AXFR no auth - but transfer allowed
Jim Reid
jim at rfc1035.com
Sun Mar 26 21:40:56 UTC 2000
>>>>> "Ulrich" == Ulrich Wisser <u.wisser at luna-park.de> writes:
Ulrich> Hello, I try to register my reverse address domain with
Ulrich> Deutsche Telekom. Therefor I configured the following
Ulrich> zone:
zone "0.8.25.194.in-addr.arpa" in {
type master;
file "194.25.8.zone";
allow-query { any; };
allow-transfer{ 194.25.0.125; # pns.dtag.de
129.70.132.100; #
techfac.techfak.uni-bielefeld.de
194.25.0.121; # Reverse Nameserver
194.25.1.113; # Diagnose DTAG ZID Muenster
194.25.15.217; # Diagnose DTAG NOC
62.156.152.59; # Diagnose DTAG NIC
62.156.153.47; # Nameservertest DTAG NIC
};
};
Ulrich> But when I send my registration the Testnameserver is
Ulrich> denied transfer. That is what my named says:
Ulrich> 23-Mar-2000 10:42:48.684 security: notice: unapproved AXFR
Ulrich> from [62.156.153.47].54864 for "0.8.25.194.in-addr.arpa"
Ulrich> (not auth)
Ulrich> What is wrong?
If the zone statement is *exactly* like it was shown above, then
there's another syntax error. "techfac.techfak.uni-bielefeld.de" will
not be part of a comment as you presumably intended. Everything from a
hash character '#' to the end of a line is treated as a comment, but
the string techfac.techfak.uni-bielefeld.de is on another
line. This'll mean the name server is treating it as a syntactic token
and getting rather upset because it's neither a dotted decimal IP
address or statement terminator that it's expecting. The name server
will have complained about this error when it read named.conf. [Did
you read the logs?] The parser will probably have had to ignore
everything after that error until it found the end of the zone{}
statement.
BTW, there's no white space between the "allow-transfer" keyword and
the opening brace '{'. This is probably not a good idea, even though
named's parser allows it. Your use of white space has made things
*less* easier to read and introduced a syntax error.
More information about the bind-users
mailing list