Newbie - Zone Transfer Denied

creature gijon creature.gijon at gmail.com
Sun Aug 27 14:17:43 UTC 2006


Hi there,
I'm new with BIND and got this message when trying to receive zones in a
slave from the master:

Aug 27 15:51:37 mortadelo named[10644]: zone tuxland.com/IN: Transfer
started.
Aug 27 15:51:37 mortadelo named[10644]: transfer of 'tuxland.com/IN' from
100.100.100.2#53: connected using 100.100.100.1#37276
Aug 27 15:51:37 mortadelo named[10644]: transfer of 'tuxland.com/IN' from
100.100.100.2#53: failed while receiving responses: REFUSED
Aug 27 15:51:37 mortadelo named[10644]: transfer of 'tuxland.com/IN' from
100.100.100.2#53: end of transfer

In the machine with the master got the message:

Aug 27 16:53:52 filemon named[7231]: running
Aug 27 16:54:41 filemon named[7231]: client ::ffff:100.100.100.1#37276: zone
transfer 'tuxland.com/IN' denied

There is no firewall active.
Any idea about what i'm doing wrong?
Thanks in advance for your help.
Below you can find the named.conf from the master, from the slave, and "
tuxland.com" zone file data:

By the way, i'm using Suse10.

**********************************
Machine: mortadelo
Acting as DNS server master
named.conf data
*********************************
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle at suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.  It works
as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {

        # The directory statement defines the name server's working
directory

        directory "/var/lib/named";

        # Write dump and statistics file to the log subdirectory.  The
        # pathenames are relative to the chroot jail.

        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";

        # The forwarders record contains a list of servers to which queries
        # should be forwarded.  Enable this line and modify the IP address
to
        # your provider's name server.  Up to three servers may be listed.

        #forwarders { 192.0.2.1; 192.0.2.2; };

        # Enable the next entry to prefer usage of the name server declared
in
        # the forwarders section.

        #forward first;

        # The listen-on record contains a list of local network interfaces
to
        # listen on.  Optionally the port can be specified.  Default is to
        # listen on all interfaces found on your system.  The default port
is
        # 53.

        #listen-on port 53 { 127.0.0.1; };

        # The listen-on-v6 record enables or disables listening on IPv6
        # interfaces.  Allowed values are 'any' and 'none' or a list of
        # addresses.

        listen-on-v6 { any; };

        # The next three statements may be needed if a firewall stands
between
        # the local server and the internet.

        #query-source address * port 53;
        #transfer-source * port 53;
        #notify-source * port 53;

        # The allow-query record contains a list of networks or IP addresses
        # to accept and deny queries from. The default is to allow queries
        # from all hosts.

        #allow-query { 127.0.0.1; };

        # If notify is set to yes (default), notify messages are sent to
other
        # name servers when the the zone data is changed.  Instead of
setting
        # a global 'notify' statement in the 'options' section, a separate
        # 'notify' can be added to each zone definition.

        notify no;
        forwarders { 82.82.82.82; 83.83.83.83; };
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
#       # Log queries to a file limited to a size of 100 MB.
#       channel query_logging {
#               file "/var/log/named_querylog"
#                       versions 3 size 100M;
#               print-time yes;                 // timestamp log entries
#       };
#       category queries {
#               query_logging;
#       };
#
#       # Or log this kind alternatively to syslog.
#       channel syslog_queries {
#               syslog user;
#               severity info;
#       };
#       category queries { syslog_queries; };
#
#       # Log general name server errors to syslog.
#       channel syslog_errors {
#               syslog user;
#               severity error;
#       };
#       category default { syslog_errors;  };
#
#       # Don't log lame server messages.
#       category lame-servers { null; };
#};

# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
        type hint;
        file "root.hint";
};

zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";
zone "tuxland.com" in {
        file "master/tuxland.com";
        type master;
        allow-query { any; };
        allow-transfer { 100.100.100.1; };
};

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SuSE for more details.




**********************************
Machine: mortadelo
Acting as DNS server master
tuxland.com file data
*********************************

$TTL 2d
@               IN SOA          tuxland.com.    root.tuxland.com. (
                                2006082502      ; serial
                                3h              ; refresh
                                1h              ; retry
                                1w              ; expiry
                                1d )            ; minimum

@       IN NS           dnsmaster.tuxland.com.
@       IN NS           dnsslave.tuxland.com.

@                 IN A            100.100.100.2
dnsmaster     IN A            100.100.100.2
dnsslave        IN A            100.100.100.1

**********************************
Machine: filemon
Acting as DNS server slave
named.conf file
*********************************
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle at suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.  It works
as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {

        # The directory statement defines the name server's working
directory

        directory "/var/lib/named";

        # Write dump and statistics file to the log subdirectory.  The
        # pathenames are relative to the chroot jail.

        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";

        # The forwarders record contains a list of servers to which queries
        # should be forwarded.  Enable this line and modify the IP address
to
        # your provider's name server.  Up to three servers may be listed.

        forwarders { 82.82.82.82; 83.83.83.83; };

        # Enable the next entry to prefer usage of the name server declared
in
        # the forwarders section.

        #forward first;

        # The listen-on record contains a list of local network interfaces
to
        # listen on.  Optionally the port can be specified.  Default is to
        # listen on all interfaces found on your system.  The default port
is
        # 53.

        #listen-on port 53 { 127.0.0.1; };

        # The listen-on-v6 record enables or disables listening on IPv6
        # interfaces.  Allowed values are 'any' and 'none' or a list of
        # addresses.

        listen-on-v6 { any; };

        # The next three statements may be needed if a firewall stands
between
        # the local server and the internet.

        #query-source address * port 53;
        #transfer-source * port 53;
        #notify-source * port 53;

        # The allow-query record contains a list of networks or IP addresses
        # to accept and deny queries from. The default is to allow queries
        # from all hosts.

        #allow-query { 127.0.0.1; };

        # If notify is set to yes (default), notify messages are sent to
other
        # name servers when the the zone data is changed.  Instead of
setting
        # a global 'notify' statement in the 'options' section, a separate
        # 'notify' can be added to each zone definition.

        notify no;
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
#       # Log queries to a file limited to a size of 100 MB.
#       channel query_logging {
#               file "/var/log/named_querylog"
#                       versions 3 size 100M;
#               print-time yes;                 // timestamp log entries
#       };
#       category queries {
#               query_logging;
#       };
#
#       # Or log this kind alternatively to syslog.
#       channel syslog_queries {
#               syslog user;
#               severity info;
#       };
#       category queries { syslog_queries; };
#
#       # Log general name server errors to syslog.
#       channel syslog_errors {
#               syslog user;
#               severity error;
#       };
#       category default { syslog_errors;  };
#
#       # Don't log lame server messages.
#       category lame-servers { null; };
#};

# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
        type hint;
        file "root.hint";
};


zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";
zone "tuxland.com" in {
        type slave;
        file "slave/datadnsslave.tuxland.com";
        allow-query { any; };
        allow-transfer { 100.100.100.2; };
        masters { 100.100.100.2; };
};

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.




More information about the bind-users mailing list