Zone Transfer Problem - Keep getting not authoritative

Mark A. Moore mmoore at osmre.gov
Fri Jan 16 11:00:48 UTC 2009 

We are having some issues with zone transfers b/t our Master & Slave. We
are using Redhat Linux 5.2 with Bind 9.3.4.  In our slave server log, we
get "not authoritative" for all zones configured.  How do we fix the not
authoritative issue? Any help would be greatly appreciated.  Information
provided has been sanitized a bit. As part of testing, if I created a
sample fake domain (ie. Youtube.com) and place in the internal-in view
area as a zone, they transfer with no problems. For anything in the
external-in view doesn't transfer.

 

Sample log message:

received notify for zone 'omitted': not authoritative

 

 

Master Named.conf

// Set up ACLs


acl "xfer" {


omitted;


};


acl "trusted" {


omitted

localhost;


};


 

acl "bogon" {


omitted

};


logging {


omitted

};


// Set options for security


options {


directory "/var/named";

pid-file "data/named.pid";


statistics-file "data/named.stats";


memstatistics-file "data/named.memstats";


dump-file "data/named.dump";


zone-statistics yes;


listen-on { omitted; };


transfer-source "10.1.1.1" port 53;

interface-interval 0;


# hide our "real" version number


  version         "[secured]";


 

notify yes;


transfer-format many-answers;


max-transfer-time-in 60;


allow-transfer { xfer; };

allow-query { trusted; };


blackhole { bogon; };


};


 

view "internal-in" in {


match-clients { trusted; };


recursion yes;


additional-from-auth yes;


additional-from-cache yes;

zone "." in {


        type hint;


        file "db.rootcache";


};


zone "localhost" in {

        type master;

        file "db.127.0.0";

};

zone "0.0.127.in-addr.arpa" in {


        type master;


        file "localhost.rev";


};


};


// Create a view for external DNS clients.


view "external-in" in {


match-clients { any; };


recursion no;


additional-from-auth no;


additional-from-cache no;


// Link in our zones


zone "." in {


type hint;


file "db.rootcache";


};


zone "localhost" in {


        type master;


        file "db.127.0.0";


allow-query { any; };

allow-transfer { 10.1.1.2; };


};


zone "mydomain.com" in {

        type master;


        file "mydomain.com.hosts";


        allow-query { any; };

        allow-transfer { 10.1.1.2; };

        also-notify { 10.1.1.2; };


};

zone "1.1.10.in-addr.arpa" in {


        type master;


        file "1.1.10.rev";


        allow-query { any; };

        allow-transfer { 10.1.1.2; };

        also-notify { 10.1.1.2; };


};


zone "2.1.10.in-addr.arpa" in {


        type master;


        file "2.1.10.rev";


        allow-query { any; };


        allow-transfer { 10.1.1.2; };

        also-notify { 10.1.1.2; };

};


}; 

 

Slave Named.conf

// Set up ACLs


acl "xfer" {


none;


};


acl "trusted" {


omitted

localhost;


};


acl "bogon" {


omitted

};


logging {


omitted


};


// Set options for security


options {


directory "/var/named";


pid-file "data/named.pid";


statistics-file "data/named.stats";


memstatistics-file "data/named.memstats";


dump-file "data/named.dump";


zone-statistics yes;


listen-on { 10.1.1.2; };


transfer-source 10.1.1.2 port 53;

interface-interval 0;


# hide our "real" version number


  version         "[secured]";


notify no;


transfer-format many-answers;


max-transfer-time-in 60;


allow-transfer { xfer; };


allow-query { trusted; };


blackhole { bogon; };


};


 

view "internal-in" in {


match-clients { trusted; };


recursion yes;


additional-from-auth yes;


additional-from-cache yes;


zone "." in {


        type hint;


        file "db.rootcache";


};


zone "localhost" in {

        type master;

        file "db.127.0.0";

};

zone "0.0.127.in-addr.arpa" in {


        type master;


        file "localhost.rev";


                  allow-query { any; };


                  allow-transfer { none; };


};


};


// Create a view for external DNS clients.


view "external-in" in {


match-clients { any; };


recursion no;


additional-from-auth no;


additional-from-cache no;


// Link in our zones


zone "." in {


type hint;


file "db.rootcache";


};


zone "localhost" in {


        type master;


        file "db.127.0.0";


};


zone "mydomain.com" in {


        type slave;


        masters { 10.1.1.1; };

        file "slaves/bak.mydomin.com.hosts";

        allow-query { any; };


        allow-transfer { none; };

};


 zone "1.1.10.in-addr.arpa" in {


        type slave;


        file "slaves/bak.1.1.10.rev";

        allow-query { any; };

        allow-transfer { none; };

        masters { 10.1.1.1; };

};


 zone "2.1.10.in-addr.arpa" in {


        type slave;


        file "slaves/bak.2.1.10.rev";

        allow-query { any; };


        allow-transfer { none; };

        masters { 10.1.1.1; };

};


};

 

 

Thx for any help provided.

Mark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090116/6eaa1196/attachment.html>

More information about the bind-users mailing list