rcode 5, refused since upgrade
Greetings, Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1. Pretty much copied the named.conf file from one to the other. We are a slave for a three other sites, two I download the zones OK, one I get REFUSED since the upgrade. I thought permissions or config error on my side but have not found anything yet. Sniffer trace shows my server requesting: Question Section: Type = Transfer of entire zone of authority (AXFR.252) and remote master replying Response code = Refused (5) Shooting in the dark, I stopped signing my zone and took out; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; but no change. Could it be a miss-configure on my side to have the master refuse to allow a zone transfer? I ask the remote zone admin if they could check but have not heard back yet. I just have a hard time understanding how my upgrade would have their zone refuse to transfer to the same IP address and FQDN. RCODE (5) Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone transfer) for particular data. thanks! jim ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rcode 5, refused since upgrade
On Thu, 6 Jan 2011, jim wrote: Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1. Pretty much copied the named.conf file from one to the other. We are a slave for a three other sites, two I download the zones OK, one I get REFUSED since the upgrade. Check your BIND logging too. Are you using allow-transfer configuration? You may also want to read http://www.isc.org/faq/item/773 and the ARM which describe some changes. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rcode 5, refused since upgrade
Hi Jeremy, Thanks for the reply, I am using allow-transfer { ... } I just heard back about five minutes ago for the admin and they had removed our site as a secondary. The RCODE 5 was right on the money telling me what was going on and the logging failed while receiving responses: REFUSED and even in CAPs :-) thanks! jim On Thu, Jan 6, 2011 at 2:55 PM, Jeremy C. Reed jr...@isc.org wrote: On Thu, 6 Jan 2011, jim wrote: Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1. Pretty much copied the named.conf file from one to the other. We are a slave for a three other sites, two I download the zones OK, one I get REFUSED since the upgrade. Check your BIND logging too. Are you using allow-transfer configuration? You may also want to read http://www.isc.org/faq/item/773 and the ARM which describe some changes. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users