Ports used during Zone transfers (9.0.1)
Barry Margolin
barmar at genuity.net
Thu Dec 21 23:25:13 UTC 2000
In article <91u1au$5k0 at pub3.rc.vix.com>, Robert Gahl <bgahl at bawcsa.org> wrote:
>
>I have gotten 9.0.1 master and slave talking to one another as long as I
>don't have my standard access-list stuff in my router up. The minute I
>reinstate my filters, the two systems stop talking to one another. Here are
>the standard rules I have been using (legacy for 8.x bind):
>
>! DNS queries
>access-list 111 permit udp any any eq domain
>access-list 111 permit tcp 64.210.184.0 0.0.0.255 208.45.103.18 0.0.0.0 eq
>domain
>
>where the 64.210.184.0 network is where the master server lives. The slave
>lives in the 63.146.119.0 network. So, I added the following rule to allow
>the zone data to flow:
>
>access-list 111 permit tcp 64.210.184.0 0.0.0.255 63.146.119.0 0.0.0.255 eq
>domain
You have it backward. Zone transfers are initiated by the slaves
connecting to the master. So it should be:
access-list 111 permit tcp 63.146.119.0 0.0.0.255 64.210.184.0 0.0.0.255 eq domain
>but no go. And, since 9.0.1 doesn't really use named-xfer (at least,
>according to the docs it doesn't), I'm not entirely sure what is going on
>when a zone is transferred from the master to the slave.
named-xfer isn't a separate program, but its function has simply been moved
into named itself. The zone transfer protocol is specified by the DNS
standard, and is not implementation dependent.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list