AXFR rejected
Ondřej Surý
ondrej at isc.org
Fri Feb 19 13:50:54 UTC 2021
Hi Erich,
please fill an proper issue at our GitLab instance - https://gitlab.isc.org/isc-projects/bind9/issues and we’ll take it from here. We will need more information and mailing list is very clumsy way of tracking that.
Thanks,
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
> On 19. 2. 2021, at 14:07, Erich Eckner <bind at eckner.net> wrote:
>
> Signed PGP part
> Hi,
>
> I upgraded from bind 9.16.11 to 9.16.12 (on arch linux) and suddenly, AXFR
> transfers were denied:
>
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: TCP request
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: using view '_default'
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: request is not signed
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: recursion available
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139 (ddns.eckner.net): AXFR request
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139 (ddns.eckner.net): zone transfer setup failed
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139 (ddns.eckner.net): reset client
> 19-Feb-2021 13:56:01.276 client @0x7f37c8015028 127.0.0.1#57139: freeing client
>
> Relevant part of the config (I can post more/full config, if desired):
>
> /etc/named.conf:
>
> options {
> ...
> allow-recursion { any; };
> allow-transfer { none; };
> ...
> }
>
> ...
>
> zone "ddns.eckner.net" IN {
> type master;
> allow-transfer { 127.0.0.1; ...; };
> }
>
>
> I cannot find any relevant change in the changelog at
> https://ftp.isc.org/isc/bind9/cur/9.16/CHANGES - did I miss something or
> is this a bug?
>
> (Adding 127.0.0.1 to allow-transfer in options clause did not help.)
>
> regards,
> Erich
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210219/3cc3ac44/attachment.bin>
More information about the bind-users
mailing list