Zone tranfers fails

Thu Sep 25 22:30:47 UTC 2008

Are you sure your TSIG keys are correct between the two DNS servers?
allow-transfer          {key test; };

Try the allow transfer by IP and see if it works.

-- 
-Ben Croswell

On Thu, Sep 25, 2008 at 4:39 PM, Wayne Cromwell <wcromwell at berklee.edu>wrote:

> Kirk,
>
> I tried to run % dig @192.168.6.10 axfr cromwellconsultant but it gave
> me a error saying "no such job". Do I have the syntax right?
>
> I did run...   dig 10.11.6.10 axfr berklee.net.      And it gave the
> follow info
>
>
> ; Transfer failed.
>
> ; <<>> DiG 9.3.4-P1 <<>> 192.168.6.10 axfr cromwellconsultant.net..
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22429
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;cromwellconsultant.net..                       IN      A
>
> ;; ANSWER SECTION:
> cromwellconsultant.net..                10800   IN      A
> 192.168.3.5
>
> ;; AUTHORITY SECTION:
> cromwellconsultant.net..                10800   IN      NS
> ns2.cromwellconsultant.net..
> cromwellconsultant.net..                10800   IN      NS
> ns1.cromwellconsultant.net..
>
> ;; ADDITIONAL SECTION:
> ns1.cromwellconsultant.net..    10800   IN      A       192.168.6.10
> ns2.cromwellconsultant.net..    10800   IN      A       192.168.16.10
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1) <http://127.0.0.1#53%28127.0.0.1%29>
> ;; WHEN: Thu Sep 25 16:24:40 2008
> ;; MSG SIZE  rcvd: 113
>
>
>
>
>
> On Sep 25, 2008, at 3:57 PM, Kirk wrote:
>
> > Wayne,
> >
> > While logged into your slave are you able to do this?
> >
> > % dig @masterIP axfr cromwellconsultant.net.
> >
> > substitute "masterIP" with the actual masters IP address.
> >
> >
> > Wayne Cromwell wrote:
> >> I don't have allow-query specified. I thought not having it in the
> >> configuration will allow all hosts to make queries.
> >> When I do tcpdump on the slave I see checksum errors. The rdnc key
> >> looks good. The clocks are the same.
> >> The version of bind is BIND 9.3.4-P1. I don't see any crc's on the
> >> switchport. I also restarted named and rebooted the box.
> >> no luck!
> >>
> >>
> >> Below are some error messages I get on the slave
> >>
> >> Sep 25 09:38:43 ns2 named[11967]: client 192.168.6.10#32839: received
> >> notify for zone 'cromwellconsultant.net'
> >> Sep 25 09:38:43 ns2 named[11967]: zone cromwellconsultant.net/IN:
> >> Transfer started.
> >> Sep 25 09:38:43 ns2 named[11967]: transfer of
> >> 'cromwellconsultant.net/
> >> IN' from 192.168.6.10#53: connected using 192.168.16.10#50190
> >> Sep 25 09:42:09 ns2 named[11967]: transfer of
> >> 'cromwellconsultant.net/
> >> IN' from 192.168.6.10#53: failed while receiving responses:
> >> connection
> >> reset
> >> Sep 25 09:42:09 ns2 named[11967]: transfer of
> >> 'cromwellconsultant.net/
> >> IN' from 192.168.6.10#53: end of transfer
> >>
> >
>
>
>