Zone tranfers fails

Ben Croswell ben.croswell at gmail.com
Wed Sep 24 14:05:48 UTC 2008 

One thing to check would be to ensure that the master has an allow query
that covers the slave server.  If the slave can't do a query for SOA from
the master it can't do the transfer.
-- 
-Ben Croswell

On Wed, Sep 24, 2008 at 9:48 AM, Wayne Cromwell <wcromwell at mac.com> wrote:

> Thanks for the response.
> Forgot to mention there is  no firewall between the subnets. I was
> able to successfully telnet to port 53 from the master to slave and
> from the slave to master. Also have tcpdump info
>
> Here are my configs.
>
> Thanks!
>
> options {
>         directory               "/var/named";
>         pid-file                "/var/named/data/named.pid";
>         statistics-file         "/var/named/data/named.stats";
>         dump-file               "/var/named/data/named.db";
>         allow-transfer          {key test; };
>         notify                     yes;
>         also-notify             { 192.168.16.10 };
>         recursive-clients       10000;
>         cleaning-interval       30;
> };
>
>
> zone "."  in {
>         type hint;
>         file "named.ca";
> };
> zone "cromwellconsultant.net" in {
>         type master;
>         file "example.net";
> };
> zone "6.168.192.in-addr.arpa" in {
>         type master;
>         file "6.168.192";
> };
> zone "16.168.192.in-addr.arpa" in {
>         type master;
>         file "16.168.192";
> };
> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "named.local";
> };
> zone "0.in-addr.arpa" IN {
>         type master;
>         file "named.zero";
>
>
>
>
> options {
>         directory               "/var/named";
>         pid-file                "/var/named/data/named.pid";
>         statistics-file         "/var/named/data/named.stats";
>         dump-file               "/var/named/data/named.db";
>         allow-transfer          { none; };
>         notify                                 no;
>         recursive-clients       10000;
>         cleaning-interval       30;
> };
>
>
> zone "." in {
>         type hint;
>         file "named.ca";
> };
>
>
> zone "cromwellconsultant.net" in {
>         type slave;
>         masters {192.168.6.10; };
>         file "slaves/bak.cromwellconsultant.net";
> };
>
> zone "6.168.192.in-addr.arpa" in {
>         type slave;
>         masters {192.168.6.10; };
>         file "slaves/bak.192.168";
> };
> zone "16.168.192.in-addr.arpa" in {
>         type slave;
>         masters {192.168.6.10; };
>         file "slaves/bak.192.168";
> };
> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "named.local";
> };
> zone "0.in-addr.arpa" IN {
>         type master;
>         file "named.zero";
> };
>
> Here is the error messages again from the slave
>
> Sep 24 09:38:43 ns2 named[11967]: client 192.168.6.10#32839: received
> notify for zone 'cromwellconsultant.net'
> Sep 24 09:38:43 ns2 named[11967]: zone cromwellconsultant.net/IN:
> Transfer started.
> Sep 24 09:38:43 ns2 named[11967]: transfer of 'cromwellconsultant.net/
> IN' from 192.168.6.10#53: connected using 192.168.16.10#50190
> Sep 24 09:42:09 ns2 named[11967]: transfer of 'cromwellconsultant.net/
> IN' from 192.168.6.10#53: failed while receiving responses:
> connection reset
> Sep 24 09:42:09 ns2 named[11967]: transfer of 'cromwellconsultant.net/
> IN' from 192.168.6.10#53: end of transfer
>
> Here is some dump info from the slave
>
> 21:31:30.339532 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],
> proto: UDP (17), length: 57) ns2.cromwellconsultant.net.domain >
> ns1.cromwellconsultant.net.32839:  54589 notify* 0/0/0 (29)
> 21:31:30.339662 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],
> proto: UDP (17), length: 146) ns2.cromwellconsultant.net.32825 >
> ns1.cromwellconsultant.net.domain:  28457 [2au] SOA? berklee.net. (118)
> 21:31:30.340769 IP (tos 0x0, ttl  64, id 25023, offset 0, flags [DF],
> proto: TCP (6), length: 60) ns2.cromwellconsultant.net.50679 >
> ns1.cromwellconsultant.net.domain: S, cksum 0xb5c9 (correct),
> 402274578:402274578(0) win 5840 <mss 1460,sackOK,timestamp 3780532397
> 0,nop,wscale 7>
> 21:31:30.340942 IP (tos 0x0, ttl  64, id 25024, offset 0, flags [DF],
> proto: TCP (6), length: 52) ns2.cromwellconsultant.net.50679 >
> ns1.cromwellconsultant.net.domain: ., cksum 0x3939 (correct), ack
> 1631924298 win 46 <nop,nop,timestamp 3780532398 4251529972>
> 21:31:30.341123 IP (tos 0x0, ttl  64, id 25025, offset 0, flags [DF],
> proto: TCP (6), length: 54) ns2.cromwellconusultant.50679 >
> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
> 0x388a), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780532398 4251529972>
> 21:31:30.542585 IP (tos 0x0, ttl  64, id 25026, offset 0, flags [DF],
> proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >
> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
> 0x37c1), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780532599 4251529972>
> 21:31:30.944568 IP (tos 0x0, ttl  64, id 25027, offset 0, flags [DF],
> proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >
> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
> 0x362f), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780533001 4251529972>
> 21:31:31.748550 IP (tos 0x0, ttl  64, id 25028, offset 0, flags [DF],
> proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >
> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
> 0x330b), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780533805 4251529972>
>
>
>
> Many thanks
>
>
>
>
>
> On Sep 23, 2008, at 3:58 PM, Dawn Connelly wrote:
>
> > can you telnet on port 53 between the boxes? Most of the time when
> > I have seen a connection reset, it's a firewall in the middle.
> > Other possibility is that the source IP is getting NAT'd to a
> > different IP address by the time it hits the master server. Run a
> > tcpdump or snoop or whatever for your platform to see if the
> > traffic is actually making it from one box to the other in the way
> > that you expect. At least, that is where I would start. If you
> > don't see any traffic, look at what devices would be blocking or
> > changing it.
> >
> > What do the logs on the master server say? Can you send a scrubbed
> > named.conf so we can make sure that the zone transfers are set up
> > correctly?
> >
> > On Tue, Sep 23, 2008 at 12:39 PM, Wayne Cromwell
> > <wcromwell at mac.com> wrote:
> > Hi,
> >
> > When I do a rndc reload of my zones, I'm getting the error messages
> > below on the slave. All seems in good order with my conf file on the
> > master and slave . I checked permissions and all is well. I restarted
> > named on my slave, but my slave dns still timeouts with the transfer.
> > Any help will greatly be appreciated.
> >
> > Thanks
> >
> >
> > client 192.168.6.10#32839: received notify for zone
> > 'cromwellconsultant.net'
> > Sep 23 10:49:05 ns2 named[25536]: zone cromwellconsultant.net/IN:
> > Transfer started.
> > Sep 23 10:49:05 ns2 named[25536]: transfer of 'cromwellconsultant.net/
> > IN' from 192.168.6.10#53: connected using 192.168.6.10#47364
> > transfer of 'cromwellconsultent.net/IN' from 192.168.6.10#53: failed
> > while receiving responses: connection reset
> > Sep 23 10:52:31 ns2 named[25536]: transfer of 'cromwellconsultant.net/
> > IN' from 192.168.6.10#53: end of transfer
> >
> >
> >
> >
> >
> > --
> > Google for President
> > YouTube for VP
> > in any year divisible by 4
> >
>
>
>
>
>

More information about the bind-users mailing list