Zone Transfer Problem - Keep getting not authoritative
Barry Margolin
barmar at alum.mit.edu
Sat Jan 17 05:02:21 UTC 2009
In article <gkq54j$129f$1 at sf1.isc.org>,
"Mark A. Moore" <mmoore at osmre.gov> wrote:
> We are having some issues with zone transfers b/t our Master & Slave. We
> are using Redhat Linux 5.2 with Bind 9.3.4. In our slave server log, we
> get "not authoritative" for all zones configured. How do we fix the not
> authoritative issue? Any help would be greatly appreciated. Information
> provided has been sanitized a bit. As part of testing, if I created a
> sample fake domain (ie. Youtube.com) and place in the internal-in view
> area as a zone, they transfer with no problems. For anything in the
> external-in view doesn't transfer.
Is the slave internal or external? If the slave is internal, you need
to put the zone in the internal view so the slave can get it.
>
> =20
>
> Sample log message:
>
> received notify for zone 'omitted': not authoritative
>
> =20
>
> =20
>
> Master Named.conf
>
> // Set up ACLs
>
>
> acl "xfer" {
>
>
> omitted;
>
>
> };
>
>
> acl "trusted" {
>
>
> omitted
>
> localhost;
>
>
> };
>
>
> =20
>
> acl "bogon" {
>
>
> omitted
>
> };
>
>
> logging {
>
>
> omitted
>
> };
>
>
> // Set options for security
>
>
> options {
>
>
> directory "/var/named";
>
> pid-file "data/named.pid";
>
>
> statistics-file "data/named.stats";
>
>
> memstatistics-file "data/named.memstats";
>
>
> dump-file "data/named.dump";
>
>
> zone-statistics yes;
>
>
> listen-on { omitted; };
>
>
> transfer-source "10.1.1.1" port 53;
>
> interface-interval 0;
>
>
> # hide our "real" version number
>
>
> version "[secured]";
>
>
> =20
>
> notify yes;
>
>
> transfer-format many-answers;
>
>
> max-transfer-time-in 60;
>
>
> allow-transfer { xfer; };
>
> allow-query { trusted; };
>
>
> blackhole { bogon; };
>
>
> };
>
>
> =20
>
> view "internal-in" in {
>
>
> match-clients { trusted; };
>
>
> recursion yes;
>
>
> additional-from-auth yes;
>
>
> additional-from-cache yes;
>
> zone "." in {
>
>
> type hint;
>
>
> file "db.rootcache";
>
>
> };
>
>
> zone "localhost" in {
>
> type master;
>
> file "db.127.0.0";
>
> };
>
> zone "0.0.127.in-addr.arpa" in {
>
>
> type master;
>
>
> file "localhost.rev";
>
>
> };
>
>
> };
>
>
> // Create a view for external DNS clients.
>
>
> view "external-in" in {
>
>
> match-clients { any; };
>
>
> recursion no;
>
>
> additional-from-auth no;
>
>
> additional-from-cache no;
>
>
> // Link in our zones
>
>
> zone "." in {
>
>
> type hint;
>
>
> file "db.rootcache";
>
>
> };
>
>
> zone "localhost" in {
>
>
> type master;
>
>
> file "db.127.0.0";
>
>
> allow-query { any; };
>
> allow-transfer { 10.1.1.2; };
>
>
> };
>
>
> zone "mydomain.com" in {
>
> type master;
>
>
> file "mydomain.com.hosts";
>
>
> allow-query { any; };
>
> allow-transfer { 10.1.1.2; };
>
> also-notify { 10.1.1.2; };
>
>
> };
>
> zone "1.1.10.in-addr.arpa" in {
>
>
> type master;
>
>
> file "1.1.10.rev";
>
>
> allow-query { any; };
>
> allow-transfer { 10.1.1.2; };
>
> also-notify { 10.1.1.2; };
>
>
> };
>
>
> zone "2.1.10.in-addr.arpa" in {
>
>
> type master;
>
>
> file "2.1.10.rev";
>
>
> allow-query { any; };
>
>
> allow-transfer { 10.1.1.2; };
>
> also-notify { 10.1.1.2; };
>
> };
>
>
> };=20
>
> =20
>
> Slave Named.conf
>
> // Set up ACLs
>
>
> acl "xfer" {
>
>
> none;
>
>
> };
>
>
> acl "trusted" {
>
>
> omitted
>
> localhost;
>
>
> };
>
>
> acl "bogon" {
>
>
> omitted
>
> };
>
>
> logging {
>
>
> omitted
>
>
> };
>
>
> // Set options for security
>
>
> options {
>
>
> directory "/var/named";
>
>
> pid-file "data/named.pid";
>
>
> statistics-file "data/named.stats";
>
>
> memstatistics-file "data/named.memstats";
>
>
> dump-file "data/named.dump";
>
>
> zone-statistics yes;
>
>
> listen-on { 10.1.1.2; };
>
>
> transfer-source 10.1.1.2 port 53;
>
> interface-interval 0;
>
>
> # hide our "real" version number
>
>
> version "[secured]";
>
>
> notify no;
>
>
> transfer-format many-answers;
>
>
> max-transfer-time-in 60;
>
>
> allow-transfer { xfer; };
>
>
> allow-query { trusted; };
>
>
> blackhole { bogon; };
>
>
> };
>
>
> =20
>
> view "internal-in" in {
>
>
> match-clients { trusted; };
>
>
> recursion yes;
>
>
> additional-from-auth yes;
>
>
> additional-from-cache yes;
>
>
> zone "." in {
>
>
> type hint;
>
>
> file "db.rootcache";
>
>
> };
>
>
> zone "localhost" in {
>
> type master;
>
> file "db.127.0.0";
>
> };
>
> zone "0.0.127.in-addr.arpa" in {
>
>
> type master;
>
>
> file "localhost.rev";
>
>
> allow-query { any; };
>
>
> allow-transfer { none; };
>
>
> };
>
>
> };
>
>
> // Create a view for external DNS clients.
>
>
> view "external-in" in {
>
>
> match-clients { any; };
>
>
> recursion no;
>
>
> additional-from-auth no;
>
>
> additional-from-cache no;
>
>
> // Link in our zones
>
>
> zone "." in {
>
>
> type hint;
>
>
> file "db.rootcache";
>
>
> };
>
>
> zone "localhost" in {
>
>
> type master;
>
>
> file "db.127.0.0";
>
>
> };
>
>
> zone "mydomain.com" in {
>
>
> type slave;
>
>
> masters { 10.1.1.1; };
>
> file "slaves/bak.mydomin.com.hosts";
>
> allow-query { any; };
>
>
> allow-transfer { none; };
>
> };
>
>
> zone "1.1.10.in-addr.arpa" in {
>
>
> type slave;
>
>
> file "slaves/bak.1.1.10.rev";
>
> allow-query { any; };
>
> allow-transfer { none; };
>
> masters { 10.1.1.1; };
>
> };
>
>
> zone "2.1.10.in-addr.arpa" in {
>
>
> type slave;
>
>
> file "slaves/bak.2.1.10.rev";
>
> allow-query { any; };
>
>
> allow-transfer { none; };
>
> masters { 10.1.1.1; };
>
> };
>
>
> };
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list