BIND 9.2.1 refusing NOTIFY

Mark_Andrews at isc.org Mark_Andrews at isc.org
Fri Nov 8 23:36:00 UTC 2002


> 16:54:12.515168 62.177.1.105.53041 > 213.92.8.2.53:  [udp sum ok] 3097 notify
>  [b2&3=0x2400] SOA? linux.it. [|domain] (DF) (ttl 54, id 0, len 54)
> 16:54:12.515872 213.92.8.2.53 > 62.177.1.105.53041:  [udp sum ok] 3097 notify
>  Refused- q: SOA? linux.it. 0/0/0 (26) (DF) (ttl 64, id 0, len 54)
> 
> options {
> ...
>   allow-query { friends; };
>   allow-recursion { friends; };
>   allow-transfer { none; };
> 
>   match-mapped-addresses yes;
>   listen-on-v6 { any; };
>   listen-on { none; };
> }
> 
> zone "linux.it" {
>         type slave; file "linux.it";
>         masters { 62.177.1.105; };
>         allow-query { any; };
>         allow-transfer { ... };
> };
> 
> The config file looks right, what else can I check?
> 
> I'm running BIND 9.2.1 on both hosts.
> 
> Nothing appears in the log file, and if I force reloading the zone
> everything works ok:
> 
> Nov  8 16:59:28 attila named[9315]: zone linux.it/IN: transfered serial 20021
> 10800
> Nov  8 16:59:28 attila named[9315]: transfer of 'linux.it/IN' from 62.177.1.1
> 05#53: end of transfer
> Nov  8 16:59:28 attila named[9315]: zone linux.it/IN: sending notifies (seria
> l 2002110800)

	Well since you are listening on IPv6 only the address
	presented will be mapped.  match-mapped-addresses only
	affects acl processing and masters isn't a acl.

	You should be able to use a mapped address in the masters
	clause (::ffff:62.177.1.105).  Othewise look at
	lib/dns/zone.c:dns_zone_notifyreceive() and unmap the from address.

	Note this configuration won't work in 9.3 as we have improved
	the seperation of IPv4 and IPv6.

	Mark

> -- 
> ciao, |
> Marco | * The Internet is full. Go away.  -- Joel Furr *
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list