Re: Unable to transfer IPv4 reverse zone

Thu, 19 Dec 2013 11:49:22 -0800 

On Thu, Dec 19, 2013 at 07:27:51PM +0000, Daniel Lintott wrote:
> On 19/12/13 18:37, Timothe Litt wrote:
> > I doubt you'll get help without providing configuration data for 
> > master
> > and slaves and exact log and error messages.
> > 
> > But I'll take one blind guess.  DNSSEC validation enabled and 
> > your in-addr.arpa zones are not delegated and not in DLV?

I'll offer a guess as well.

> DNSSEC is not currently used on these servers.
> 
> The following is logged on the slave:
> Dec 19 17:51:48 server2 named[7866]: transfer of
> '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: connected using
> 192.168.5.2#47108
> 
> Dec 19 17:51:48 server2 named[7866]: transfer of
> '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while 
> receiving responses: SERVFAIL
> 
> Dec 19 17:51:48 server2 named[7866]: transfer of
> '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: Transfer 
> completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
> 
> Dig returns the following:
> [root@server2 ~]# dig @192.168.5.1 5.168.192.in-addr.arpa AXFR
> 
> ; <<>> DiG 9.9.4-P1 <<>> @192.168.5.1 5.168.192.in-addr.arpa AXFR
> ; (1 server found)
> ;; global options: +cmd
> ; Transfer failed.
> 
> There are no errors reported on the master server.

How about when the zone loaded initially? I suspect a problem in the 
master zone file itself. Try named-checkzone(8) on it.

Can you query SOA and PTR records from the master?
    dig 5.168.192.in-addr.arpa. any @192.168.5.1
    dig 1.5.168.192.in-addr.arpa. any @192.168.5.1
Try this also on the master itself.

Note also, regarding logging, that depending on your syslogd's 
configuration you might see errors in a different file than logs of 
lower syslog priority.

> Master - named.conf
> 
> include "/etc/named.conf.local";
> 
> options {
>       directory "/var/named";
>       pid-file "/var/run/named/named.pid";
>       };
> 
> zone "." {
>       type hint;
>       file "/etc/db.cache";
>       };
> 
> key rndc-key {
>       algorithm hmac-md5;
>       secret "XXX";
>       };
> controls {
>       inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
>       };
> 
> Configuration of the problem reverse zone:
> 
> zone "5.168.192.in-addr.arpa" {
>         type master;
>       file "/var/named/5.168.192.in-addr.arpa.hosts";
>         allow-transfer {
>                 192.168.5.2;
>                 };
>       allow-update {
>               key rndc-key;
>               };
>         };
> 
> Slave Zone Configuration:
> 
> zone "5.168.192.in-addr.arpa" {
>       type slave;
>       masters {
>               192.168.5.1;
>               };
>       file "/var/named/slaves/192.168.5.rev";
>       };
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to