Yet another Xfer problem
Danny Mayer
mayer at gis.net
Sat Jan 19 20:55:44 UTC 2002
At 08:38 AM 1/19/02, Bill Stephens wrote:
>Danny Mayer <mayer at gis.net> wrote in message
>news:<a2aefs$nac at pub3.rc.vix.com>...
> > At 02:30 PM 1/18/02, Bill Stephens wrote:
> >
> > >I'm having problems with some IXFR zone transfers to one of my DNS
> > >servers. The message log gives me the following error "premature EOF,
> > >fetching "some zone". I don't think this is a memory issue, the
> > >primary server (and secondary for that matter) is a Linux machine with
> > >512 mb memory 512 mb swap space, and DNS is pretty much the only
> > >application on the server. The server is able to process some zones
> > >between the primary and secondary, but consistantly I have one zone
> > >that only seems to be able to tansfer if I wipe it out on the
> > >secondary and restart, forcing an axfr. I have another secondary
> > >pointing to the same primary, using AXFR's, and it's not having any
> > >problems transferring the zone. It's a fairly small zone with < 100
> > >entries. I've upgraded both the primary and slave to BIND 8.2.5 to
> > >see if that would improve things, no dice. Any other ideas what might
> > >be going wrong?
> >
> > Try setting transfer-format one-answer in named.conf either in options
> > (to make it global) or server for a specific server. It may be having
> problems
> > with the many-answers transfer format. You didn't say what version of BIND
> > each side of transfer is being used or on what O/S.
> >
> > Danny
>
>Thanks, I tried setting it to one-answer and got a different result.
>The one-answer gave a "no TSIG present (-10)" for the zone. I double
>checked the TSIG's, they're good, I'm getting transfers from other
>zones between the same server pair. I turned off ixfr, and the
>transfers flowed without any problems. I really think it's related to
>the ixfr's, since axfr's between the the two servers work fine.
>
>On both sides, I'm running RedHat Linux 7.0, and BIND 8.2.5.
You might try upgrading to 8.3.0. I saw this in the 8.3.0 release notes:
1310. [bug] TSIG signed IXFR's wern't correctly verified.
1287. [bug] named-xfer could report false TSIG failures under
certian conditions.
1270. [bug] AXFR style IXFR responses were not handled properly,
transfer-format single-answer.
Each and every one of them could be what is causing your failures. Try it
and see if it now works with BIND 8.3.0.
Danny
More information about the bind-users
mailing list