Zone Transfer problem between two Bind 9.2.2 servers

Tue Sep 28 10:40:18 UTC 2004

did you try to put allow-transfer { any; } per zone ? Maybe you don't 
allow correct ip addresses. You can enable logging for zone transfer 
requests and see from the log file, what are the ip addresses, which are 
trying to do axfr requests.

Ladislav

Thuc Bui wrote:
> Dear All,
> 
> I am having a problem to set up the zone transfer from a master to a
> slave name server properly. They are both running SuSe 8.2 and Bind
> 9.2.2. In the master named.conf if I set in the global option with
> allow-transfer { any; }, zone transfer works fine. However, if I set
> allow-transfer { none; } in the global options, and in each zone use
> allow-transfer { slave-IP; }, zone transfer stops working. Below is
> the conf. file on the master. This is the non-working version because
> it is currently set to zone transfer to the slaves only. If I change
> "none" to "any" in the allow-transfer statement in the options block
> and comment out all other allow-transfer statements, zone transfer
> works fine.
> 
> As you can see from the conf. file, both my master and slave are in
> the same DMZ network (192.168.15.0), each has a private IP and NAT'ed
> to a public IP. The forwarders are my ISP name servers. If any of you
> wants to test my setup from the internet with dig for zone transfer,
> please email me. I will then turn on allow-transfer by changing none
> to any. I'd appreciate very much for any help any of you can provide
> me.
> 
> Best regards,
> Thuc
> 
> options {
> 	directory "/var/lib/named";
> 	pid-file "/var/lib/named/named.pid";
> 	forwarders { 206.13.28.12; 206.13.29.12; };
> 	forward first;
> 	listen-on-v6 { none; };
> 
> 	query-source address * port 53;
> 	transfer-source * port 53;
> 	notify-source * port 53;
> 
> 	allow-query { any; };
> #	allow-transfer { any; };
> 	allow-transfer { none; };
> 	allow-recursion { any; };
> 
> 	notify no;
> };
> 
> zone "." in {
> 	type hint;
> 	file "db.cache";
> };
> 
> zone "0.0.127.in-addr.arpa" in {
> 	type master;
> 	file "db.127.0.0";
> };
> 
> zone "chezbui.com" in {
> 	type master;
> 	file "db.chezbui";
> 	allow-transfer {192.168.15.10;206.13.28.11;206.13.29.11;};
> 	allow-query { any; };
> };
> 
> zone "48.128.115.67.IN-ADDR.ARPA" in {
> 	type master;
> 	file "db.67.115.128.48";
> 	allow-transfer {192.168.15.10;206.13.28.11;206.13.29.11;};
> 	allow-query { any; };
> };
> 
> zone "4b.pri" in {
> 	type master;
> 	file "db.4b";
> 	allow-transfer {192.168.15.10;};
> 	allow-query {127.0.0.1;192.168.10/24;192.168.15/24;};
> };
> 
> zone "10.168.192.IN-ADDR.ARPA" in {
> 	type master;
> 	file "db.192.168.10";
> 	allow-transfer {192.168.15.10;};
> 	allow-query {127.0.0.1;192.168.10/24;192.168.15/24;};
> };
> 
> zone "15.168.192.IN-ADDR.ARPA" in {
> 	type master;
> 	file "db.192.168.15";
> 	allow-transfer {192.168.15.10;};
> 	allow-query {127.0.0.1;192.168.10/24;192.168.15/24;};
> };
> 
> zone "20.23.172.IN-ADDR.ARPA" in {
> 	type master;
> 	file "db.172.23.20";
> 	allow-transfer {192.168.15.10;};
> 	allow-query {127.0.0.1;192.168.10/24;192.168.15/24;};
> };
> 