zone transfer first refused, then works
Mark Andrews
Mark_Andrews at isc.org
Mon Apr 23 22:18:49 UTC 2007
> Why might I see a refused before the actual transfer (xfer occurs immediately
> after REFUSED)?
From CHANGES.
1446. [func] Implemented undocumented alternate transfer sources
from BIND 8. See use-alt-transfer-source,
alt-transfer-source and alt-transfer-source-v6.
SECURITY: use-alt-transfer-source is ENABLED unless
you are using views. This may cause a security risk
resulting in accidental disclosure of wrong zone
content if the master supplying different source
content based on IP address. If you are not certain
ISC recommends setting use-alt-transfer-source no;
> named[839]: general: info: zone subnet.rchland.ibm.com/IN: refresh:
> unexpected rcode (REFUSED) from master 9.5.176.200#53 (source 0.0.0.0#0)
> named[839]: general: info: zone subnet.rchland.ibm.com/IN: Transfer
> started.
> named[839]: xfer-in: info: transfer of 'subnet.rchland.ibm.com/IN' from
> 9.5.176.200#53: connected using 9.5.176.194#12911
> named[839]: xfer-in: info: transfer of 'subnet.rchland.ibm.com/IN' from
> 9.5.176.200#53: end of transfer
> --
> Jeffrey Stevens
> gpg --keyserver pgp.mit.edu --recv-keys D2E5A4E8
> Key fingerprint: 1C86 8717 E485 FA4D B9EF 96E2 A1AC 4B00 D2E5 A4E8
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list