Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?
pgbind9 at ml1.net
pgbind9 at ml1.net
Fri Mar 8 00:02:25 UTC 2013
hi,
i've installed
named -v
BIND 9.9.2-rpz+rl.028.23-P1
i've registered my nameserver IP with spamhaus for use of its RPZ list;
i've been approved for access.
i've setup my bind9 conf for slave access to a spamhaus RPZ
...
acl rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
199.168.90.53; };
masters rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
199.168.90.53; };
...
channel bind_rpzlog {
file "/var/log/bind-rpz.log" versions 10 size 5m;
print-time yes;
print-category yes;
print-severity yes;
severity debug;
};
...
category rpz { bind_rpzlog; };
...
view "internal" {
...
response-policy {
zone "drop.rpz.spamhaus.org";
};
...
zone "drop.rpz.spamhaus.org" IN {
type slave;
file "/namedb/slave/drop.rpz.spamhaus.org.zone";
masters { rpz4_spamhaus; };
allow-query { localhost; };
allow-transfer { rpz4_spamhaus; };
request-ixfr yes;
notify no;
};
...
Bind launches initially with no errors, but xfer log eventually reports:
...
07-Mar-2013 13:26:25.657 xfer-in: error: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
failed to connect: timed out
07-Mar-2013 13:26:25.657 xfer-in: info: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 7.010 secs
(0 bytes/sec)
07-Mar-2013 13:27:17.673 xfer-in: error: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
failed to connect: timed out
07-Mar-2013 13:27:17.673 xfer-in: info: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
(0 bytes/sec)
07-Mar-2013 13:28:09.689 xfer-in: error: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
failed to connect: timed out
07-Mar-2013 13:28:09.689 xfer-in: info: transfer of
'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
(0 bytes/sec)
...
the RPZ log @ /var/log/bind-rpz.log is created on bind start, but is
completely empty.
if i
rndc -k /usr/local/etc/named/keys/rndc-key retransfer
drop.rpz.spamhaus.org
logs show only
==> /var/log/bind-main.log <==
07-Mar-2013 13:58:43.576 general: info: received control channel
command 'retransfer drop.rpz.spamhaus.org'
but nothing improves/changes.
I've no idea as to why the 'failed to connect' message. As an obvious
result, no local zone file is created/written.
Where should I start looking/debugging for the cause of this failed
transfer? Any other hints?
Thanks!
-pg
More information about the bind-users
mailing list