Zone tranfers fails
Wayne Cromwell
wcromwell at berklee.edu
Thu Sep 25 17:56:31 UTC 2008
I don't have allow-query specified. I thought not having it in the
configuration will allow all hosts to make queries.
When I do tcpdump on the slave I see checksum errors. The rdnc key
looks good. The clocks are the same.
The version of bind is BIND 9.3.4-P1. I don't see any crc's on the
switchport. I also restarted named and rebooted the box.
no luck!
Below are some error messages I get on the slave
Sep 25 09:38:43 ns2 named[11967]: client 192.168.6.10#32839: received
notify for zone 'cromwellconsultant.net'
Sep 25 09:38:43 ns2 named[11967]: zone cromwellconsultant.net/IN:
Transfer started.
Sep 25 09:38:43 ns2 named[11967]: transfer of 'cromwellconsultant.net/
IN' from 192.168.6.10#53: connected using 192.168.16.10#50190
Sep 25 09:42:09 ns2 named[11967]: transfer of 'cromwellconsultant.net/
IN' from 192.168.6.10#53: failed while receiving responses: connection
reset
Sep 25 09:42:09 ns2 named[11967]: transfer of 'cromwellconsultant.net/
IN' from 192.168.6.10#53: end of transfer
tcpdump messages from the slave
15:01:17.717404 IP (tos 0x0, ttl 64, id 37843, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: ., cksum 0x32b1 (correct), ack 1 win 46
<nop,nop,timestamp 3843520546 19550447,nop,nop,sack 1 {0:1}>
15:01:20.679166 IP (tos 0x0, ttl 64, id 37844, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x2504),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843523508 19550447>
15:01:41.917256 IP (tos 0x0, ttl 64, id 37845, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: ., cksum 0x75a0 (correct), ack 1 win 46
<nop,nop,timestamp 3843544746 19574647,nop,nop,sack 1 {0:1}>
15:01:46.407354 IP (tos 0x0, ttl 64, id 37846, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x61fb),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843549236 19574647>
15:02:29.917202 IP (tos 0x0, ttl 64, id 37847, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: ., cksum 0xfe9c (correct), ack 1 win 46
<nop,nop,timestamp 3843592747 19622648,nop,nop,sack 1 {0:1}>
15:02:37.861827 IP (tos 0x0, ttl 64, id 37848, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0xdd78),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843600692 19622648>
15:03:29.767457 IP (tos 0x0, ttl 64, id 63699, offset 0, flags [DF],
proto: TCP (6), length: 60) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: S, cksum 0xa6c0 (correct),
2612495141:2612495141(0) win 5840 <mss 1460,sackOK,timestamp
3843652598 0,nop,wscale 7>
15:03:29.767648 IP (tos 0x0, ttl 64, id 63700, offset 0, flags [DF],
proto: TCP (6), length: 52) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: ., cksum 0x32ee (correct), ack
3851320755 win 46 <nop,nop,timestamp 3843652598 19682498>
15:03:29.767789 IP (tos 0x0, ttl 64, id 63701, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x323f),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843652598 19682498>
15:03:29.968632 IP (tos 0x0, ttl 64, id 63702, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x3176),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843652799 19682498>
15:03:30.370616 IP (tos 0x0, ttl 64, id 63703, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x2fe4),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843653201 19682498>
15:03:31.174588 IP (tos 0x0, ttl 64, id 63704, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x2cc0),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843654005 19682498>
15:03:32.782557 IP (tos 0x0, ttl 64, id 63705, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x2678),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843655613 19682498>
15:03:33.917498 IP (tos 0x0, ttl 64, id 63706, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: ., cksum 0x15e5 (correct), ack 1 win 46
<nop,nop,timestamp 3843656748 19686648,nop,nop,sack 1 {0:1}>
15:03:35.998474 IP (tos 0x0, ttl 64, id 63707, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x09b2),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843658829 19686648>
15:03:39.917257 IP (tos 0x0, ttl 64, id 63708, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: ., cksum 0xe704 (correct), ack 1 win 46
