Zone tranfers fails

Wayne Cromwell wcromwell at mac.com
Wed Sep 24 13:48:08 UTC 2008 

Thanks for the response.
Forgot to mention there is  no firewall between the subnets. I was  
able to successfully telnet to port 53 from the master to slave and  
from the slave to master. Also have tcpdump info

Here are my configs.

Thanks!

options {
         directory               "/var/named";
         pid-file                "/var/named/data/named.pid";
         statistics-file         "/var/named/data/named.stats";
         dump-file               "/var/named/data/named.db";
         allow-transfer          {key test; };
         notify                     yes;
         also-notify             { 192.168.16.10 };
         recursive-clients       10000;
         cleaning-interval       30;
};


zone "."  in {
         type hint;
         file "named.ca";
};
zone "cromwellconsultant.net" in {
         type master;
         file "example.net";
};
zone "6.168.192.in-addr.arpa" in {
         type master;
         file "6.168.192";
};
zone "16.168.192.in-addr.arpa" in {
         type master;
         file "16.168.192";
};
zone "0.0.127.in-addr.arpa" in {
         type master;
         file "named.local";
};
zone "0.in-addr.arpa" IN {
         type master;
         file "named.zero";




options {
         directory               "/var/named";
         pid-file                "/var/named/data/named.pid";
         statistics-file         "/var/named/data/named.stats";
         dump-file               "/var/named/data/named.db";
         allow-transfer          { none; };
         notify                  		no;
         recursive-clients       10000;
         cleaning-interval       30;
};


zone "." in {
         type hint;
         file "named.ca";
};


zone "cromwellconsultant.net" in {
         type slave;
         masters {192.168.6.10; };
         file "slaves/bak.cromwellconsultant.net";
};

zone "6.168.192.in-addr.arpa" in {
         type slave;
         masters {192.168.6.10; };
         file "slaves/bak.192.168";
};
zone "16.168.192.in-addr.arpa" in {
         type slave;
         masters {192.168.6.10; };
         file "slaves/bak.192.168";
};
zone "0.0.127.in-addr.arpa" in {
         type master;
         file "named.local";
};
zone "0.in-addr.arpa" IN {
         type master;
         file "named.zero";
};

Here is the error messages again from the slave

Sep 24 09:38:43 ns2 named[11967]: client 192.168.6.10#32839: received  
notify for zone 'cromwellconsultant.net'
Sep 24 09:38:43 ns2 named[11967]: zone cromwellconsultant.net/IN:  
Transfer started.
Sep 24 09:38:43 ns2 named[11967]: transfer of 'cromwellconsultant.net/ 
IN' from 192.168.6.10#53: connected using 192.168.16.10#50190
Sep 24 09:42:09 ns2 named[11967]: transfer of 'cromwellconsultant.net/ 
IN' from 192.168.6.10#53: failed while receiving responses:  
connection reset
Sep 24 09:42:09 ns2 named[11967]: transfer of 'cromwellconsultant.net/ 
IN' from 192.168.6.10#53: end of transfer

Here is some dump info from the slave

21:31:30.339532 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],  
proto: UDP (17), length: 57) ns2.cromwellconsultant.net.domain >  
ns1.cromwellconsultant.net.32839:  54589 notify* 0/0/0 (29)
21:31:30.339662 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],  
proto: UDP (17), length: 146) ns2.cromwellconsultant.net.32825 >  
ns1.cromwellconsultant.net.domain:  28457 [2au] SOA? berklee.net. (118)
21:31:30.340769 IP (tos 0x0, ttl  64, id 25023, offset 0, flags [DF],  
proto: TCP (6), length: 60) ns2.cromwellconsultant.net.50679 >  
ns1.cromwellconsultant.net.domain: S, cksum 0xb5c9 (correct),  
402274578:402274578(0) win 5840 <mss 1460,sackOK,timestamp 3780532397  
0,nop,wscale 7>
21:31:30.340942 IP (tos 0x0, ttl  64, id 25024, offset 0, flags [DF],  
proto: TCP (6), length: 52) ns2.cromwellconsultant.net.50679 >  
ns1.cromwellconsultant.net.domain: ., cksum 0x3939 (correct), ack  
1631924298 win 46 <nop,nop,timestamp 3780532398 4251529972>
21:31:30.341123 IP (tos 0x0, ttl  64, id 25025, offset 0, flags [DF],  
proto: TCP (6), length: 54) ns2.cromwellconusultant.50679 >  
ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->  
0x388a), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780532398 4251529972>
21:31:30.542585 IP (tos 0x0, ttl  64, id 25026, offset 0, flags [DF],  
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >  
ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->  
0x37c1), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780532599 4251529972>
21:31:30.944568 IP (tos 0x0, ttl  64, id 25027, offset 0, flags [DF],  
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >  
ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->  
0x362f), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780533001 4251529972>
21:31:31.748550 IP (tos 0x0, ttl  64, id 25028, offset 0, flags [DF],  
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >  
ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->  
0x330b), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780533805 4251529972>



Many thanks





On Sep 23, 2008, at 3:58 PM, Dawn Connelly wrote:

> can you telnet on port 53 between the boxes? Most of the time when  
> I have seen a connection reset, it's a firewall in the middle.  
> Other possibility is that the source IP is getting NAT'd to a  
> different IP address by the time it hits the master server. Run a  
> tcpdump or snoop or whatever for your platform to see if the  
> traffic is actually making it from one box to the other in the way  
> that you expect. At least, that is where I would start. If you  
> don't see any traffic, look at what devices would be blocking or  
> changing it.
>
> What do the logs on the master server say? Can you send a scrubbed  
> named.conf so we can make sure that the zone transfers are set up  
> correctly?
>
> On Tue, Sep 23, 2008 at 12:39 PM, Wayne Cromwell  
> <wcromwell at mac.com> wrote:
> Hi,
>
> When I do a rndc reload of my zones, I'm getting the error messages
> below on the slave. All seems in good order with my conf file on the
> master and slave . I checked permissions and all is well. I restarted
> named on my slave, but my slave dns still timeouts with the transfer.
> Any help will greatly be appreciated.
>
> Thanks
>
>
> client 192.168.6.10#32839: received notify for zone
> 'cromwellconsultant.net'
> Sep 23 10:49:05 ns2 named[25536]: zone cromwellconsultant.net/IN:
> Transfer started.
> Sep 23 10:49:05 ns2 named[25536]: transfer of 'cromwellconsultant.net/
> IN' from 192.168.6.10#53: connected using 192.168.6.10#47364
> transfer of 'cromwellconsultent.net/IN' from 192.168.6.10#53: failed
> while receiving responses: connection reset
> Sep 23 10:52:31 ns2 named[25536]: transfer of 'cromwellconsultant.net/
> IN' from 192.168.6.10#53: end of transfer
>
>
>
>
>
> -- 
> Google for President
> YouTube for VP
> in any year divisible by 4
>

More information about the bind-users mailing list