axfr fails, telnet to 53 works
/dev/rob0
rob0 at gmx.co.uk
Fri Jun 10 02:46:48 UTC 2005
Sorry, this might be a routing or firewall issue, but I'm hoping perhaps
someone here can help anyway. I maintain my own internal DNS over a
network of VPN links. The master server died recently and I replaced it
with a machine on another IP. But I did bind the old IP, 192.168.6.1, to
the new master.
The client at 10.27.1.3 can't do a zone transfer. All the following
commands are on that machine. It can route there through the VPN:
$ traceroute 192.168.6.1
traceroute to 192.168.6.1 (192.168.8.101), 30 hops max, 38 byte packets
1 fw (10.27.1.1) 0.179 ms 0.083 ms 0.068 ms
2 192.168.6.1 (192.168.6.1) 35.087 ms 40.455 ms 38.363 ms
It can ping and get replies:
$ ping -c2 192.168.6.1
PING 192.168.6.1 (192.168.6.1): 56 octets data
64 octets from 192.168.6.1: icmp_seq=0 ttl=63 time=52.0 ms
64 octets from 192.168.6.1: icmp_seq=1 ttl=63 time=34.4 ms
--- 192.168.6.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 34.4/43.2/52.0 ms
Individual queries, both UDP and TCP, work:
$ host 192.168.6.1 192.168.6.1
Using domain server:
Name: 192.168.6.1
Address: 192.168.6.1#53
Aliases:
1.6.168.192.in-addr.arpa domain name pointer master.lan.
$ host -T 192.168.6.1 192.168.6.1
Using domain server:
Name: 192.168.6.1
Address: 192.168.6.1#53
Aliases:
1.6.168.192.in-addr.arpa domain name pointer master.lan.
But here's axfr:
$ dig @192.168.6.1 master.lan. axfr
; <<>> DiG 9.2.1 <<>> @192.168.6.1 master.lan. axfr
;; global options: printcmd
;; connection timed out; no servers could be reached
This is logged on the server:
Jun 9 20:50:25 whn named[1376]: client 10.27.1.3#33948: transfer of
'master.lan/IN': AXFR started
10.27.0.0/16 is in an ACL which is included in an allow-transfer
directive for the master.lan. zone on the server.
The OS is Slackware Linux, a hybrid of 9.1 through 10.1, and the BIND
version on the server is a bit old, 9.2.3. I'll try upgrading that and
will report back on whether it worked. The client is older, Slackware
8.1 and BIND 9.2.1, as you can see above. Could that be the problem?
The main IP on the interface was assigned by a stupid router (the server
that died had also been my DHCP server and Internet gateway.) The main
IP is 192.168.0.102 with a /16 netmask.
Any ideas about how to troubleshoot this will be appreciated. Oh, and of
course it used to work on the old server, which had the same BIND version.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list