NOTAUTH errors in a hidden Master with two Slaves setup
Mark Andrews
marka at isc.org
Fri May 6 23:49:29 UTC 2016
In message <C5A2E8F9-E1FE-46DF-93D4-8E63D57154E3 at if.ufrj.br>, =?utf-8?B?Vmluw61jaXVzIEZlcnLDo2
8=?= writes:
> Hello Mark,
>
> Sorry for this :(
> I was thinking thats a rule on the list since everyone does this on the
> list. Sorry again.
No. It's not a rule. It's clinical paranoia about letting any
details slip out on the part of some participants (or their bosses).
No one is reading this list to find out the internal details of
your network. All it does do is make giving advice harder. It
doesn't make your network "safer". About the only thing we don't
want to see is TSIG secrets and if you do publish them accidentally
you just need to generate new ones. Even then there are times when
even that detail is needed.
You will also see people regularly saying, provide us unobscured
details.
It like going to a mechanic and saying I have a problem and not
telling them every detail of the problem you are observing. You
are just making their job harder and wasting both their and your
own time.
Mark
> But youre right. It was a typo. The find & replace command does not
> modified the typo to myzone.com<http://myzone.com>. You can see it on my
> original message on the slaves named.conf.
>
> Thank you.
>
> On May 6, 2016, at 8:26 PM, Mark Andrews
> <marka at isc.org<mailto:marka at isc.org>> wrote:
>
>
> Stop with this "myzone.com<http://myzone.com>" garbage. IT DOES NOT
> HELP. You almost
> certainly have a typo which we can't see because you have obscured
> it.
>
> Mark
>
> In message
> <992DBAD5-E450-4F29-8122-3AC537E91D6C at if.ufrj.br<mailto:992DBAD5-E450-4F29
> -8122-3AC537E91D6C at if.ufrj.br>>, =?utf-8?B?Vmluw61jaXVzIEZlcnLDo2
> 8=?= writes:
> Hello guys,
>
> Im probably missing something on my named.conf but Im moving a zone to
> our DNS servers but were unable to do this correctly since our slaves are
> refusing to get the zone file from the hidden master DNS.
>
> On the both slaves (ns1 and ns2) the following is logged:
> May 6 19:56:36 darkshire named49323: transfer of
> myzone.com/IN'<http://myzone.com/IN'><http://myzone.com/IN'> from
> 192.168.50.50#53: failed while
> receiving responses: NOTAUTH.
> May 6 16:37:53 ruttheran named40061: transfer of
> myzone.com/IN'<http://myzone.com/IN'><http://myzone.com/IN'> from
> 192.168.50.50#53: failed while
> receiving responses: NOTAUTH.
>
> And on the master the following is logged:
> May 6 19:56:36 exodar named5562: client 192.168.50.15#15815: bad zone
> transfer request:
> myzone.com/IN':<http://myzone.com/IN':><http://myzone.com/IN':>
> non-authoritative zone (NOTAUTH)
>
> On the master server Im running: BIND 9.8.4-rpz2+rl005.12-P1 on Debian
> Linux and the slaves are on FreeBSD 10.2-RELEASE with BIND 9.10.3.
>
> Master Configuration:
> zone "myzone.com<http://myzone.com><http://myzone.com>" {
> type master;
> file "/var/lib/bind/myzone.com.db";
> notify yes;
> allow-transfer { intnameservers; };
> allow-update { key "DHCP_UPDATER"; };
> };
>
> Slaves Configuration:
> zone "wfme2106.com.br<http://wfme2106.com.br><http://wfme2106.com.br>" {
> type slave;
> file
> "/usr/local/etc/namedb/slave/myzone.com<http://myzone.com><http://myzone.c
> om>";
> masters { 192.168.50.50; };
> notify no;
> };
>
> Thanks in advance,
> Vincius.
>
> PS: AXFR is working as expected when issuing dig AXFR
> myzone.com<http://myzone.com><http://myzone.com> @192.168.50.50.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET:
> marka at isc.org<mailto:marka at isc.org>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list