Zone Transfer Problem

Dirk Schulten dirk.schulten at intrex-systems.com
Wed Feb 14 14:25:20 UTC 2001 

Hello,

we use bind Version 8.2.2 as master dns and a version 4.something as slave dns.

The version 4.something is our ISP's nameserver and we cannot update it.

Due to the exploits, I switched our Bind from V8.2.2 to V9.1.

But since that change the V4.something cannot transfer zones anymore.

If I use nslookup to let me display the zones, it also does not work from 
the machine running Bind 4.x:
--------------------------------------------------------------------------------------------------------------------------------------------------------
# nslookup
Default Server:  ns.necon.net
Address:  62.24.1.13

 > set type=any
 > server dns.intrex-systems.com
Default Server:  dns.intrex-systems.com
Address:  62.153.86.163

 > ls shadowportal.net.
[dns.intrex-systems.com]
*** Can't list domain shadowportal.net.: Unspecified error
--------------------------------------------------------------------------------------------------------------------------------------------------------

But I found something about dig and how i can try to
check if our DNS will transfer the zone correctly, and it does:
--------------------------------------------------------------------------------------------------------------------------------------------------------
# dig @dns.intrex-systems.com shadowportal.net. soa +aa +norec

; <<>> DiG 2.1 <<>> @dns.intrex-systems.com shadowportal.net. soa +aa +norec
; (1 server found)
;; res options: init aaonly(unimpl) defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa ra; Ques: 1, Ans: 1, Auth: 2, Addit: 2
;; QUESTIONS:
;;      shadowportal.net, type = SOA, class = IN

;; ANSWERS:
shadowportal.net.       86400   SOA     shadowportal.net. 
hostmaster.intrex-systems.com. (
                         2820942822      ; serial
                         14400   ; refresh (4 hours)
                         7200    ; retry (2 hours)
                         604800  ; expire (7 days)
                         86400 ) ; minimum (1 day)

;; AUTHORITY RECORDS:
shadowportal.net.       86400   NS      ns.net-con.net.
shadowportal.net.       86400   NS      dns.intrex-systems.com.

;; ADDITIONAL RECORDS:
ns.net-con.net. 76290   A       195.38.129.1
dns.intrex-systems.com. 86400   A       62.153.86.163

;; Total query time: 177 msec
;; FROM: bhagira.net-con.net to SERVER: dns.intrex-systems.com  62.153.86.163
;; WHEN: Wed Feb 14 15:16:34 2001
;; MSG SIZE  sent: 34  rcvd: 174
--------------------------------------------------------------------------------------------------------------------------------------------------------

I also set the logging of our server to 9, and also found no errors:
--------------------------------------------------------------------------------------------------------------------------------------------------------
Feb 14 15:14:12.699 security: debug 3: client 195.38.129.13#53: request is 
not signed
Feb 14 15:14:12.699 security: debug 3: client 195.38.129.13#53: recursion 
approved
Feb 14 15:14:12.700 security: debug 3: client 195.38.129.13#53: query approved
Feb 14 15:14:12.908 security: debug 3: client 195.38.129.13#3775: request 
is not signed
Feb 14 15:14:12.909 security: debug 3: client 195.38.129.13#3775: recursion 
approved
Feb 14 15:14:12.910 security: debug 3: client 195.38.129.13#3775: query 
approved
Feb 14 15:14:13.011 security: debug 3: client 195.38.129.13#3775: request 
is not signed
Feb 14 15:14:13.011 security: debug 3: client 195.38.129.13#3775: recursion 
approved
Feb 14 15:14:13.014 security: debug 3: client 195.38.129.13#3775: zone 
transfer approved
--------------------------------------------------------------------------------------------------------------------------------------------------------
Feb 14 15:11:52.556 xfer-out: debug 6: client 195.38.129.13#3767: AXFR request
Feb 14 15:11:52.557 xfer-out: debug 6: client 195.38.129.13#3767: transfer 
of 'shadowportal.net': AXFR question section OK
Feb 14 15:11:52.557 xfer-out: debug 6: client 195.38.129.13#3767: transfer 
of 'shadowportal.net': AXFR authority section OK
Feb 14 15:11:52.563 xfer-out: debug 8: 
shadowportal.net.        86400   IN      SOA     shadowportal.net. 
hostmaster.intrex-systems.com. 2820942822 14400 7200 604800 86400
Feb 14 15:11:52.563 xfer-out: debug 8: 
shadowportal.net.        86400   IN      NS      ns.net-con.net.
Feb 14 15:11:52.564 xfer-out: debug 8: 
shadowportal.net.        86400   IN      NS      dns.intrex-systems.com.
Feb 14 15:11:52.564 xfer-out: debug 8: 
shadowportal.net.        86400   IN      MX      10 mail.intrex-systems.com.
Feb 14 15:11:52.565 xfer-out: debug 8: 
dns.shadowportal.net.    86400   IN      A       62.153.86.163
Feb 14 15:11:52.565 xfer-out: debug 8: localhost.shadowportal.net. 86400 
IN     A       127.0.0.1
Feb 14 15:11:52.566 xfer-out: debug 8: 
mail.shadowportal.net.   86400   IN      A       62.153.86.163
Feb 14 15:11:52.566 xfer-out: debug 8: nameserver.shadowportal.net. 86400 
IN    CNAME   leviathan.intrex-systems.com.
Feb 14 15:11:52.567 xfer-out: debug 8: tweety.shadowportal.net. 
86400   IN      A       62.153.86.164
Feb 14 15:11:52.567 xfer-out: debug 8: 
www.shadowportal.net.    86400   IN      A       195.38.129.156
Feb 14 15:11:52.568 xfer-out: debug 8: 
shadowportal.net.        86400   IN      SOA     shadowportal.net. 
hostmaster.intrex-systems.com. 2820942822 14400 7200 604800 86400
Feb 14 15:11:52.569 xfer-out: debug 8: client 195.38.129.13#3767: transfer 
of 'shadowportal.net': sending TCP message of 344 bytes
Feb 14 15:11:52.570 xfer-out: debug 6: client 195.38.129.13#3767: transfer 
of 'shadowportal.net': end of transfer
--------------------------------------------------------------------------------------------------------------------------------------------------------

Can anybody help?

Yours,
Dirk Schulten

More information about the bind-users mailing list