Zone transfer failing
Hauke Lampe
list+bindusers at hauke-lampe.de
Tue Jun 23 22:01:16 UTC 2009
Scott Haneda wrote:
> $dig sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
Do you block 53/tcp anywhere on the path to your nameserver?
It rejects TCP queries:
| dig +tcp sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
| ;; Connection to 64.84.37.14#53(64.84.37.14) for
sugardimplesdesigns.com failed: connection refused.
This matches the error log from your secondary:
> Description:
> transfer of 'sugardimplesdesigns.com/IN' from 64.84.37.14#53: failed to
> connect: connection refused
You must allow TCP to port 53 for DNS to function properly.
> Appears to me I am refusing them, I do not see it in my logs, what logs
> would be it in, or what logging statements would I turn on to be able to
> diagnose this?
I would probably first check if the server actually listens on 53/tcp
(with fuser, netstat or similar) and then use tcpdump.
Hauke.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090624/c2866fcb/attachment.bin>
More information about the bind-users
mailing list