Yet another Xfer problem

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sat Jan 19 22:38:56 UTC 2002 

	The fix for this is in 8.3.0

1310.   [bug]           TSIG signed IXFR's wern't correctly verified.

	Mark

> 
> Danny Mayer <mayer at gis.net> wrote in message news:<a2aefs$nac at pub3.rc.vix.com
> >...
> > At 02:30 PM 1/18/02, Bill Stephens wrote:
> > 
> > >I'm having problems with some IXFR zone transfers to one of my DNS
> > >servers.  The message log gives me the following error "premature EOF,
> > >fetching "some zone".  I don't think this is a memory issue, the
> > >primary server (and secondary for that matter) is a Linux machine with
> > >512 mb memory 512 mb swap space, and DNS is pretty much the only
> > >application on the server.  The server is able to process some zones
> > >between the primary and secondary, but consistantly I have one zone
> > >that only seems to be able to tansfer if I wipe it out on the
> > >secondary and restart, forcing an axfr.  I have another secondary
> > >pointing to the same primary, using AXFR's, and it's not having any
> > >problems transferring the zone.  It's a fairly small zone with < 100
> > >entries.  I've upgraded both the primary and slave to BIND 8.2.5 to
> > >see if that would improve things, no dice.  Any other ideas what might
> > >be going wrong?
> > 
> > Try setting transfer-format one-answer in named.conf either in options
> > (to make it global) or server for a specific server.  It may be having prob
> lems
> > with the many-answers transfer format. You didn't say what version of BIND
> > each side of transfer is being used or on what O/S.
> > 
> >          Danny
> 
> Thanks, I tried setting it to one-answer and got a different result. 
> The one-answer gave a "no TSIG present (-10)" for the zone.  I double
> checked the TSIG's, they're good, I'm getting transfers from other
> zones between the same server pair.  I turned off ixfr, and the
> transfers flowed without any problems.  I really think it's related to
> the ixfr's, since axfr's between the the two servers work fine.
> 
> On both sides, I'm running RedHat Linux 7.0, and BIND 8.2.5.
> 
> Thanks,
> 
> Bill
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list