Zone Transfer Problem
Dirk Schulten
dirk.schulten at intrex-systems.com
Wed Feb 14 14:25:20 UTC 2001
Hello,
we use bind Version 8.2.2 as master dns and a version 4.something as slave dns.
The version 4.something is our ISP's nameserver and we cannot update it.
Due to the exploits, I switched our Bind from V8.2.2 to V9.1.
But since that change the V4.something cannot transfer zones anymore.
If I use nslookup to let me display the zones, it also does not work from
the machine running Bind 4.x:
--------------------------------------------------------------------------------------------------------------------------------------------------------
# nslookup
Default Server: ns.necon.net
Address: 62.24.1.13
> set type=any
> server dns.intrex-systems.com
Default Server: dns.intrex-systems.com
Address: 62.153.86.163
> ls shadowportal.net.
[dns.intrex-systems.com]
*** Can't list domain shadowportal.net.: Unspecified error
--------------------------------------------------------------------------------------------------------------------------------------------------------
But I found something about dig and how i can try to
check if our DNS will transfer the zone correctly, and it does:
--------------------------------------------------------------------------------------------------------------------------------------------------------
# dig @dns.intrex-systems.com shadowportal.net. soa +aa +norec
; <<>> DiG 2.1 <<>> @dns.intrex-systems.com shadowportal.net. soa +aa +norec
; (1 server found)
;; res options: init aaonly(unimpl) defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa ra; Ques: 1, Ans: 1, Auth: 2, Addit: 2
;; QUESTIONS:
;; shadowportal.net, type = SOA, class = IN
;; ANSWERS:
shadowportal.net. 86400 SOA shadowportal.net.
hostmaster.intrex-systems.com. (
2820942822 ; serial
14400 ; refresh (4 hours)
7200 ; retry (2 hours)
604800 ; expire (7 days)
86400 ) ; minimum (1 day)
;; AUTHORITY RECORDS:
shadowportal.net. 86400 NS ns.net-con.net.
shadowportal.net. 86400 NS dns.intrex-systems.com.
;; ADDITIONAL RECORDS:
ns.net-con.net. 76290 A 195.38.129.1
dns.intrex-systems.com. 86400 A 62.153.86.163
;; Total query time: 177 msec
;; FROM: bhagira.net-con.net to SERVER: dns.intrex-systems.com 62.153.86.163
;; WHEN: Wed Feb 14 15:16:34 2001
;; MSG SIZE sent: 34 rcvd: 174
--------------------------------------------------------------------------------------------------------------------------------------------------------
I also set the logging of our server to 9, and also found no errors:
--------------------------------------------------------------------------------------------------------------------------------------------------------
Feb 14 15:14:12.699 security: debug 3: client 195.38.129.13#53: request is
not signed
Feb 14 15:14:12.699 security: debug 3: client 195.38.129.13#53: recursion
approved
Feb 14 15:14:12.700 security: debug 3: client 195.38.129.13#53: query approved
Feb 14 15:14:12.908 security: debug 3: client 195.38.129.13#3775: request
is not signed
Feb 14 15:14:12.909 security: debug 3: client 195.38.129.13#3775: recursion
approved
Feb 14 15:14:12.910 security: debug 3: client 195.38.129.13#3775: query
approved
Feb 14 15:14:13.011 security: debug 3: client 195.38.129.13#3775: request
is not signed
Feb 14 15:14:13.011 security: debug 3: client 195.38.129.13#3775: recursion
approved
Feb 14 15:14:13.014 security: debug 3: client 195.38.129.13#3775: zone
transfer approved
--------------------------------------------------------------------------------------------------------------------------------------------------------
Feb 14 15:11:52.556 xfer-out: debug 6: client 195.38.129.13#3767: AXFR request
Feb 14 15:11:52.557 xfer-out: debug 6: client 195.38.129.13#3767: transfer
of 'shadowportal.net': AXFR question section OK
Feb 14 15:11:52.557 xfer-out: debug 6: client 195.38.129.13#3767: transfer
of 'shadowportal.net': AXFR authority section OK
Feb 14 15:11:52.563 xfer-out: debug 8:
shadowportal.net. 86400 IN SOA shadowportal.net.
hostmaster.intrex-systems.com. 2820942822 14400 7200 604800 86400
Feb 14 15:11:52.563 xfer-out: debug 8:
shadowportal.net. 86400 IN NS ns.net-con.net.
Feb 14 15:11:52.564 xfer-out: debug 8:
shadowportal.net. 86400 IN NS dns.intrex-systems.com.
Feb 14 15:11:52.564 xfer-out: debug 8:
shadowportal.net. 86400 IN MX 10 mail.intrex-systems.com.
Feb 14 15:11:52.565 xfer-out: debug 8:
dns.shadowportal.net. 86400 IN A 62.153.86.163
Feb 14 15:11:52.565 xfer-out: debug 8: localhost.shadowportal.net. 86400
IN A 127.0.0.1
Feb 14 15:11:52.566 xfer-out: debug 8:
mail.shadowportal.net. 86400 IN A 62.153.86.163
Feb 14 15:11:52.566 xfer-out: debug 8: nameserver.shadowportal.net. 86400
IN CNAME leviathan.intrex-systems.com.
Feb 14 15:11:52.567 xfer-out: debug 8: tweety.shadowportal.net.
86400 IN A 62.153.86.164
Feb 14 15:11:52.567 xfer-out: debug 8:
www.shadowportal.net. 86400 IN A 195.38.129.156
Feb 14 15:11:52.568 xfer-out: debug 8:
shadowportal.net. 86400 IN SOA shadowportal.net.
hostmaster.intrex-systems.com. 2820942822 14400 7200 604800 86400
Feb 14 15:11:52.569 xfer-out: debug 8: client 195.38.129.13#3767: transfer
of 'shadowportal.net': sending TCP message of 344 bytes
Feb 14 15:11:52.570 xfer-out: debug 6: client 195.38.129.13#3767: transfer
of 'shadowportal.net': end of transfer
--------------------------------------------------------------------------------------------------------------------------------------------------------
Can anybody help?
Yours,
Dirk Schulten
More information about the bind-users
mailing list