Re: AXFR/IN' denied
On 04/28/2011 04:10 AM, jeffrey j donovan wrote: master 192.168.1.2 zone mydomain.com { type master; file domain.db; allow-transfer { 192.168.96.3; }; Ok, you have an allow-transfer so this is working. allow-update {none;}; }; zone 96.168.192.in-addr.arpa { type master; file in-arpa-192/REV-NOC.db; }; zone 97.168.192.in-addr.arpa { type master; file in-arpa-192/REV-EDC.db; }; There is no allow-transfer on these two zones, so they are failing. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AXFR/IN' denied ::solved::
On Apr 27, 2011, at 11:10 PM, jeffrey j donovan wrote: Greetings I have 2 systems master and slave, the slave seems to not allow the zone transfer. snip found the problem, I had multiple option entries in named.conf there was an original option line that I over looked that was from a previous master that had allow-transfer { none; }; sorry to waste bandwidth :) -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
AXFR/IN' denied
Greetings I have 2 systems master and slave, the slave seems to not allow the zone transfer. master 192.168.1.2 // // mydomain.com zone mydomain.com { type master; file domain.db; allow-transfer { 192.168.96.3; }; allow-update {none;}; }; zone 96.168.192.in-addr.arpa { type master; file in-arpa-192/REV-NOC.db; }; zone 97.168.192.in-addr.arpa { type master; file in-arpa-192/REV-EDC.db; }; slave; 192.168.1.3 // // mydomain.com zone mydomain.com { type slave; masters { 192.168.96.2; }; file domain.db; allow-transfer {none;}; }; zone 96.168.192.in-addr.arpa { type slave; masters { 192.168.96.2; }; file in-arpa-209/REV-NOC.db; }; zone 97.168.192.in-addr.arpa { type slave; masters { 209.96.96.2; }; file in-arpa-209/REV-EDC.db; }; here is the log output from master -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied from slave 27-Apr-2011 22:57:23.039 general: info: zone 96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started. 27-Apr-2011 22:57:23.041 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: connected using 192.168.96.3#60755 27-Apr-2011 22:57:23.042 xfer-in: error: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed while receiving responses: REFUSED 27-Apr-2011 22:57:23.042 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec) firewall on the slave is off and the master has an allow statement for dns 12310271101096192 allow tcp from any to any dst-port 53 12310 2124656 168384287 allow udp from any to any dst-port 53 not sure what I missed , any insight would be helpful -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AXFR/IN' denied
On 04/28/11 05:10, jeffrey j donovan wrote: Greetings I have 2 systems master and slave, the slave seems to not allow the zone transfer. It's the master that doesn't allow zone transfer. You have allow-transfer and allow-update in mydomain.com (which I guess is transfering correctly, at least nothing you've written says otherwise), but you don't have these in reverse zones. Torinthiel master 192.168.1.2 // // mydomain.com zone mydomain.com { type master; file domain.db; allow-transfer { 192.168.96.3; }; allow-update {none;}; }; zone 96.168.192.in-addr.arpa { type master; file in-arpa-192/REV-NOC.db; }; zone 97.168.192.in-addr.arpa { type master; file in-arpa-192/REV-EDC.db; }; slave; 192.168.1.3 // // mydomain.com zone mydomain.com { type slave; masters { 192.168.96.2; }; file domain.db; allow-transfer {none;}; }; zone 96.168.192.in-addr.arpa { type slave; masters { 192.168.96.2; }; file in-arpa-209/REV-NOC.db; }; zone 97.168.192.in-addr.arpa { type slave; masters { 209.96.96.2; }; file in-arpa-209/REV-EDC.db; }; here is the log output from master -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied from slave 27-Apr-2011 22:57:23.039 general: info: zone 96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started. 27-Apr-2011 22:57:23.041 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: connected using 192.168.96.3#60755 27-Apr-2011 22:57:23.042 xfer-in: error: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed while receiving responses: REFUSED 27-Apr-2011 22:57:23.042 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec) firewall on the slave is off and the master has an allow statement for dns 12310271101096192 allow tcp from any to any dst-port 53 12310 2124656 168384287 allow udp from any to any dst-port 53 not sure what I missed , any insight would be helpful -j ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users