AXFR rejected

Ondřej Surý ondrej at isc.org
Fri Feb 19 13:50:54 UTC 2021 

Hi Erich,

please fill an proper issue at our GitLab instance - https://gitlab.isc.org/isc-projects/bind9/issues and we’ll take it from here. We will need more information and mailing list is very clumsy way of tracking that.

Thanks,
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

> On 19. 2. 2021, at 14:07, Erich Eckner <bind at eckner.net> wrote:
> 
> Signed PGP part
> Hi,
> 
> I upgraded from bind 9.16.11 to 9.16.12 (on arch linux) and suddenly, AXFR
> transfers were denied:
> 
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: TCP request
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: using view '_default'
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: request is not signed
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: recursion available
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139 (ddns.eckner.net): AXFR request
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139 (ddns.eckner.net): zone transfer setup failed
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139 (ddns.eckner.net): reset client
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: freeing client
> 
> Relevant part of the config (I can post more/full config, if desired):
> 
> /etc/named.conf:
> 
> options {
>    ...
>    allow-recursion { any; };
>    allow-transfer { none; };
>    ...
> }
> 
> ...
> 
> zone "ddns.eckner.net" IN {
>    type master;
>    allow-transfer { 127.0.0.1; ...; };
> }
> 
> 
> I cannot find any relevant change in the changelog at
> https://ftp.isc.org/isc/bind9/cur/9.16/CHANGES - did I miss something or
> is this a bug?
> 
> (Adding 127.0.0.1 to allow-transfer in options clause did not help.)
> 
> regards,
> Erich
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210219/3cc3ac44/attachment.bin>

More information about the bind-users mailing list