; Transfer failed. on dig axfr with bind9

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Mon Oct 18 19:27:24 UTC 2004 

Clemens Bergmann <cbergmann at schuhklassert.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> hi,
> I have a problem getting AXFR work with bind9.
> because of the fact that i have 8 zone file i don't attach everyting he=
re. I putted my config file on a webserver so you can view it.
> The URI is http://angel.homelinux.org/bind/

> I need AXFR but when I do a `dig home.loc AXFR` i get:

> ; <<>> DiG 9.2.4rc5 <<>> home.loc AXFR
> ;; global options:  printcmd
> ; Transfer failed.

> same from the server directly and from a pc in 192.168.0.1/24;
> i also tried to do with "@192.168.0.254" respectively "@127.0.0.1" but =
that does not chage anything.

> obviously something is send back from the NS because when i start ether=
eal on the pc i do the request i get a package back but with "[Unreassemb=
led Packet]" (I don't know what that means).
> Here is the tcpdump -w output for that package so you can open it up in=
 ethereal an have a look (package 8):
> http://angel.homelinux.org/dns

> In hope of quick response
> Clemens

> p.s.
> sorry for my bad english i am not a native english speaker (german)

I cannot see the problem, but i see some other problems :

1/
your external view misses hint zone=20

2/ you use forwarders. In a few special cases is this needed but in most =
(all?)
cases it will only complicate things and get worse performance. Get rid o=
f them !

3/
slave for "2nd-angel.de" is 212.227.123.31 ( according to delegation)
You allow 212.227.123.29  Is this intentional ?

4/
in spite of your good idea to have config+files avaliable "on demand" i g=
et :
You don't have permission to access /bind/zones/2nd-angel.de.zone on this=
 server.
(this might not mean that there is a fault in the file only that i cannot=
 verify it)


(and your english is fully understandable, this is a technical discussion=
 group
not an english grammar contest !)







--=20
Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out=
,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list