Slave won't transfer if NS record present

Pete Ehlke pde at ehlke.net
Fri Oct 17 20:38:35 UTC 2003


On Fri, Oct 17, 2003 at 11:07:10AM -0700, Jesse wrote:
> On Fri, 2003-10-17 at 08:14, Barry Margolin wrote:
> > In article <bmnncj$17n6$1 at sf1.isc.org>, Jesse  <ras1 at jamrockmusic.com> wrote:
> > >Both are running 9.2.1 . This is the zone file from the master. If I
> > >remove or change the NS record for bullet.pharfly.com the zone will
> > >transfer. 
> > 
> > Are there any log messages on the master or slave when the zone transfer
> > fails?
> > 
> > Can you do "dig netlivity.com axfr @chalice.jamrockmusic.com" on the slave?
> > 
> > I just queried both servers and they have the same SOA serial number.  Have
> > you already resolved the problem, or did you copy the zone file to the
> > slave manually?
> 
> Yes, the above dig command works on the slave. I have copied the files
> to the slave manually until I can get this worked out. The error on the
> slave is:
> 
> failure trying master... timed out.
> 
> The master has no errors, but I can see it send the notify.
> 
Sounds like a firewall is present. Is there a host-based firewall on the
master or the slave? Is there a firewall or packet filter anywhere
between the two? You need to allow both 53/udp and 53/tcp for transfers
to work.

-Pete


More information about the bind-users mailing list