<nop,nop,timestamp 3843662748 19692648,nop,nop,sack 1 {0:1}>
15:03:42.430291 IP (tos 0x0, ttl 64, id 63709, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0xd921),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843665261 19692648>
15:03:51.916609 IP (tos 0x0, ttl 64, id 63710, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: ., cksum 0x8945 (correct), ack 1 win 46
<nop,nop,timestamp 3843674747 19704648,nop,nop,sack 1 {0:1}>
15:03:55.293877 IP (tos 0x0, ttl 64, id 63711, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x7801),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843678125 19704648>
15:04:15.916538 IP (tos 0x0, ttl 64, id 63712, offset 0, flags [DF],
proto: TCP (6), length: 64) ns2.cromwellconsultant.net.59379 >
ns1.cromwellconsultant.domain: ., cksum 0xcdc3 (correct), ack 1 win 46
<nop,nop,timestamp 3843698748 19728648,nop,nop,sack 1 {0:1}>
15:04:20.773083 IP (tos 0x0, ttl 64, id 37849, offset 0, flags [DF],
proto: TCP (6), length: 54) ns2.cromwellconsultant.net.59413 >
ns1.cromwellconsultant.domain: P, cksum 0x2a52 (incorrect (-> 0x4b77),
0:2(2) ack 1 win 46 <nop,nop,timestamp 3843703604 19622648>
15:04:20.773574 IP (tos 0x0, ttl 64, id 27726, offset 0, flags [DF],
proto: TCP (6), length: 60)ns2.cromwellconsultant.net.41596 >
ns1.cromwellconsultant.domain: S, cksum 0x6c2d (correct),
2690396027:2690396027(0) win 5840 <mss 1460,sackOK,timestamp
3843703605 0,nop,wscale 7>
15:04:20.773741 IP (tos 0x0, ttl 64, id 27727, offset 0, flags [DF],
proto: TCP (6), length: 52)ns2.cromwellconsultant.net.41596 >
ns1.cromwellconsultant.domain: ., cksum 0x924e (correct), ack
3895925207 win 46 <nop,nop,timestamp 3843703605 19733505>
Thanks
On Sep 24, 2008, at 10:05 AM, Ben Croswell wrote:
> One thing to check would be to ensure that the master has an allow
> query
> that covers the slave server. If the slave can't do a query for SOA
> from
> the master it can't do the transfer.
> --
> -Ben Croswell
>
> On Wed, Sep 24, 2008 at 9:48 AM, Wayne Cromwell <wcromwell at mac.com>
> wrote:
>
>> Thanks for the response.
>> Forgot to mention there is no firewall between the subnets. I was
>> able to successfully telnet to port 53 from the master to slave and
>> from the slave to master. Also have tcpdump info
>>
>> Here are my configs.
>>
>> Thanks!
>>
>> options {
>> directory "/var/named";
>> pid-file "/var/named/data/named.pid";
>> statistics-file "/var/named/data/named.stats";
>> dump-file "/var/named/data/named.db";
>> allow-transfer {key test; };
>> notify yes;
>> also-notify { 192.168.16.10 };
>> recursive-clients 10000;
>> cleaning-interval 30;
>> };
>>
>>
>> zone "." in {
>> type hint;
>> file "named.ca";
>> };
>> zone "cromwellconsultant.net" in {
>> type master;
>> file "example.net";
>> };
>> zone "6.168.192.in-addr.arpa" in {
>> type master;
>> file "6.168.192";
>> };
>> zone "16.168.192.in-addr.arpa" in {
>> type master;
>> file "16.168.192";
>> };
>> zone "0.0.127.in-addr.arpa" in {
>> type master;
>> file "named.local";
>> };
>> zone "0.in-addr.arpa" IN {
>> type master;
>> file "named.zero";
>>
>>
>>
>>
>> options {
>> directory "/var/named";
>> pid-file "/var/named/data/named.pid";
>> statistics-file "/var/named/data/named.stats";
>> dump-file "/var/named/data/named.db";
>> allow-transfer { none; };
>> notify no;
>> recursive-clients 10000;
>> cleaning-interval 30;
>> };
>>
>>
>> zone "." in {
>> type hint;
>> file "named.ca";
>> };
>>
>>
>> zone "cromwellconsultant.net" in {
>> type slave;
>> masters {192.168.6.10; };
>> file "slaves/bak.cromwellconsultant.net";
>> };
>>
>> zone "6.168.192.in-addr.arpa" in {
>> type slave;
>> masters {192.168.6.10; };
>> file "slaves/bak.192.168";
>> };
>> zone "16.168.192.in-addr.arpa" in {
>> type slave;
>> masters {192.168.6.10; };
>> file "slaves/bak.192.168";
>> };
>> zone "0.0.127.in-addr.arpa" in {
>> type master;
>> file "named.local";
>> };
>> zone "0.in-addr.arpa" IN {
>> type master;
>> file "named.zero";
>> };
>>
>> Here is the error messages again from the slave
>>
>> Sep 24 09:38:43 ns2 named[11967]: client 192.168.6.10#32839: received
>> notify for zone 'cromwellconsultant.net'
>> Sep 24 09:38:43 ns2 named[11967]: zone cromwellconsultant.net/IN:
>> Transfer started.
