Domain transfer issues
Mark Andrews
Mark_Andrews at isc.org
Sat Apr 2 03:15:16 UTC 2005
> >
> > Well this indicates that the TCP handshake has not completed.
> > Despite what you are saying this looks like a firewall issue.
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
> >
> Fixing it took a very simple change. I changed allow-transfer{ any;
> }; to allow-transfer( 202.157.185.115; }; and it started working.
>
> I don't know if it's something special with the debian package
> (testing) or with that version of bind(9.2.4). I didn't suppose that
> allow-transfer{ any; }; was depricated, but that's the change I made
> and it worked the first time after that for both domains I changed it
> on.
What ever the fix was it was not changing allow-tranfer.
> My only speculation is that accept() isn't called if the requesting IP
> is not allowed transfer rights (resulting in an incomplete handshake).
> But, as I said, that part is speculation. This couldn't have been a
> firewall issue because iptables -L showed all tables empty and the
> machine is not behind a firewall at this time.
Named doesn't not what type of QUERY (yes AXFR and IXFR are
queries just like A, MX, and AAAA are queries) until well
after it has accepted and parsed the request.
Mark
> Shaun Kruger
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list