On 04/28/11 05:10, jeffrey j donovan wrote: > Greetings > > I have 2 systems master and slave, the slave seems to not allow the zone > transfer.
It's the master that doesn't allow zone transfer. You have
allow-transfer and allow-update in mydomain.com (which I guess is
transfering correctly, at least nothing you've written says otherwise),
but you don't have these in reverse zones.
Torinthiel
>
> master 192.168.1.2
>
> //////////////////////////
> ////// mydomain.com////
>
> zone "mydomain.com" {
> type master;
> file "domain.db";
> allow-transfer { 192.168.96.3; };
> allow-update {none;};
> };
>
> zone "96.168.192.in-addr.arpa" {
> type master;
> file "in-arpa-192/REV-NOC.db";
> };
>
> zone "97.168.192.in-addr.arpa" {
> type master;
> file "in-arpa-192/REV-EDC.db";
> };
>
>
> slave; 192.168.1.3
>
> //////////////////////////
> ////// mydomain.com////
>
> zone "mydomain.com" {
> type slave;
> masters { 192.168.96.2; };
> file "domain.db";
> allow-transfer {none;};
> };
>
> zone "96.168.192.in-addr.arpa" {
> type slave;
> masters { 192.168.96.2; };
> file "in-arpa-209/REV-NOC.db";
> };
>
> zone "97.168.192.in-addr.arpa" {
> type slave;
> masters { 209.96.96.2; };
> file "in-arpa-209/REV-EDC.db";
> };
>
>
> here is the log output
>
> from master
> -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view
> com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied
> -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view
> com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied
>
> from slave
>
>
> 27-Apr-2011 22:57:23.039 general: info: zone
> 96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started.
> 27-Apr-2011 22:57:23.041 xfer-in: info: transfer of
> '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53:
> connected using 192.168.96.3#60755
> 27-Apr-2011 22:57:23.042 xfer-in: error: transfer of
> '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed
> while receiving responses: REFUSED
> 27-Apr-2011 22:57:23.042 xfer-in: info: transfer of
> '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53:
> Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
>
>
> firewall on the slave is off and the master has an allow statement for dns
> 12310 27110 1096192 allow tcp from any to any dst-port 53
> 12310 2124656 168384287 allow udp from any to any dst-port 53
>
>
> not sure what I missed , any insight would be helpful
>
> -j
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
