This has been an issue for far too long, though I solved it, but it
rears it's head again.
Example:
$dig sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
ns1.hostwizard.com. scott.hostwizard.com. 2009062206 28800 7200
2419200 3600
$dig sugardimplesdesigns.com SOA @ns0.nacio.com +short
$dig sugardimplesdesigns.com SOA @ns1.nacio.com +short
$dig sugardimplesdesigns.com SOA @ns2.nacio.com +short
$dig sugardimplesdesigns.com SOA @ns3.nacio.com +short
* Get nothing back at all on the +short, ANSWER 0 on the non +short
The colo provides secondary, I am told to use ns1 as the secondary,
that NS0 is where the updates will be pulled from for zone transfers.
I assume they xfer from 1, 2, and 3 off of 0.
I bump the serial, and reload:
23-Jun-2009 12:21:12.444 notify: info: zone sugardimplesdesigns.com/
IN: sending notifies (serial 2009062206)
options {
directory "/var/named";
querylog yes;
// recursion IP's redacted
allow-transfer { 64.84.0.26; };
notify-source 64.84.37.14;
transfer-source 64.84.37.14;
also-notify { 64.84.0.26; };
};
Is there anything wrong in my options statement? I have been working
with support to resolve this. Here is what they are telling me, using
nslookup, which I never use, I use dig.
First, their event log:
Event Type: Error
Event Source: named
Event Category: None
Event ID: 1
Date: 6/22/2009
Time: 10:24:58 PM
User: N/A
Computer: NS0
Description:
transfer of 'sugardimplesdesigns.com/IN' from 64.84.37.14#53: failed to
connect: connection refused
Appears to me I am refusing them, I do not see it in my logs, what
logs would be it in, or what logging statements would I turn on to be
able to diagnose this?
My nest email asked them what host they were getting the above event
log from, here is the data I got back:
The query and errors are from 64.84.0.26.
Using Microsoft Nslookup, the following output resulted:
server 64.84.37.14
Server: cyclone.hostwizard.com
Address: 64.84.37.14
I do not know what the above proves, but I have included it since it
was given to me.
sugardimplesdesigns.com
Server: cyclone.hostwizard.com
Address: 64.84.37.14
Name: sugardimplesdesigns.com
Address: 64.84.37.15
Name: sugardimplesdesigns.com
Address: 64.84.37.15
So they are getting an A record, but they have to skip past their NS,
and hit mine, or so it seems in my tests.
set q=any
ls -d sugardimplesdesigns.com
ls: connect: No error
*** Can't list domain sugardimplesdesigns.com: Unspecified error
The DNS server refused to transfer the zone sugardimplesdesigns.com to
your comp
uter. If this
is incorrect, check the zone transfer security settings for
sugardimplesdesigns.
com on the DNS
server at IP address 64.84.37.14.
We can connect, get an A record, but not the zone.
All I can think, is they have not defined their NS to be 64.84.0.26
explicitly, so my server declines to talk to it.
I see this in my logs:
security.log:23-Jun-2009 13:21:57.358 security: info: client
64.84.0.26#1427: query (cache) 'sugardimplesdesigns.com.nacio.com/ANY/
IN' denied
But that shows .26, which is what I list as well. Stumped.
And one each for each serial bump and reload I did of these:
named.log:22-Jun-2009 11:31:55.378 notify: info: zone
sugardimplesdesigns.com/IN: sending notifies (serial 2009062200)
Any suggestions on where the error is, and how to solve it, as well as
what logging options I should turn on to be able to better solve
this. Thanks.
--
Scott * If you contact me off list replace talklists@ with scott@ *
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
