New to the list with some zone transfer issues.

Mark Andrews Mark_Andrews at isc.org
Fri Feb 2 02:13:08 UTC 2007 

> Greetings.
> 
> We've just upgraded from Bind 8.4.4 to Bind 9.3.3 and we are having  
> some problems with zone transfer from rbl-plus.mail-abuse.org.

	Did you read doc/misc/migration?
	Do you have query-source set in named.conf?
	Is access to rbl-plus.mail-abuse.org IP or TSIG
	authenticated?
 
> Here is the message we see in the logs:
> 
> > Feb  1 15:12:07 server.org.umn.edu named[29154]: [ID 873579  
> > daemon.info] zone rbl-plus.mail-abuse.org/IN: refresh: unexpected  
> > rcode (NXDOMAIN) from master 157.22.13.82#53 (source 0.0.0.0#0)

1446.   [func]          Implemented undocumented alternate transfer sources
                        from BIND 8.  See use-alt-transfer-source,
                        alt-transfer-source and alt-transfer-source-v6.

                        SECURITY: use-alt-transfer-source is ENABLED unless
                        you are using views.  This may cause a security risk
                        resulting in accidental disclosure of wrong zone
                        content if the master supplying different source
                        content based on IP address.  If you are not certain
                        ISC recommends setting use-alt-transfer-source no;

> I've not ever seen the '(source 0.0.0.0#0)' portion of this entry  
> before and I wonder if that might be a clue.
> 
> Here is the relevant part of named.conf:
> 
> > zone "rbl-plus.mail-abuse.org" {
> >         type slave;
> >         masters {
> >             204.152.184.196;    # west1.mail-abuse.org
> >             157.22.13.82;       # east1.mail-abuse.org
> >         };
> >         file "zone.rbl-plus.mail-abuse.org";
> > };
> 
> Things were working fine with the old version. Apart from adding in  
> the include statement for the rndc.key file and the controls for  
> rndc, the configuration file is identical to that which works with  
> Bind8.
> 
> Thoughts? If there is more information that would help I will be  
> happy to provide it.
> 
> Thanks!
> 
> --
> _______________________________________________
> Mike Neuharth, BA, LPIC-1
> Email/UNIX System Administrator
> Internet Services, University of Minnesota
> ===============================================
> "What is important, it seems to me, is not so much to defend a culture
> whose existence has never kept a man from going hungry, as to extract,
> from what is called culture, ideas whose compelling force is identical
> with that of hunger."  -Antonin Artaud
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list