Zone Transfer Problem - Keep getting not authoritative
Mark A. Moore
mmoore at osmre.gov
Fri Jan 16 11:00:48 UTC 2009
We are having some issues with zone transfers b/t our Master & Slave. We
are using Redhat Linux 5.2 with Bind 9.3.4. In our slave server log, we
get "not authoritative" for all zones configured. How do we fix the not
authoritative issue? Any help would be greatly appreciated. Information
provided has been sanitized a bit. As part of testing, if I created a
sample fake domain (ie. Youtube.com) and place in the internal-in view
area as a zone, they transfer with no problems. For anything in the
external-in view doesn't transfer.
Sample log message:
received notify for zone 'omitted': not authoritative
Master Named.conf
// Set up ACLs
acl "xfer" {
omitted;
};
acl "trusted" {
omitted
localhost;
};
acl "bogon" {
omitted
};
logging {
omitted
};
// Set options for security
options {
directory "/var/named";
pid-file "data/named.pid";
statistics-file "data/named.stats";
memstatistics-file "data/named.memstats";
dump-file "data/named.dump";
zone-statistics yes;
listen-on { omitted; };
transfer-source "10.1.1.1" port 53;
interface-interval 0;
# hide our "real" version number
version "[secured]";
notify yes;
transfer-format many-answers;
max-transfer-time-in 60;
allow-transfer { xfer; };
allow-query { trusted; };
blackhole { bogon; };
};
view "internal-in" in {
match-clients { trusted; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "db.rootcache";
};
zone "localhost" in {
type master;
file "db.127.0.0";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "localhost.rev";
};
};
// Create a view for external DNS clients.
view "external-in" in {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// Link in our zones
zone "." in {
type hint;
file "db.rootcache";
};
zone "localhost" in {
type master;
file "db.127.0.0";
allow-query { any; };
allow-transfer { 10.1.1.2; };
};
zone "mydomain.com" in {
type master;
file "mydomain.com.hosts";
allow-query { any; };
allow-transfer { 10.1.1.2; };
also-notify { 10.1.1.2; };
};
zone "1.1.10.in-addr.arpa" in {
type master;
file "1.1.10.rev";
allow-query { any; };
allow-transfer { 10.1.1.2; };
also-notify { 10.1.1.2; };
};
zone "2.1.10.in-addr.arpa" in {
type master;
file "2.1.10.rev";
allow-query { any; };
allow-transfer { 10.1.1.2; };
also-notify { 10.1.1.2; };
};
};
Slave Named.conf
// Set up ACLs
acl "xfer" {
none;
};
acl "trusted" {
omitted
localhost;
};
acl "bogon" {
omitted
};
logging {
omitted
};
// Set options for security
options {
directory "/var/named";
pid-file "data/named.pid";
statistics-file "data/named.stats";
memstatistics-file "data/named.memstats";
dump-file "data/named.dump";
zone-statistics yes;
listen-on { 10.1.1.2; };
transfer-source 10.1.1.2 port 53;
interface-interval 0;
# hide our "real" version number
version "[secured]";
notify no;
transfer-format many-answers;
max-transfer-time-in 60;
allow-transfer { xfer; };
allow-query { trusted; };
blackhole { bogon; };
};
view "internal-in" in {
match-clients { trusted; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "db.rootcache";
};
zone "localhost" in {
type master;
file "db.127.0.0";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "localhost.rev";
allow-query { any; };
allow-transfer { none; };
};
};
// Create a view for external DNS clients.
view "external-in" in {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// Link in our zones
zone "." in {
type hint;
file "db.rootcache";
};
zone "localhost" in {
type master;
file "db.127.0.0";
};
zone "mydomain.com" in {
type slave;
masters { 10.1.1.1; };
file "slaves/bak.mydomin.com.hosts";
allow-query { any; };
allow-transfer { none; };
};
zone "1.1.10.in-addr.arpa" in {
type slave;
file "slaves/bak.1.1.10.rev";
allow-query { any; };
allow-transfer { none; };
masters { 10.1.1.1; };
};
zone "2.1.10.in-addr.arpa" in {
type slave;
file "slaves/bak.2.1.10.rev";
allow-query { any; };
allow-transfer { none; };
masters { 10.1.1.1; };
};
};
Thx for any help provided.
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090116/6eaa1196/attachment.html>
More information about the bind-users
mailing list