AXFR refused?

Fri Apr 7 21:47:33 UTC 2000

Michael Quan wrote:

> From: Mark.Andrews at nominum.com
>
> >       You should have *both* 110.103.216.IN-ADDR.ARPA and
> >       240.110.103.216.IN-ADDR.ARPA as zones on your server.
>
> >       110.103.216.IN-ADDR.ARPA should be being transfered from your
> >       ISP's servers.  This zone contains CNAME records that point into
> >       240.110.103.216.IN-ADDR.ARPA for final resolution.
>
> >       240.110.103.216.IN-ADDR.ARPA should contain the PTR records for
> >       the machines in your subnet.  Your ISP will normally secondary
> >       this zone to reduce the number of queries required to resolve
> >       a reverse lookup.
>
> >       Your ISP has setup 110.103.216.IN-ADDR.ARPA correctly.  What you
> >       currently have as 110.103.216.IN-ADDR.ARPA should be in
> >       240.110.103.216.IN-ADDR.ARPA.
>
>         I moved what I have in my 110.103.216.IN-ADDR.ARPA into
> 240.110.103.216.IN-ADDR.ARPA but now named says
> "242.110.103.216.IN-ADDR.ARPA is outside zone (ignored)" and reverse
> lookups no longer work within my network.

You probably had all of the left-hand-side's of your PTR's fully-qualified
in that file. Either change them to be relative, e.g. "242    IN    PTR
..." or, if you want to stay with fully-qualified left-hand-side's, stick
an extra "240" into each one, e.g. "242.240.110.103.216.in-addr.arpa.
IN    PTR    ...".

> >   e.g.
> >       /*
> >        * 110.103.216.IN-ADDR.ARPA is required so that local reverse
> >        * lookups work when the external link is down.
> >        */
> >       zone "110.103.216.IN-ADDR.ARPA" {
> >               type slave;
> >               file "216.103.110.rev";
> >               masters { 206.13.28.11; 206.13.29.11; };
> >       };
>
>         So if I understand this correctly, I become a slave to
> 206.13.28.11 and 206.13.29.11 for the file 216.103.110.rev.

Um, not quite. You become a slave for the "110.103.216.in-addr.arpa" zone,
which you replicate from the 206.13.28.11 and 206.13.29.11 servers, and
store in the file "216.103.110.rev" file.

>         Now the new file 216.103.110.rev what should go into there?

This file will contain the results of zone transfers from the master
servers. You don't need to put anything into it; "named" (actually
"named-xfer") will update the file automatically.

> >       zone "240.110.103.216.IN-ADDR.ARPA" {
> >               type master;
> >               file "216.103.110.240.rev";
> >       };
>
>         As I said previously named now reports
> "242.110.103.216.IN-ADDR.ARPA is outside zone (ignored)" and no
> reverse works inside or out.
>         I still get AXFR refused from ns1.pbi.net.

Please post the exact error message. I think maybe *your* nameserver is
refusing zone transfers. Do you perhaps have an "allow-transfer { none;
};" in your options clause?

>         What about this entry in my named.conf.
>
>         zone "pbi.net"{
>              type slave;
>              ....
>              ....
>
>         That tells named that pbi.net is my secondary.

No it doesn't. It tells your nameserver to be a slave for the
"pbi.net" zone.

- Kevin