zone transfers timeout in bind but work via dig
Mark Jeftovic
markjr at c3po.easydns.com
Wed Sep 29 21:12:18 UTC 2004
I've posted about this before and I thought it was an issue with
bind9 slaving from windows masters but we've since seen it with
bind9 masters (not so much with bind8 masters).
Problem is when slaving from a domain the refresh times out:
Sep 29 16:29:55 ns1 named[16120]: zone example.com/IN: refresh:
failure trying master 64.246.202.101#53: timed out
But we can do both AXFR's and IXFR's from the command line:
dig @64.246.202.101 axfr example.com
<...zone comes down...>
ig @64.246.202.101 ixfr=0 example.com
<...zone comes down...>
When I've seen this in the past it has ended up being a firewall on
the remote end was not allowing port 53 udp outbound (at least that's
what they told us when it started working again)
So the question is this:
What is the difference between doing an AXFR or IXFR from the command
line using dig, and then having bind9 timeout on the refresh when it
tries to do it in production?
-mark
More information about the bind-users
mailing list