Hi John, Well, I was wrong about the log. I did find some info about why zone transfer failed. On one server running zone rack1.com, I see:
Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#20745 (rack1.com): query 'rack1.com/SOA/IN' denied Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#52612 (rack1.com): transfer of 'rack1.com/IN': IXFR ended Any idea why it's denied? David On Fri, Feb 19, 2016 at 11:19 AM, John W. Blue <john.b...@rrcic.com> wrote: > "kick off" as in update the zone and not by using dig. > > John > > Sent from Nine > > From: "John W. Blue" <john.b...@rrcic.com> > Sent: Feb 19, 2016 1:17 PM > To: David Li > > Cc: BIND Users > Subject: Re: A Zone Transfer Question > > Nothing in the logs, eg? Well so much for getting an easy resolution. :D > > If you trust your conf files and logs are clean, I personally next to turn > to tcpdump. You really need to know what (if anything) is being placed on > the wire. Something like this should get you started: > > tcpdump -i eth0 -n port domain > > Kick off a transfer and see what happens. > > John > > Sent from Nine > > From: David Li <dlipub...@gmail.com> > Sent: Feb 19, 2016 1:04 PM > To: John W. Blue > Cc: BIND Users > Subject: Re: A Zone Transfer Question > > Hi John, > > Nothing in the /var/log/messages indicates transfer problems. In fact > I don't think the transfer ever started by itself for some reason > until I manually used "dig" to initiate. > > David > > On Fri, Feb 19, 2016 at 9:00 AM, John W. Blue <john.b...@rrcic.com> wrote: >> Hello David, >> >> You can get started by checking your log files to see if named is >> complaining about anything it might not like that is preventing the >> transfer. >> >> John >> >> Sent from Nine >> >> From: David Li <dlipub...@gmail.com> >> Sent: Feb 19, 2016 10:46 AM >> To: BIND Users >> Subject: A Zone Transfer Question >> >> This is my first time to try master slave configuration. Here is a >> brief description: >> >> I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the >> master for zone1 and slave for zone2. VM2 is master for zone2 and >> slave for zone1. Both zones uses DNS Dynamic Update from DHCP >> servers on the same VM >> to update the A records in their zone files. No DNSSEC configured. >> >> >> To start, everything seems to be working fine. I have one host in each >> zone and they can resolve each other fine. >> >> Now I add a new host to zone1 and its sequence number has been bumped >> up. I read that when the zone1 file changes, it will automatically >> notify its slave zone (ie. zone2) to start a zone transfer after 15 >> min. This never happened. Then I restarted named on VM2 and hoped it >> would pull the new zone1 file. This didn't happened either. >> Eventually I have to either restart the VM2 or use dig to start the >> zone transfer. >> >> Can anyone spot anything obviously wrong here? Do I need to post my >> zone file and named.conf? >> >> >> Thanks. >> >> David >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
