A Zone Transfer Question

Mark Andrews marka at isc.org
Tue Feb 23 00:04:24 UTC 2016 

This is named trying to talk to nameservers over IPv6 and being
told by the OS that they are unreachable.

At this point in time you should be yelling at your ISP to supply
you with IPv6 connectivity if they aren't already as the world ran
out of IPv4 addresses years ago and the network is only running
because ISP's that don't have enough addresses are sharing them
between multiple customers which is costing everyone in one way or
another.

If your ISP is offering you IPv6 you may need to update your CPE
router to one which supports IPv6.

There is no valid excuse for a ISP not supplying IPv6 in 2016.  They
have had over a decade to plan for how to deliver IPv6 to you.

Mark


In message <CAEuTsAyDpMHZiKENFyZEpPxgAfQAzfDecSBtzjX+h7F4YGpKGg at mail.gmail.com>
, David Li writes:
> Barry and others:
> 
> Thanks for the help!
> It's my bad that the slave zone's subnet range was missing from
> allow-query. I also added the slave IP explicitly to the
> allow-transfer option. Now it's seems to be working.
> 
> 
> Another issue that I haven't quite figured out is the errors in the
> syslog. I have no idea where these are coming from:
> 
> 
> 
> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
> resolving 'node2/A/IN': 2001:503:c27::2:30#53
> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
> resolving 'node2/A/IN': 2001:7fd::1#53
> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
> resolving './NS/IN': 2001:500:1::803f:235#53
> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
> resolving './NS/IN': 2001:503:c27::2:30#53
> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
> resolving './NS/IN': 2001:7fd::1#53
> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
> resolving 'node2/A/IN': 2001:dc3::35#53
> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
> resolving 'node2/A/IN': 2001:7fe::53#53
> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
> resolving './NS/IN': 2001:dc3::35#53
> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
> resolving './NS/
> 
> 
> I don't have a zone file that have these records defined. Any idea?
> 
> David
> 
> 
> 
> 
> > ------------------------------
> >
> > Message: 3
> > Date: Fri, 19 Feb 2016 21:25:43 -0500
> > From: Barry Margolin <barmar at alum.mit.edu>
> > To: comp-protocols-dns-bind at isc.org
> > Subject: Re: A Zone Transfer Question
> > Message-ID: <barmar-B6877F.21254319022016 at 88-209-239-213.giganet.hu>
> >
> > In article <mailman.269.1455926963.73610.bind-users at lists.isc.org>,
> >  David Li <dlipubkey at gmail.com> wrote:
> >
> >> Hi John,
> >>
> >> Well, I was wrong about the log. I did find some info about why zone
> >> transfer failed. On one server running zone rack1.com, I see:
> >>
> >> Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#20745
> >> (rack1.com): query 'rack1.com/SOA/IN' denied
> >> Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#52612
> >> (rack1.com): transfer of 'rack1.com/IN': IXFR ended
> >>
> >> Any idea why it's denied?
> >
> > VM1 has the option:
> >
> >     allow-query {
> >        10.4.1/24;
> >        127.0.0.1;
> >     };
> >
> > 10.4.3.101 isn't in 10.4.1/24. The slave has to be allowed to query the
> > master.
> >
> > --
> > Barry Margolin
> > Arlington, MA
> >
> >
> > ------------------------------
> >
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list