zone transfers fail
Christopher L. Everett
ceverett at cobalt.physemp.com
Mon Feb 3 03:17:44 UTC 2003
I guess you cant leave anything unspoken anywhere you go, so I'd better put both
the full configuration files frm the master and the slave on the list:
// master server named.conf
acl "my-dns-ip" {
localhost;
207.177.51.227;
};
acl "primary-dns-ip" {
207.177.51.227;
};
acl "secondary-dns-ips" {
207.177.51.228;
};
acl "local-ips" {
207.177.51.224/28;
207.177.73.224/28;
localhost;
};
acl "natel-dns-ips" {
207.177.74.108;
207.177.74.118;
};
acl RFC1918 {
0.0.0.0/7; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
};
options {
directory "/var/cache/bind";
listen-on { my-dns-ip; };
listen-on-v6 { none; };
blackhole { RFC1918; };
forwarders { 207.177.74.118; 207.177.74.108; };
allow-query { local-ips; natel-dns-ips; };
allow-recursion { local-ips; };
allow-transfer { localhost; primary-dns-ip; secondary-dns-ips; };
auth-nxdomain yes; # conform to RFC1035
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-transfer { localhost; };
allow-update { none; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
allow-transfer { localhost; };
allow-update { none; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
allow-transfer { localhost; };
allow-update { none; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
allow-transfer { localhost; };
allow-update { none; };
};
zone "hospitalpage.com" {
type master;
file "/etc/bind/zones/hospitalpage.com";
allow-query { any; };
allow-update { none; };
};
// end master server named.conf
// slave server named.conf
acl "my-dns-ip" {
localhost;
207.177.51.228;
};
acl "primary-dns-ip" {
207.177.51.227;
};
acl "secondary-dns-ips" {
207.177.51.228;
};
acl "local-ips" {
207.177.51.224/28;
207.177.73.224/28;
localhost;
};
acl RFC1918 {
0.0.0.0/7; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
};
options {
directory "/var/cache/bind";
listen-on { my-dns-ip; };
forwarders { 207.177.74.118; 207.177.74.108; };
allow-query { local-ips; };
allow-recursion { local-ips; };
blackhole { RFC1918; };
listen-on-v6 { none; };
auth-nxdomain yes; # conform to RFC1035
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-transfer { localhost; };
allow-update { none; };
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
allow-transfer { localhost; };
allow-update { none; };
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
allow-transfer { localhost; };
allow-update { none; };
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
allow-transfer { localhost; };
allow-update { none; };
};
zone "hospitalpage.com" {
type slave;
file "hospitalpage.com.db";
masters { 207.177.51.227; };
allow-notify { primary-dns-ip; };
allow-transfer { none; };
allow-query { any; };
};
// end slave server named.conf
For reference, this is the error I get in th master server daemon.log:
Feb 1 22:11:14 lists named[210]: client 207.177.51.228#1234: zone transfer 'hospitalpage.com/IN' denied
And the corresponding errors in the salve server daemon.log:
Feb 1 22:12:25 silicon named[158]: transfer of 'hospitalpage.com/IN' from 207.177.51.227#53: failed while receiving responses: REFUSED
Feb 1 22:12:25 silicon named[158]: transfer of 'hospitalpage.com/IN' from 207.177.51.227#53: end of transfer
--
Christopher L. Everett
Chief Technology Officer
The Medical Banner Exchange
Physicians Employment on the Internet
More information about the bind-users
mailing list