zone transfers fail

Mon Feb 3 03:29:45 UTC 2003

> I guess you cant leave anything unspoken anywhere you go, so I'd better put b
> oth
> the full configuration files frm the master and the slave on the list:
> 
> // master server named.conf
> 
> acl "my-dns-ip" {
>          localhost;		

	I suggest that you look at the definition of the localhost
	acl.  It is *not* "{ 127.0.0.1; ::1; };".
	
>          207.177.51.227;
> };
> 
> acl "primary-dns-ip" {
> 	207.177.51.227;
> };
> 
> acl "secondary-dns-ips" {
> 	207.177.51.228;
> };
> 
> acl "local-ips" {
> 	207.177.51.224/28;
> 	207.177.73.224/28;
> 	localhost;
> };
> 
> acl "natel-dns-ips" {
> 	207.177.74.108;
> 	207.177.74.118;
> };
> 
> acl RFC1918 {
> 	0.0.0.0/7;      2.0.0.0/8;      192.0.2.0/24;   224.0.0.0/3;
> 	10.0.0.0/8;     172.16.0.0/12;  192.168.0.0/16;
> };
> 									
> 		
> options {
> 	directory "/var/cache/bind";
> 
> 	listen-on       { my-dns-ip; };
> 	listen-on-v6    { none; };
> 	blackhole       { RFC1918; };
> 	forwarders      { 207.177.74.118; 207.177.74.108; };
> 	allow-query     { local-ips; natel-dns-ips; };
> 	allow-recursion { local-ips; };
> 	allow-transfer  { localhost; primary-dns-ip; secondary-dns-ips; };
> 	auth-nxdomain yes;    # conform to RFC1035
> };
> 
> zone "." {
>          type hint;
> 	file "/etc/bind/db.root";
> };
> 
> zone "localhost" {
> 	type master;
> 	file "/etc/bind/db.local";
> 	allow-transfer  { localhost; };
> 	allow-update    { none; };
> };
> 
> zone "127.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.127";
> 	allow-transfer  { localhost; };
> 	allow-update    { none; };
> };
> 
> zone "0.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.0";
> 	allow-transfer  { localhost; };
> 	allow-update    { none; };
> };
> 
> zone "255.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.255";
> 	allow-transfer  { localhost; };
> 	allow-update    { none; };
> };
> 
> zone "hospitalpage.com" {
>          type master;
> 	file "/etc/bind/zones/hospitalpage.com";
> 	allow-query     { any; };
> 	allow-update    { none; };
> };
> 
> // end master server named.conf
> 

> Feb  1 22:11:14 lists named[210]: client 207.177.51.228#1234: zone transfer '
> hospitalpage.com/IN' denied

	On the face of it I would say that named is not running the
	config you think it is running.

	If you are running chroot then named looks in the chroot
	area.  Also symbolic links may refer to different location
	when running chroot.

	Mark
 
> And the corresponding errors in the salve server daemon.log:
> 
> Feb  1 22:12:25 silicon named[158]: transfer of 'hospitalpage.com/IN' from 20
> 7.177.51.227#53: failed while receiving responses: REFUSED
> Feb  1 22:12:25 silicon named[158]: transfer of 'hospitalpage.com/IN' from 20
> 7.177.51.227#53: end of transfer
> 
> 
> -- 
> Christopher L. Everett
> Chief Technology Officer
> The Medical Banner Exchange
> Physicians Employment on the Internet
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org