Zone transfers fro secondary

Sherona Hoosen sherona at cns.wits.ac.za
Wed Nov 19 08:58:51 UTC 2003 

Hi

I ran dig axfr asti.ac.za @137.158.128.1
It gives the following and then just hangs

bash-2.05# dig axfr asti.ac.za @137.158.128.1

; <<>> DiG 8.3 <<>> axfr asti.ac.za @137.158.128.1
; (1 server found)


I get following response when running dig soa asti.ac.za @137.158.128.1
bash-2.05# dig soa @asti.ac.za @137.158.128.1

; <<>> DiG 8.3 <<>> soa @asti.ac.za @137.158.128.1
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;;      ., type = SOA, class = IN

;; ANSWER SECTION:
.                       14h25m6s IN SOA  A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. (
                                        2003111801      ; serial
                                        30M             ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum


;; AUTHORITY SECTION:
.                       4d6h36m10s IN NS  L.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  M.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  A.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  B.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  C.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  D.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  E.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  F.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  G.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  H.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  I.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  J.ROOT-SERVERS.NET.
.                       4d6h36m10s IN NS  K.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
L.ROOT-SERVERS.NET.     5d6h36m10s IN A  198.32.64.12
M.ROOT-SERVERS.NET.     5d6h36m10s IN A  202.12.27.33
A.ROOT-SERVERS.NET.     5d6h36m10s IN A  198.41.0.4
B.ROOT-SERVERS.NET.     5d6h36m10s IN A  128.9.0.107
C.ROOT-SERVERS.NET.     5d6h36m10s IN A  192.33.4.12
D.ROOT-SERVERS.NET.     5d6h36m10s IN A  128.8.10.90
E.ROOT-SERVERS.NET.     5d6h36m10s IN A  192.203.230.10
F.ROOT-SERVERS.NET.     5d6h36m10s IN A  192.5.5.241
G.ROOT-SERVERS.NET.     5d6h36m10s IN A  192.112.36.4
H.ROOT-SERVERS.NET.     5d6h36m10s IN A  128.63.2.53
I.ROOT-SERVERS.NET.     5d6h36m10s IN A  192.36.148.17
J.ROOT-SERVERS.NET.     5d6h36m10s IN A  192.58.128.30
K.ROOT-SERVERS.NET.     5d6h36m10s IN A  193.0.14.129

;; Total query time: 78 msec
;; FROM: caesar to SERVER: 137.158.128.1
;; WHEN: Wed Nov 19 10:48:26 2003
;; MSG SIZE  sent: 17  rcvd: 493


Would that imply the problem is at the master.
What could it be because for a short while I could update.

Named runs as root and /var/named is owned by root.

I've opened the firewall to allow all connections bet slave and master.

Thanks for help
Cheers
Sherona




----- Original Message -----
From: "Dave Spenceley" <ds at dspen.com>
To: "Sherona Hoosen" <sherona at cns.wits.ac.za>
Sent: Wednesday, November 19, 2003 10:53 AM
Subject: Re: Zone transfers fro secondary


> Hi,
>
> From the slave server run the command:
>
> dig axfr asti.ac.za @137.158.128.1
>
> If this succeeds, check named can write to its own directory
> (named run as user named, /var/named owned by root!)
>
> If this fails, check access to master:
> dig soa asti.ac.za @137.158.128.1
>
> If this succeeds, the master is not granting transfer to
> your slave (allow-transfer). **MOST PROBABLE**
>
> If this fails, you may have network/firewall problem, or
> master is broken.
>
> Please post your solution.
>
> Cheers, Dave
>
> On Wednesday 19 November 2003 6:37 am, Sherona Hoosen wrote:
> > Hi
> > I am running bind8.2.3 on solaris 8
> >
> > We set up a zone "asti.ac.za" as a secondary with the
> > primary at ucthpx.uct.ac.za
> >
> > I am however unable to get updates.
> >
> > When I reload the DNS Iget the following errors
> > Nov 19 08:17:56 caesar named-xfer[1575]: [ID 364950
> > daemon.info] connect(137.158.128.1) for zone asti.ac.za
> > failed: Connection timed out
> >
> > Also the file that gets downloaded is a 0 byte file like
> > -rw-r--r--   1 root     other          0 Nov 19 08:14
> > asti.ac.za.tqa4ed
> >
> > The entries in named.conf is as follows
> >
> > #===========Asti.ac.za =======
> >
> > zone "asti.ac.za" {
> >         type master;
> >         file "asti/asti.ac.za";
> >         check-names fail;
> >         allow-update { none; };
> >         allow-transfer { 146.141.15.210; 146.141.15.222;
> > 137.158.128.4; 137.158.128.11; 137.158 .128.1; };
> >         allow-query { any; };
> > };
> >
> > Any idea as to waht could be causing the problem.
> >
> > Things are fine at uct as other zones are able to update
> >
> > Thanks
> > Cheers
> > sherona
>

More information about the bind-users mailing list