Yet another Xfer problem

Danny Mayer mayer at gis.net
Sat Jan 19 20:55:44 UTC 2002


At 08:38 AM 1/19/02, Bill Stephens wrote:

>Danny Mayer <mayer at gis.net> wrote in message 
>news:<a2aefs$nac at pub3.rc.vix.com>...
> > At 02:30 PM 1/18/02, Bill Stephens wrote:
> >
> > >I'm having problems with some IXFR zone transfers to one of my DNS
> > >servers.  The message log gives me the following error "premature EOF,
> > >fetching "some zone".  I don't think this is a memory issue, the
> > >primary server (and secondary for that matter) is a Linux machine with
> > >512 mb memory 512 mb swap space, and DNS is pretty much the only
> > >application on the server.  The server is able to process some zones
> > >between the primary and secondary, but consistantly I have one zone
> > >that only seems to be able to tansfer if I wipe it out on the
> > >secondary and restart, forcing an axfr.  I have another secondary
> > >pointing to the same primary, using AXFR's, and it's not having any
> > >problems transferring the zone.  It's a fairly small zone with < 100
> > >entries.  I've upgraded both the primary and slave to BIND 8.2.5 to
> > >see if that would improve things, no dice.  Any other ideas what might
> > >be going wrong?
> >
> > Try setting transfer-format one-answer in named.conf either in options
> > (to make it global) or server for a specific server.  It may be having 
> problems
> > with the many-answers transfer format. You didn't say what version of BIND
> > each side of transfer is being used or on what O/S.
> >
> >          Danny
>
>Thanks, I tried setting it to one-answer and got a different result.
>The one-answer gave a "no TSIG present (-10)" for the zone.  I double
>checked the TSIG's, they're good, I'm getting transfers from other
>zones between the same server pair.  I turned off ixfr, and the
>transfers flowed without any problems.  I really think it's related to
>the ixfr's, since axfr's between the the two servers work fine.
>
>On both sides, I'm running RedHat Linux 7.0, and BIND 8.2.5.

You might try upgrading to 8.3.0.  I saw this in the 8.3.0 release notes:

1310.   [bug]           TSIG signed IXFR's wern't correctly verified.

1287.   [bug]           named-xfer could report false TSIG failures under
                         certian conditions.

1270.   [bug]           AXFR style IXFR responses were not handled properly,
                         transfer-format single-answer.

Each and every one of them could be what is causing your failures.  Try it
and see if it now works with BIND 8.3.0.

         Danny



More information about the bind-users mailing list