AXFR/IN' denied

Wed, 27 Apr 2011 20:18:37 -0700 

Greetings

I have 2 systems master and slave, the slave seems to not allow the zone 
transfer.

master 192.168.1.2

//////////////////////////
////// mydomain.com////

zone "mydomain.com" {
        type master;
        file "domain.db";
        allow-transfer { 192.168.96.3; };
        allow-update {none;};
};

zone "96.168.192.in-addr.arpa" {
        type master;
        file "in-arpa-192/REV-NOC.db";
};

zone "97.168.192.in-addr.arpa" {
        type master;
        file "in-arpa-192/REV-EDC.db";
};


slave; 192.168.1.3

//////////////////////////
////// mydomain.com////

zone "mydomain.com" {
        type slave;
        masters { 192.168.96.2; };
        file "domain.db";
        allow-transfer {none;};
};

zone "96.168.192.in-addr.arpa" {
        type slave;
        masters { 192.168.96.2; };
        file "in-arpa-209/REV-NOC.db";
};

zone "97.168.192.in-addr.arpa" {
        type slave;
        masters { 209.96.96.2; };
        file "in-arpa-209/REV-EDC.db";
};


here is the log output

from master
-Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view 
com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied
-Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view 
com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied

from slave


27-Apr-2011 22:57:23.039 general: info: zone 
96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started.
27-Apr-2011 22:57:23.041 xfer-in: info: transfer of 
'96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: 
connected using 192.168.96.3#60755
27-Apr-2011 22:57:23.042 xfer-in: error: transfer of 
'96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed 
while receiving responses: REFUSED
27-Apr-2011 22:57:23.042 xfer-in: info: transfer of 
'96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: Transfer 
completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)


firewall on the slave is off and the master has an allow statement for dns
12310    27110    1096192 allow tcp from any to any dst-port 53
12310  2124656  168384287 allow udp from any to any dst-port 53


not sure what I missed , any insight would be helpful

-j

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to