zone transfer mystery
Ed Ravin
eravin at panix.com
Thu Nov 13 06:57:17 UTC 2008
My shop just had a strange outage. A remote name server that slaves
to our master for a particular zone was reporting multiple messages
like this (IPs and domains sanitized):
named[13392]: transfer of 'example.com/IN' from 10.10.0.1#53: failed while receiving responses: permission denied
Meanwhile, on the master server we had these log messages:
named[623]: client 10.11.0.2#47548: transfer of 'example.com/IN': AXFR started
named[623]: client 10.11.0.2#47548: transfer of 'example.com/IN': AXFR ended
tcpdump showed that the zone data was being sent to the slave, but it
looked a little odd at the end of the connection, it looked like the
socket was not getting closed. Stranger still, running
"dig -t axfr example.com @10.10.0.1" from the slave dumped out the
zone without any problem. We verified that "dig" on the slave was
from the same build as BIND on the slave.
Any idea what might be going on here? The master is BIND 9.3.5-P1 and the
slave is BIND 9.5.0-P2, both sides are Unix platforms.
More information about the bind-users
mailing list