[2.x] BIND config should include option "empty-zones-enable no"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Invalid
|
High
|
Andres Rodriguez | ||
2.2 |
Won't Fix
|
High
|
Andres Rodriguez |
Bug Description
Somewhat recently BIND upstream changed the default behavior with respect to forwarding DNS queries matching RFC 1918 prefixes (private subnets). The new default is effectively to block such queries.
This breaks what I imagine is a common use case for MAAS: A MAAS deployment using a private address range (e.g. 10.0.4.0/24) in a larger private network (e.g. 10.0.0.0/16) with internal DNS.
If a MAAS host does a reverse (PTR) query for an address outside the range managed by MAAS, the MAAS DNS server will not forward it to any configured upstream DNS servers.
The fix is to add the following line to /etc/bind/
empty-
Currently running maas 2.1.4+bzr5591-
Changed in maas: | |
assignee: | nobody → Andres Rodriguez (andreserl) |
Changed in maas: | |
milestone: | 2.3.0 → 2.3.x |
Hi Nathaniel,
I was wondering if you have upgraded to the latest MAAS 2.2.0 and whether this is still relevant?
Thanks.