zone transfers fail
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Feb 3 03:29:45 UTC 2003
> I guess you cant leave anything unspoken anywhere you go, so I'd better put b
> oth
> the full configuration files frm the master and the slave on the list:
>
> // master server named.conf
>
> acl "my-dns-ip" {
> localhost;
I suggest that you look at the definition of the localhost
acl. It is *not* "{ 127.0.0.1; ::1; };".
> 207.177.51.227;
> };
>
> acl "primary-dns-ip" {
> 207.177.51.227;
> };
>
> acl "secondary-dns-ips" {
> 207.177.51.228;
> };
>
> acl "local-ips" {
> 207.177.51.224/28;
> 207.177.73.224/28;
> localhost;
> };
>
> acl "natel-dns-ips" {
> 207.177.74.108;
> 207.177.74.118;
> };
>
> acl RFC1918 {
> 0.0.0.0/7; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3;
> 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
> };
>
>
> options {
> directory "/var/cache/bind";
>
> listen-on { my-dns-ip; };
> listen-on-v6 { none; };
> blackhole { RFC1918; };
> forwarders { 207.177.74.118; 207.177.74.108; };
> allow-query { local-ips; natel-dns-ips; };
> allow-recursion { local-ips; };
> allow-transfer { localhost; primary-dns-ip; secondary-dns-ips; };
> auth-nxdomain yes; # conform to RFC1035
> };
>
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> allow-transfer { localhost; };
> allow-update { none; };
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> allow-transfer { localhost; };
> allow-update { none; };
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> allow-transfer { localhost; };
> allow-update { none; };
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> allow-transfer { localhost; };
> allow-update { none; };
> };
>
> zone "hospitalpage.com" {
> type master;
> file "/etc/bind/zones/hospitalpage.com";
> allow-query { any; };
> allow-update { none; };
> };
>
> // end master server named.conf
>
> Feb 1 22:11:14 lists named[210]: client 207.177.51.228#1234: zone transfer '
> hospitalpage.com/IN' denied
On the face of it I would say that named is not running the
config you think it is running.
If you are running chroot then named looks in the chroot
area. Also symbolic links may refer to different location
when running chroot.
Mark
> And the corresponding errors in the salve server daemon.log:
>
> Feb 1 22:12:25 silicon named[158]: transfer of 'hospitalpage.com/IN' from 20
> 7.177.51.227#53: failed while receiving responses: REFUSED
> Feb 1 22:12:25 silicon named[158]: transfer of 'hospitalpage.com/IN' from 20
> 7.177.51.227#53: end of transfer
>
>
> --
> Christopher L. Everett
> Chief Technology Officer
> The Medical Banner Exchange
> Physicians Employment on the Internet
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list