Zone Transfer Problems

Smith, William E. (Bill), Jr. Bill.Smith at jhuapl.edu
Wed Mar 28 14:39:43 UTC 2001 

Yes, more info would help!!  See below for that info.  If further
info/logging details are needed to assist, I will provide as much as I can.



We halted our upgrade of our other two servers as we saw some issues on the
one already upgraded that we weren't comfortable with proceeding.  

Yes, DNS is running on the server having problems. It's transferring other
zones just fine.  Only this particular one is failing.

Bill

I've included the config info for the zones as well as some debugging info
we got.  

"240-28.226.244.128.IN-ADDR.ARPA" {
         type slave;
        file "swiftid240.rev";
        masters {
                128.244.226.238;
        };
};


zone "236-30.226.244.128.IN-ADDR.ARPA" {
         type slave;
        file "swiftid236.rev";
        masters {
                128.244.226.238; 

Here's a snippet from the logging we were doing:

domain `240-28.226.244.128.IN-ADDR.ARPA'; file `swiftid240.rev'; serial 0
zone found (2): "240-28.226.244.128.IN-ADDR.ARPA", source = swiftid240.rev
addrcnt = 1
getzone() 240-28.226.244.128.IN-ADDR.ARPA secondary
address [128.244.226.238] AXFR
connecting to server #1 [128.244.226.238].53
close(5) succeeded

domain `240-28.226.244.128.IN-ADDR.ARPA'; file `swiftid240.rev'; serial 0
zone found (2): "240-28.226.244.128.IN-ADDR.ARPA", source = swiftid240.rev
addrcnt = 1
getzone() 240-28.226.244.128.IN-ADDR.ARPA secondary
address [128.244.26.238] AXFR
connecting to server #1 [128.244.26.238].53
close(5) succeeded

-----Original Message-----
From: Brad Knowles [mailto:brad.knowles at skynet.be]
Sent: Wednesday, March 28, 2001 8:51 AM
To: Smith, William E. (Bill), Jr.; bind-users at isc.org
Subject: Re: Zone Transfer Problems


At 8:30 AM -0500 3/28/01, Smith, William E. (Bill), Jr. wrote:

>                                                  2 of our secondaries are
>  running 8.2.2 P5 and a third 8.2.3.  The problem server is one of the
ones
>  running 8.2.2 P5.

	You should upgrade all the BIND 8 servers so that they are 
running version BIND 8.2.3-REL.  Previous versions are insecure.  See 
<http://www.securityfocus.com/templates/headline.html?id=10851> and 
<http://www.securityfocus.com/bid/2302>.  Note that the latter is 
dated January 29, 2001.

>                     Any ideas as to what could be going on or any
suggestions
>  for troubleshooting this further.

	If you tell us the names of the zones in question and the 
nameservers in question, and share us some segments of your logs 
demonstrating the problem, we might have a chance of helping you 
further.

	Otherwise, I can't imagine that a person who is deaf, mute, and 
blind is going to make a particularly good neuromicrosurgeon.

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'

More information about the bind-users mailing list