; Transfer failed. on dig axfr with bind9

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Tue Oct 19 15:53:17 UTC 2004


Clemens Bergmann <cbergmann at schuhklassert.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> hi,
> first of all thanks for the fast reply.

> <snip>

>> 1/
>> your external view misses hint zone=20
> k fixed
>>
>> 2/ you use forwarders. In a few special cases is this needed but in most =
>> (all?)
>> cases it will only complicate things and get worse performance. Get rid o=
>> f them !
>>
> deleted
>> 3/
>> slave for "2nd-angel.de" is 212.227.123.31 ( according to delegation)
>> You allow 212.227.123.29  Is this intentional ?
>>
> yes, this is the slave on my providers side for which i need AXFR.
>> 4/
>> in spite of your good idea to have config+files avaliable "on demand" i g=
>> et :
>> You don't have permission to access /bind/zones/2nd-angel.de.zone on this=
>>  server.
>> (this might not mean that there is a fault in the file only that i cannot=
>>  verify it)
>>
> sorry about that I forgot to change permissions to 644 on the server. Should work now.
> in the config dir the perms are as follows:

> - -rw-r--r--    1 bind bind   95 2004-10-17 20:09 dnskeys.conf
> - -rw-r--r--    1 bind bind 2,3K 2004-10-18 21:40 named.conf
> - -rw-r--r--    1 root bind 2,5K 2004-10-18 11:09 root.hint
> drwxr-xr-x    2 bind bind 4,0K 2004-10-18 21:01 zones/

> ./zones:
> - -rw-------  1 bind bind  590 2004-10-18 10:56 1.0.0.0.2.c.1.8.0.c.5.0.1.0.0.2.ip6.arpa
> - -rw-------  1 bind bind  415 2004-10-18 10:57 127.0.0.zone
> - -rw-------  1 bind bind  527 2004-10-18 19:07 192.168.0.zone
> - -rw-------  1 bind bind  313 2004-10-18 10:57 192.168.1.zone
> - -rw-------  1 bind bind  456 2004-10-18 10:58 2nd-angel.de.zone
> - -rw-------  1 bind bind 1,5K 2004-10-18 21:01 home.loc.zone
> - -rw-------  1 bind bind  603 2004-10-18 16:56 ipv6.home.loc.zone
> - -rw-------  1 bind bind  165 2004-10-18 10:58 localhost.zone

>>
>> (and your english is fully understandable, this is a technical discussion=
>>  group
>> not an english grammar contest !)
> thanks

> That were some usefull tips but they did not fix my problem. You don't have any other suggestions?

> Clemens

Well, lift the restriction of "allow-transfer" and tell us the ip 
of master then we could test. As for now the ISP slave seems to 
work, i see no reason it should not work for you.


> - --
> Besuchen sie uns doch im Internet:
> http://www.schuhklassert.de
> Visit us in the Internet:
> http://www.schuhklasssert.de

> pgp key:
> 0xCB9C7C6B
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)

> iD8DBQFBdB+D/9rd+8ucfGsRAm7wAKClwckLTSKaOst/UPpdlPYCCn9RdACg7ZS/
> w7cbkAeoZxeeNwMOiVj43kA=
> =4gnv
> -----END PGP SIGNATURE-----


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


More information about the bind-users mailing list