Zone transfer denied errors, Me or my ISP's problem?
Barry Margolin
barmar at genuity.net
Tue Mar 26 15:47:28 UTC 2002
In article <a7q4nl$2uu at pub3.rc.vix.com>, Rick <huntervalley at hotmail.com> wrote:
>
>Hi,
>
>I have just set up my first primary nameserver using Bind 9.1.3 RH
>7.2. I have My primary running with no start up errors and I can use
>it to surf the net. I have been allowed to have a secondary at my isp,
>I have the NS ns.my.isp in the appropriate zone files on my primary.
>noah.maicom.com.au is my primary domain and ampba.asn.au is a hosted
>domain that will be used as a Name Vhost in apache.
>I want to have the secondary to do a transfer of my primary servers
>zone files but I get the following message....
>
>Mar 26 20:33:50 noah named[6392]: client 139.130.4.5#1392: zone
>transfer denied
You have two allow-transfer options, and the second one (which doesn't
contain your ISP's server) is overriding the first one. I suspect the
second one was intended to be something like allow-recursion.
>options {
> directory "/var/named";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
>query-source address * port 53;
>transfer-source * port 53;
>notify-source * port 53;
>auth-nxdomain yes;
>allow-transfer { 139.130.4.5; 203.50.0.24; };
>allow-transfer { 203.50.2.74; 203.50.1.64/26; };
>notify yes;
>
>};
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list