problem with ixfr
Carl Byington
carl at five-ten-sg.com
Mon Jun 5 17:01:27 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I added:
> server 205.147.60.192 { edns no; };
> server 205.147.40.34 { edns no; };
> in the view containing these zones, and 'rndc reconfig' to make that take
> effect. ns1 still does AXFR only. Next time I update these, I will run
> tcpdump on both sides.
Well, running 'tcpdump -s0 -vv -i eth0 -nn -l' gives the following. Let me
know if you want some other flavor of tcpdump. It looks like ns1 asks for
the SOA, and the immediately opens a tcp socket and does the AXFR.
09:18:37.000109 IP (tos 0x0, ttl 64, id 28133, offset 0, flags [DF],
proto 17, length: 128) 205.147.40.34.39143 > 205.147.60.192.53: [udp
sum ok] 13107 op6+% [b2&3=0x3333] [13107a] [13107q] [13107n]
[13107au][|domain]
09:18:37.150103 IP (tos 0x0, ttl 61, id 48595, offset 0, flags [DF],
proto 17, length: 40) 205.147.60.192.53 > 205.147.40.34.39143: [udp
sum ok] 13107 op6 FormErr- [0q] 0/0/0 (12)
09:18:50.611016 IP (tos 0x0, ttl 64, id 64700, offset 0, flags [DF],
proto 17, length: 116) 205.147.40.34.53 > 205.147.60.192.53: [udp sum
ok] 37293 notify [b2&3=0x2400] [1a] SOA? blackholes.five-ten-sg.com.
blackholes.five-ten-sg.com. SOA ns.five-ten-sg.com.
carl.five-ten-sg.com. 2006060501 14400 3600 864000 3600 (88)
09:18:50.771380 IP (tos 0x0, ttl 61, id 49054, offset 0, flags [DF],
proto 17, length: 72) 205.147.60.192.53 > 205.147.40.34.53: [udp sum
ok] 37293 notify* q: SOA? blackholes.five-ten-sg.com. 0/0/0 (44)
09:18:50.772129 IP (tos 0x0, ttl 61, id 33287, offset 0, flags [DF],
proto 17, length: 72) 205.147.60.192.53 > 205.147.40.34.53: [udp sum
ok] 63271 SOA? blackholes.five-ten-sg.com. (44)
09:18:50.772436 IP (tos 0x0, ttl 64, id 33308, offset 0, flags [DF],
proto 17, length: 534) 205.147.40.34.53 > 205.147.60.192.53: [udp sum
ok] 63271* q: SOA? blackholes.five-ten-sg.com. 1/12/14
blackholes.five-ten-sg.com. SOA ns.five-ten-sg.com.
carl.five-ten-sg.com. 2006060501 14400 3600 864000 3600 ns:
blackholes.five-ten-sg.com. NS k.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS l.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS a.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS b.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS c.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS d.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS e.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS f.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS g.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS h.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS i.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS j.b.five-ten-sg.com. ar:
a.b.five-ten-sg.com. A 205.147.60.192, a.b.five-ten-sg.com. A
205.147.40.34, b.b.five-ten-sg.com. A 72.21.58.98, c.b.five-ten-sg.com.
A 216.163.188.152, d.b.five-ten-sg.com. A 207.228.46.66,
e.b.five-ten-sg.com. A 209.142.2.9, f.b.five-ten-sg.com. A
66.207.139.132, g.b.five-ten-sg.com. A 207.18.128.242,
h.b.five-ten-sg.com. A 209.120.196.43, i.b.five-ten-sg.com. A
195.250.98.20, j.b.five-ten-sg.com. A 202.67.240.220,
j.b.five-ten-sg.com. A 202.67.240.219, k.b.five-ten-sg.com. A
66.158.128.11, l.b.five-ten-sg.com. A 64.71.97.21 (506)
09:18:50.976261 IP (tos 0x0, ttl 61, id 54898, offset 0, flags [DF],
proto 6, length: 60) 205.147.60.192.33003 > 205.147.40.34.53: S [tcp
sum ok] 2396882430:2396882430(0) win 5840 <mss 1460,sackOK,timestamp
158487436 0,nop,wscale 2>
09:18:50.976291 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
6, length: 60) 205.147.40.34.53 > 205.147.60.192.33003: S [tcp sum ok]
2893478063:2893478063(0) ack 2396882431 win 5792 <mss
1460,sackOK,timestamp 864593791 158487436,nop,wscale 2>
09:18:51.166644 IP (tos 0x0, ttl 61, id 54900, offset 0, flags [DF],
proto 6, length: 52) 205.147.60.192.33003 > 205.147.40.34.53: . [tcp
sum ok] 1:1(0) ack 1 win 1460 <nop,nop,timestamp 158487641 864593791>
09:18:51.167519 IP (tos 0x0, ttl 61, id 54902, offset 0, flags [DF],
proto 6, length: 54) 205.147.60.192.33003 > 205.147.40.34.53: P [tcp
sum ok] 1:3(2) ack 1 win 1460 <nop,nop,timestamp 158487641 864593791>
09:18:51.167543 IP (tos 0x0, ttl 64, id 20622, offset 0, flags [DF],
proto 6, length: 52) 205.147.40.34.53 > 205.147.60.192.33003: . [tcp
sum ok] 1:1(0) ack 3 win 1448 <nop,nop,timestamp 864593982 158487641>
09:18:51.283575 IP (tos 0x0, ttl 61, id 54904, offset 0, flags [DF],
proto 6, length: 96) 205.147.60.192.33003 > 205.147.40.34.53: P [tcp
sum ok] 3:47(44) ack 1 win 1460 <nop,nop,timestamp 158487756 864593982>
0 [b2&3=0x1] [0q] [2658au] ar: [|domain]
09:18:51.283599 IP (tos 0x0, ttl 64, id 20624, offset 0, flags [DF],
proto 6, length: 52) 205.147.40.34.53 > 205.147.60.192.33003: . [tcp
sum ok] 1:1(0) ack 47 win 1448 <nop,nop,timestamp 864594098 158487756>
09:18:51.289697 IP (tos 0x0, ttl 64, id 20626, offset 0, flags [DF],
proto 6, length: 1500) 205.147.40.34.53 > 205.147.60.192.33003: . [tcp
sum ok] 1:1449(1448) ack 47 win 1448 <nop,nop,timestamp 864594105
158487756> 14932* q: AXFR? blackholes.five-ten-sg.com. 642/0/0
blackholes.five-ten-sg.com. SOA ns.five-ten-sg.com.
carl.five-ten-sg.com. 2006060501 14400 3600 864000 3600,
blackholes.five-ten-sg.com. NS a.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS b.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS c.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS d.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS e.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS f.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS g.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS h.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS i.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS j.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS k.b.five-ten-sg.com.,
blackholes.five-ten-sg.com. NS l.b.five-ten-sg.com.,
*.10.blackholes.five-ten-sg.com. CNAME
rfc1918.misc.blackholes.five-ten-sg.com.,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFEhGNIL6j7milTFsERAs7uAJ0QUcdoxlcHruMcVrmNUf787IXNNgCdF56K
SO2iKJJncmfJpqxlYyu/Jn4=
=lSXW
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list