>> Sep 24 09:38:43 ns2 named[11967]: transfer of
>> 'cromwellconsultant.net/
>> IN' from 192.168.6.10#53: connected using 192.168.16.10#50190
>> Sep 24 09:42:09 ns2 named[11967]: transfer of
>> 'cromwellconsultant.net/
>> IN' from 192.168.6.10#53: failed while receiving responses:
>> connection reset
>> Sep 24 09:42:09 ns2 named[11967]: transfer of
>> 'cromwellconsultant.net/
>> IN' from 192.168.6.10#53: end of transfer
>>
>> Here is some dump info from the slave
>>
>> 21:31:30.339532 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF],
>> proto: UDP (17), length: 57) ns2.cromwellconsultant.net.domain >
>> ns1.cromwellconsultant.net.32839: 54589 notify* 0/0/0 (29)
>> 21:31:30.339662 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF],
>> proto: UDP (17), length: 146) ns2.cromwellconsultant.net.32825 >
>> ns1.cromwellconsultant.net.domain: 28457 [2au] SOA?
>> . (118)
>> 21:31:30.340769 IP (tos 0x0, ttl 64, id 25023, offset 0, flags [DF],
>> proto: TCP (6), length: 60) ns2.cromwellconsultant.net.50679 >
>> ns1.cromwellconsultant.net.domain: S, cksum 0xb5c9 (correct),
>> 402274578:402274578(0) win 5840 <mss 1460,sackOK,timestamp 3780532397
>> 0,nop,wscale 7>
>> 21:31:30.340942 IP (tos 0x0, ttl 64, id 25024, offset 0, flags [DF],
>> proto: TCP (6), length: 52) ns2.cromwellconsultant.net.50679 >
>> ns1.cromwellconsultant.net.domain: ., cksum 0x3939 (correct), ack
>> 1631924298 win 46 <nop,nop,timestamp 3780532398 4251529972>
>> 21:31:30.341123 IP (tos 0x0, ttl 64, id 25025, offset 0, flags [DF],
>> proto: TCP (6), length: 54) ns2.cromwellconusultant.50679 >
>> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
>> 0x388a), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780532398
>> 4251529972>
>> 21:31:30.542585 IP (tos 0x0, ttl 64, id 25026, offset 0, flags [DF],
>> proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >
>> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
>> 0x37c1), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780532599
>> 4251529972>
>> 21:31:30.944568 IP (tos 0x0, ttl 64, id 25027, offset 0, flags [DF],
>> proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >
>> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
>> 0x362f), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780533001
>> 4251529972>
>> 21:31:31.748550 IP (tos 0x0, ttl 64, id 25028, offset 0, flags [DF],
>> proto: TCP (6), length: 54) ns2.cromwellconsultant.net.50679 >
>> ns1.cromwellconsultant.net.domain: P, cksum 0x2a52 (incorrect (->
>> 0x330b), 0:2(2) ack 1 win 46 <nop,nop,timestamp 3780533805
>> 4251529972>
>>
>>
>>
>> Many thanks
>>
>>
>>
>>
>>
>> On Sep 23, 2008, at 3:58 PM, Dawn Connelly wrote:
>>
>>> can you telnet on port 53 between the boxes? Most of the time when
>>> I have seen a connection reset, it's a firewall in the middle.
>>> Other possibility is that the source IP is getting NAT'd to a
>>> different IP address by the time it hits the master server. Run a
>>> tcpdump or snoop or whatever for your platform to see if the
>>> traffic is actually making it from one box to the other in the way
>>> that you expect. At least, that is where I would start. If you
>>> don't see any traffic, look at what devices would be blocking or
>>> changing it.
>>>
>>> What do the logs on the master server say? Can you send a scrubbed
>>> named.conf so we can make sure that the zone transfers are set up
>>> correctly?
>>>
>>> On Tue, Sep 23, 2008 at 12:39 PM, Wayne Cromwell
>>> <wcromwell at mac.com> wrote:
>>> Hi,
>>>
>>> When I do a rndc reload of my zones, I'm getting the error messages
>>> below on the slave. All seems in good order with my conf file on the
>>> master and slave . I checked permissions and all is well. I
>>> restarted
>>> named on my slave, but my slave dns still timeouts with the
>>> transfer.
>>> Any help will greatly be appreciated.
>>>
>>> Thanks
>>>
>>>
>>> client 192.168.6.10#32839: received notify for zone
>>> 'cromwellconsultant.net'
>>> Sep 23 10:49:05 ns2 named[25536]: zone cromwellconsultant.net/IN:
>>> Transfer started.
>>> Sep 23 10:49:05 ns2 named[25536]: transfer of
>>> 'cromwellconsultant.net/
>>> IN' from 192.168.6.10#53: connected using 192.168.6.10#47364
>>> transfer of 'cromwellconsultent.net/IN' from 192.168.6.10#53: failed
>>> while receiving responses: connection reset
>>> Sep 23 10:52:31 ns2 named[25536]: transfer of
>>> 'cromwellconsultant.net/
>>> IN' from 192.168.6.10#53: end of transfer
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Google for President
>>> YouTube for VP
>>> in any year divisible by 4
>>>
>>
>>
>>
>>
>>
>
>
>
More information about the bind-users
mailing list