problems with zone transfer

David Botham DBotham at OptimusSolutions.com
Tue Sep 28 20:35:50 UTC 2004 

bind-users-bounce at isc.org wrote on 09/28/2004 03:42:57 PM:
> I got asked to use the real name and ip.=20
> 
> I am trying to host a slave on my name servers.
> The primary dns is a windows box, and the secondary are bind Linux
> boxes.
> 
> I cannot execute a zone transfer with dig or the named.conf file.
> 
> Here is an example of the secondary bind named.conf file
> I've replaced the origin, domain, and ip.=20
> 
> zone "hellgate.k12.mt.us" in {
>         type slave;
>         notify no;
>         file "external/hellgate.k12.mt.us.db";
>         allow-query {external; };
>         masters { 1.2.3.4;};
> };

The problem could be <read "the problem is at least"> that the name server 
at ip address 1.2.3.4 does not host the zone hellgate.k12.mt.us.  Neither 
do the name servers at 12.32.34.32 and 12.32.34.33 for that matter (see 
output of dig commands below).



If I ask one of them I get a referral to the root name servers. 

C:\Documents and Settings\DBotham.IBMT4151>dig soa hellgate.k12.mt.us 
@12.32.34.
32 +norec

; <<>> DiG 9.2.3 <<>> soa hellgate.k12.mt.us @12.32.34.32 +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;hellgate.k12.mt.us.            IN      SOA

;; AUTHORITY SECTION:
.                       518398  IN      NS      M.ROOT-SERVERS.NET.
.                       518398  IN      NS      A.ROOT-SERVERS.NET.
.                       518398  IN      NS      B.ROOT-SERVERS.NET.
.                       518398  IN      NS      C.ROOT-SERVERS.NET.
.                       518398  IN      NS      D.ROOT-SERVERS.NET.
.                       518398  IN      NS      E.ROOT-SERVERS.NET.
.                       518398  IN      NS      F.ROOT-SERVERS.NET.
.                       518398  IN      NS      G.ROOT-SERVERS.NET.
.                       518398  IN      NS      H.ROOT-SERVERS.NET.
.                       518398  IN      NS      I.ROOT-SERVERS.NET.
.                       518398  IN      NS      J.ROOT-SERVERS.NET.
.                       518398  IN      NS      K.ROOT-SERVERS.NET.
.                       518398  IN      NS      L.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     604798  IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     604798  IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     604798  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     604798  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     604798  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     604798  IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     604798  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     604798  IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     604798  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     604798  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     604798  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     604798  IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     604798  IN      A       202.12.27.33

;; Query time: 210 msec
;; SERVER: 12.32.34.32#53(12.32.34.32)
;; WHEN: Tue Sep 28 16:11:11 2004
;; MSG SIZE  rcvd: 455

This name server at least knows about the parent.



C:\Documents and Settings\DBotham.IBMT4151>dig soa hellgate.k12.mt.us 
@12.32.34.
33 +norec

; <<>> DiG 9.2.3 <<>> soa hellgate.k12.mt.us @12.32.34.33 +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;hellgate.k12.mt.us.            IN      SOA

;; AUTHORITY SECTION:
k12.mt.us.              729     IN      NS      CUDESS1.UMT.EDU.
k12.mt.us.              729     IN      NS      CUDESS2.UMT.EDU.

;; Query time: 120 msec
;; SERVER: 12.32.34.33#53(12.32.34.33)
;; WHEN: Tue Sep 28 16:11:29 2004
;; MSG SIZE  rcvd: 87


hope this helps...


Dave...

> 
> The Primary windows server records have both of my servers listed in the
> NS records.=20
> 
> Also, this domain is part of the state level domain.=20
> Like school.k12.state.us
> 
> When I go to dnsstuff.com and get a report I get the following error.
> 
> Took off 20 points since abc.foo.edu does not respond authoritatively
> (can cause unexpected responses and add delays). I have no idea on what
> this means.
> 
> When I try to do a manual zone transfer with dig I get the following
> answer
> 
> # dig hellgate.k12.mt.us  axfr
> 
> ; <<>> DiG 9.2.2 <<>> hellgate.k12.mt.us axfr
> ;; global options:  printcmd
> ; Transfer failed.
> 
> Logs from a transaction;
> 
> messages:Sep 28 12:28:34 ns1 named[195]: lame server resolving
> 'Hellgate.k12.mt.us' (in 'hellgate.k12.mt.us'?): 12.32.34.32#53
> messages:Sep 28 12:28:34 ns1 named[196]: lame server resolving
> 'Hellgate.k12.mt.us' (in 'hellgate.k12.mt.us'?): 12.32.34.33#53
> 
> BTW I am running starting BIND 9.2.3=20
> 
> 
> Any ideas on why this is happening?
> 
> In short I cannot get this zone to transfer.
> 
> Thanks in advance!
> 
> 
> 
>

More information about the bind-users mailing list