On 02/08/18 22:15, Wojtek Swiatek wrote: > Hello everyone > > I wanted to set up another DNS server (unfortunately bind as, again > unfortunately, dnsmasq does not support being a secondary server). > > The zone transfer is initiated from the secondary but I see (on that > secondary): > > 02-Aug-2018 23:05:33.160 zone swtk.info/IN <http://swtk.info/IN>: > refresh: unexpected rcode (SERVFAIL) from master 192.168.0.10#53 (source > 0.0.0.0#0) > 02-Aug-2018 23:06:52.662 zone swtk.info/IN <http://swtk.info/IN>: > refresh: retry limit for master 192.168.0.10#53 exceeded (source 0.0.0.0#0) > 02-Aug-2018 23:06:52.663 zone swtk.info/IN <http://swtk.info/IN>: > Transfer started. > 02-Aug-2018 23:06:52.664 transfer of 'swtk.info/IN > <http://swtk.info/IN>' from 192.168.0.10#53: connected using > 192.168.0.13#40223 > 02-Aug-2018 23:06:52.665 transfer of 'swtk.info/IN > <http://swtk.info/IN>' from 192.168.0.10#53: failed while receiving > responses: SERVFAIL > 02-Aug-2018 23:06:52.666 transfer of 'swtk.info/IN > <http://swtk.info/IN>' from 192.168.0.10#53: Transfer status: SERVFAIL > 02-Aug-2018 23:06:52.666 transfer of 'swtk.info/IN > <http://swtk.info/IN>' from 192.168.0.10#53: Transfer completed: 0 > messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec) > 02-Aug-2018 23:08:07.161 zone swtk.info/IN <http://swtk.info/IN>: > refresh: unexpected rcode (SERVFAIL) from master 192.168.0.10#53 (source > 0.0.0.0#0) > > > On dnsmasq's host, when running dnsmasq with "-d -q --log-queries=extra" > , I just see > > dnsmasq: 32 192.168.0.13/34310 <http://192.168.0.13/34310> query[SOA] > swtk.info <http://swtk.info> from 192.168.0.13 > dnsmasq: 33 192.168.0.13/54967 <http://192.168.0.13/54967> query[SOA] > swtk.info <http://swtk.info> from 192.168.0.13 > dnsmasq: 34 10.100.10.30/60009 <http://10.100.10.30/60009> query[A] > www.google.com <http://www.google.com> from 10.100.10.30 > dnsmasq: 34 10.100.10.30/60009 <http://10.100.10.30/60009> cached > www.google.com <http://www.google.com> is 216.58.206.228 > > Is there a better indication where the problem may be located? All > traffic between the bind and dnsmasq host is open (both ways) and a dig > @192.168.0.10 <http://192.168.0.10> is successful (this is the IP of the > dnsmasq host, the same which is used in the bind transfer configuration > file) >
What's the result of doing dig @192.168.0.10 SOA swtk.info It looks like that could be what's failing, rather than the actual zone transfer. Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss