Re: AXFR/IN' denied

2011-04-28 Thread Phil Mayers 

On 04/28/2011 04:10 AM, jeffrey j donovan wrote:


master 192.168.1.2

zone mydomain.com {
type master;
file domain.db;
allow-transfer { 192.168.96.3; };


Ok, you have an allow-transfer so this is working.


allow-update {none;};
};

zone 96.168.192.in-addr.arpa {
type master;
file in-arpa-192/REV-NOC.db;
};

zone 97.168.192.in-addr.arpa {
type master;
file in-arpa-192/REV-EDC.db;
};


There is no allow-transfer on these two zones, so they are failing.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: AXFR/IN' denied ::solved::

2011-04-28 Thread jeffrey j donovan 

On Apr 27, 2011, at 11:10 PM, jeffrey j donovan wrote:

 Greetings
 
 I have 2 systems master and slave, the slave seems to not allow the zone 
 transfer.
 snip

found the problem, I had multiple option entries in named.conf there was an 
original option line that I over looked that was from a previous master that 
had  allow-transfer { none; };
sorry to waste bandwidth :)
-j

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

AXFR/IN' denied

2011-04-27 Thread jeffrey j donovan 
Greetings

I have 2 systems master and slave, the slave seems to not allow the zone 
transfer.

master 192.168.1.2

//
// mydomain.com

zone mydomain.com {
type master;
file domain.db;
allow-transfer { 192.168.96.3; };
allow-update {none;};
};

zone 96.168.192.in-addr.arpa {
type master;
file in-arpa-192/REV-NOC.db;
};

zone 97.168.192.in-addr.arpa {
type master;
file in-arpa-192/REV-EDC.db;
};


slave; 192.168.1.3

//
// mydomain.com

zone mydomain.com {
type slave;
masters { 192.168.96.2; };
file domain.db;
allow-transfer {none;};
};

zone 96.168.192.in-addr.arpa {
type slave;
masters { 192.168.96.2; };
file in-arpa-209/REV-NOC.db;
};

zone 97.168.192.in-addr.arpa {
type slave;
masters { 209.96.96.2; };
file in-arpa-209/REV-EDC.db;
};


here is the log output

from master
-Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view 
com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied
-Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view 
com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied

from slave


27-Apr-2011 22:57:23.039 general: info: zone 
96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started.
27-Apr-2011 22:57:23.041 xfer-in: info: transfer of 
'96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: 
connected using 192.168.96.3#60755
27-Apr-2011 22:57:23.042 xfer-in: error: transfer of 
'96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed 
while receiving responses: REFUSED
27-Apr-2011 22:57:23.042 xfer-in: info: transfer of 
'96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: Transfer 
completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)


firewall on the slave is off and the master has an allow statement for dns
12310271101096192 allow tcp from any to any dst-port 53
12310  2124656  168384287 allow udp from any to any dst-port 53


not sure what I missed , any insight would be helpful

-j

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: AXFR/IN' denied

2011-04-27 Thread Torinthiel 
On 04/28/11 05:10, jeffrey j donovan wrote:
 Greetings
 
 I have 2 systems master and slave, the slave seems to not allow the zone 
 transfer.

It's the master that doesn't allow zone transfer. You have
allow-transfer and allow-update in mydomain.com (which I guess is
transfering correctly, at least nothing you've written says otherwise),
but you don't have these in reverse zones.
Torinthiel

 
 master 192.168.1.2
 
 //
 // mydomain.com
 
 zone mydomain.com {
   type master;
   file domain.db;
   allow-transfer { 192.168.96.3; };
   allow-update {none;};
 };
 
 zone 96.168.192.in-addr.arpa {
   type master;
   file in-arpa-192/REV-NOC.db;
 };
 
 zone 97.168.192.in-addr.arpa {
   type master;
   file in-arpa-192/REV-EDC.db;
 };
 
 
 slave; 192.168.1.3
 
 //
 // mydomain.com
 
 zone mydomain.com {
   type slave;
   masters { 192.168.96.2; };
   file domain.db;
   allow-transfer {none;};
 };
 
 zone 96.168.192.in-addr.arpa {
   type slave;
   masters { 192.168.96.2; };
   file in-arpa-209/REV-NOC.db;
 };
 
 zone 97.168.192.in-addr.arpa {
   type slave;
   masters { 209.96.96.2; };
   file in-arpa-209/REV-EDC.db;
 };
 
 
 here is the log output
 
 from master
 -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view 
 com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied
 -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view 
 com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied
 
 from slave
 
 
 27-Apr-2011 22:57:23.039 general: info: zone 
 96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started.
 27-Apr-2011 22:57:23.041 xfer-in: info: transfer of 
 '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: 
 connected using 192.168.96.3#60755
 27-Apr-2011 22:57:23.042 xfer-in: error: transfer of 
 '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed 
 while receiving responses: REFUSED
 27-Apr-2011 22:57:23.042 xfer-in: info: transfer of 
 '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: 
 Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
 
 
 firewall on the slave is off and the master has an allow statement for dns
 12310271101096192 allow tcp from any to any dst-port 53
 12310  2124656  168384287 allow udp from any to any dst-port 53
 
 
 not sure what I missed , any insight would be helpful
 
 -j
 
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users




signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users