Zone transfer problem for BIND name server
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 8 01:10:35 UTC 2001
amran at isp.time.net.my wrote:
> Hi all
>
> I'm having problem to do a zone transfer for my off-site slaves name server
> as the local firewall does not
> allow TCP for port 53. Could I configure my BIND name servers to do the zone
> transfer by using UDP instead of TCP ?
No. TCP is mandatory for AXFR zone transfers. I think UDP may a possibility for
IXFR transfers, but there's no way to guarantee that an IXFR won't try to "fall
back" to an AXFR transfer, so for reliable replication you need
TCP connectivity.
> or ;
> If I'm running a slave name server to an off-site master server, do I need
> to open the TCP port in the local firewall for the zone transfer?
You need TCP port 53 inbound to the master and TCP port 53 outbound from the
master. The slave TCP port could be either 53 or some random unprivileged port
number.
- Kevin
More information about the bind-users
mailing list