Zone transfer issues on new domain

Kevin Darcy kcd at chrysler.com
Wed Mar 31 19:31:18 UTC 2010 

TSIG overloaded the NOTAUTH response code to mean "not authorized" 
instead of its traditional meaning of "not authoritative".

I'm thinking that the root cause here is a TSIG validation issue that's 
being misreported as "not authoritative" because a "generic" 
error-printing routine is being used, and it only knows one way to 
represent NOTAUTH.

Of course, it's easy to check whether a nameserver considers itself 
authoritative for a given zone -- just do a query and check for the 
presence/absence of the AA bit...

                                                                         
                                                 - Kevin

On 3/31/2010 7:48 AM, Lear, Karen (Evolver) wrote:
> To clarify, I added this to the named.conf on the slave:
>
> };
> zone "usptoenews.gov" {
>          type slave;
>          file "secondaries/db.usptoenews";
>          masters { 10.240.6.50; };
> };
>
> ________________________________
> From: Lear, Karen (Evolver)
> Sent: Wednesday, March 31, 2010 7:25 AM
> To: Sten Carlsen; bind-users at lists.isc.org
> Subject: RE: Zone transfer issues on new domain
>
> I added it to the named.conf on the slave.  Shouldn't it create its own db.usptoenews file under the secondaries directory?
> ________________________________
> From: bind-users-bounces+karen.lear=uspto.gov at lists.isc.org [bind-users-bounces+karen.lear=uspto.gov at lists.isc.org] On Behalf Of Sten Carlsen [stenc at s-carlsen.dk]
> Sent: Tuesday, March 30, 2010 9:26 PM
> To: bind-users at lists.isc.org
> Subject: Re: Zone transfer issues on new domain
>
> Did you add it to the slaves configuration? It does not get automagically added; so the slave gets a notify on a zone it can not serve as it is not in its config.
>
> On 31/03/10 2:14, Lear, Karen (Evolver) wrote:
> Can you tell me why I’m getting the message below on my slave server after adding a master zone on the master server for usptoenews.gov:
>
> [klear at dns2 logs]$ grep enews activity.log
> 30-Mar-2010 17:17:45.484 notify: notice: client 10.240.6.50#10738: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative
> 30-Mar-2010 17:22:47.335 notify: notice: client 10.240.6.50#62593: received notify for zone 'usptoenews.gov': TSIG 'ns1-ns2.uspto.gov': not authoritative
>
> email:   karen.lear at uspto.gov<mailto:karen.lear at uspto.gov>
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
>         "MALE BOVINE MANURE!!!"
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
>

More information about the bind-users mailing list