Hi Lars,
On 26-Apr-2017 09:10 CEST, <deb...@lhanke.de> wrote:
> Am 26.04.2017 um 08:22 schrieb Steven Carr:
> > On 26 April 2017 at 06:53, Dr. Lars Hanke <deb...@lhanke.de> wrote:
> > > allow-transfer { 172.16.11.35; };
> > This IP ^^^
> >
> > > transfer of '178.168.192.in-addr.arpa/IN' from 172.16.10.16#53: failed
> > > while
> > > receiving responses: REFUSED
> > Is not the same as the IP the AXFR request is coming from? ^^^
>
> At least it is the IP of the slave:
>
> ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 00:16:3e:2b:22:05
> inet addr:172.16.11.35 Bcast:172.16.11.255 Mask:255.255.255.0
>
> dig @172.16.10.16 dmz.microsult.de. axfr
>
> ; <<>> DiG 9.9.5-9+deb8u10-Debian <<>> @172.16.10.16 dmz.microsult.de. axfr
> ; (1 server found)
> ;; global options: +cmd
> ; Transfer failed.
BIND logs refers to the IP address 172.16.10.16, can you tell us what is this
IP?
It appears that this is this IP address which is trying to transfer the zone,
and as you are restricting zone transfers to the slave IP address
(172.16.11.35), it makes sense that this is refused.
And also explains why it works when you allow the entire /16.
Cheers,
--
Nico
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
