { any; };" both in zone list and in named.conf. I tried "query-source address * port *;" since I saw from the logs that the (denied) queries came in on none 53 ports. Nothing I had tried would allow a Query of the 208-28.xx.xxx.xxx.in-addr.arpa. zone. Mind you outside queries of forward DNS worked and local queries of both Fwd an Rev worked.
In the end I had to open the "allow-recursion {"com.apple.ServerAdmin.DNS.public";};" to "any" and it worked. Now I can not or do not want to leave it this way and also I currently broke SA access to the files.
So Option?
1. Can anyone tell me what I can do to keep the allow-recursion ACL in place but allow queries to my 208-28.xx.xxx.xxx.in-addr.arpa. zone to work?
2. If "allow-recursion" has to be open for rDNS to work can I create "view "all" { zone "208-28.xx.xxx.xxx.in-addr.arpa" IN { type master; ...};}; type entry in the named.conf after (or before) "include "/etc/dns/publicView.conf.apple";"? I would also put back the default rDNS zone so SA will work but I'll manually edit the custom rDNS zone.
My thing is I am no BIND expert and not sure if I can have 2 "view" statements or if it should go before or after the "include" in named.conf.
Any help will get you a gold star, lol.
Mac Pro, Mac OS X (10.6.8), Server 2 x 2.66Ghz intel Xeon 2006