Problems transferring zones with TSIG.

Mark Andrews Mark_Andrews at isc.org
Fri Oct 20 14:30:04 UTC 2006


> Zone transfers between two RHEL 4.4 systems, both running bind 9.2.4,
> were working. I wanted to add TSIG to the mix. I have the keyfile on
> both servers and that part appears to be ok, as you can see in the
> output, below, that my server says the request has a valid signature.
> The transfers fail though. Yes, I checked the time and both systems
> are the same and getting it via ntp. I don't understand what the
> problem is. Suggestions? This is happening for all of my domains.
> 
> Oct 19 22:42:44.936 client 64.124.174.11#43385: UDP request
> Oct 19 22:42:44.937 client 64.124.174.11#43385: request has valid signature
> Oct 19 22:42:44.937 client 64.124.174.11#43385: query
> Oct 19 22:42:44.937 client 64.124.174.11#43385: query
> 'tales-of-the-wanderer.com/IN' approved

	Allowed by allow-query.

> Oct 19 22:42:44.937 client 64.124.174.11#43385: send
> Oct 19 22:42:44.938 client 64.124.174.11#43385: sendto
> Oct 19 22:42:44.938 client 64.124.174.11#43385: senddone
> Oct 19 22:42:44.938 client 64.124.174.11#43385: next
> Oct 19 22:42:44.938 client 64.124.174.11#43385: endrequest
> Oct 19 22:42:44.938 client @0x8f68618: udprecv
> Oct 19 22:42:45.089 client 64.124.174.11#40903: new TCP connection
> Oct 19 22:42:45.090 client 64.124.174.11#40903: replace
> Oct 19 22:42:45.090 clientmgr @0x8e5d390: createclients
> Oct 19 22:42:45.090 clientmgr @0x8e5d390: recycle
> Oct 19 22:42:45.090 client 64.124.174.11#40903: read
> Oct 19 22:42:45.090 client @0x8f095d0: accept
> Oct 19 22:42:45.129 client 64.124.174.11#40903: TCP request
> Oct 19 22:42:45.129 client 64.124.174.11#40903: request has valid signature
> Oct 19 22:42:45.129 client 64.124.174.11#40903: query
> Oct 19 22:42:45.129 client 64.124.174.11#40903: zone transfer
> 'tales-of-the-wanderer.com/IN' denied

	Denied by allow-transfer.

	Since you havn't posted your configuration that as far
	as anyone here can go.

> Oct 19 22:42:45.130 client 64.124.174.11#40903: zone transfer setup failed
> Oct 19 22:42:45.130 client 64.124.174.11#40903: error
> Oct 19 22:42:45.130 client 64.124.174.11#40903: send
> Oct 19 22:42:45.130 client 64.124.174.11#40903: sendto
> Oct 19 22:42:45.131 client 64.124.174.11#40903: senddone
> Oct 19 22:42:45.131 client 64.124.174.11#40903: next
> Oct 19 22:42:45.131 client 64.124.174.11#40903: endrequest
> Oct 19 22:42:45.131 client 64.124.174.11#40903: read
> Oct 19 22:42:45.203 client 64.124.174.11#40903: next
> Oct 19 22:42:45.204 client 64.124.174.11#40903: request failed: end of file
> Oct 19 22:42:45.204 client 64.124.174.11#40903: endrequest
> Oct 19 22:42:45.204 client 64.124.174.11#40903: closetcp
> Oct 19 22:42:45.351 client 64.124.174.11#40904: new TCP connection
> Oct 19 22:42:45.351 client 64.124.174.11#40904: replace
> Oct 19 22:42:45.351 clientmgr @0x8e5d390: createclients
> Oct 19 22:42:45.351 clientmgr @0x8e5d390: recycle
> Oct 19 22:42:45.351 client 64.124.174.11#40904: read
> Oct 19 22:42:45.351 client @0x8f28c70: accept
> Oct 19 22:42:45.409 client 64.124.174.11#40904: TCP request
> Oct 19 22:42:45.410 client 64.124.174.11#40904: request has valid signature
> Oct 19 22:42:45.410 client 64.124.174.11#40904: query
> Oct 19 22:42:45.410 client 64.124.174.11#40904: query
> 'tales-of-the-wanderer.com/IN' approved
> Oct 19 22:42:45.410 client 64.124.174.11#40904: send
> Oct 19 22:42:45.411 client 64.124.174.11#40904: sendto
> Oct 19 22:42:45.411 client 64.124.174.11#40904: senddone
> Oct 19 22:42:45.411 client 64.124.174.11#40904: next
> Oct 19 22:42:45.411 client 64.124.174.11#40904: endrequest
> Oct 19 22:42:45.412 client 64.124.174.11#40904: read
> Oct 19 22:42:45.563 client 64.124.174.11#40904: TCP request
> Oct 19 22:42:45.563 client 64.124.174.11#40904: request has valid signature
> Oct 19 22:42:45.563 client 64.124.174.11#40904: query
> Oct 19 22:42:45.564 client 64.124.174.11#40904: zone transfer
> 'tales-of-the-wanderer.com/IN' denied
> Oct 19 22:42:45.564 client 64.124.174.11#40904: zone transfer setup failed
> Oct 19 22:42:45.564 client 64.124.174.11#40904: error
> Oct 19 22:42:45.564 client 64.124.174.11#40904: send
> Oct 19 22:42:45.564 client 64.124.174.11#40904: sendto
> Oct 19 22:42:45.565 client 64.124.174.11#40904: senddone
> Oct 19 22:42:45.565 client 64.124.174.11#40904: next
> Oct 19 22:42:45.565 client 64.124.174.11#40904: endrequest
> Oct 19 22:42:45.565 client 64.124.174.11#40904: read
> Oct 19 22:42:45.594 client 64.124.174.11#40904: next
> Oct 19 22:42:45.594 client 64.124.174.11#40904: request failed: end of file
> Oct 19 22:42:45.594 client 64.124.174.11#40904: endrequest
> Oct 19 22:42:45.594 client 64.124.174.11#40904: closetcp
> -- 
>         -ste
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list