Unable to get Zone transfer to work
Jeff Reasoner
jeff.reasoner at mail.hccanet.org
Thu Dec 20 17:34:01 UTC 2007
Try adding this to your named.conf options clause
allow-transfer { 192.168.1.11; };
Also the allow-notify statement probably isn't needed given the zone
file you've included. However, if you change the A records to the public
NAT IP addresses, you will need to add something like
also-notify { 192.168.1.11; };
On Thu, 2007-12-20 at 11:45 -0500, Vincent Yonemitsu wrote:
> Ok,
> I have a pair of Bind servers 9.xx running on fedora.
> These are sitting on IP's 192.168.1.10 and 192.168.1.11 master and slave
> respectively.
>
> They have static Nats to the outside world of 99.99.99.10 and 99.99.99.11
> I am unable to get the master zone on the master to transfer to the slave.
> Here is my named.conf on the master
>
> [root at ns1 named]# cat /etc/named.conf
> acl "trusted" {
> localhost;
> 192.168.0.0/24;
> 192.168.1.0/24;
> };
>
> options {
> directory "/var/named";
> allow-recursion { trusted; };
> allow-query { trusted; };
> allow-notify {192.168.1.11; };
> version "get lost";
> listen-on {
> 192.168.1.10;
> 127.0.0.1;
> };
> forwarders {
> 207.181.101.4;
> 207.181.101.5;
> };
> forward first;
> recursion yes;
> };
>
> logging{
> channel example_log{
> file "/var/log/named/example.log" versions 3 size 2m;
> severity info;
> print-severity yes;
> print-time yes;
> print-category yes;
> };
>
> category default{
> example_log;
> };
> };
>
> zone "." {
> type hint;
> file "/var/named/root.servers";
> };
> zone "mydomain.com" in{
> type master;
> file "/var/named/mydomain.com.zone";
> allow-transfer {192.168.1.11;};
> };
>
> Here is the mydomain.com zone file.
>
> [root at ns1 named]# cat mydomain.com.zone
> $TTL 86400
> mydomain.com. IN SOA ns1.mydomain.com. ns2.mydomain.com. (
> 200712201
> 60
> 3600
> 604800
> 38400
> )
>
> mydomain.com. IN NS ns1.mydomain.com.
> mydomain.com. IN NS ns2.mydomain.com.
> mydomain.com. IN MX 10 mail.mydomain.com.
>
> www IN A 99.99.99.230
> mail IN A 99.99.99.229
> ns1 IN A 192.168.1.10
> ns2 IN A 192.168.1.11
> ldap IN A 99.99.99.232
> iis IN A 99.99.99.231
> dms IN A 99.99.99.234
> brback IN A 99.99.99.233
>
>
> Here is the named.conf file on the Slave
>
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]#
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# ls
> data dynamic named.ca named.empty named.localhost named.loopback
> root.servers slaves
> [root at ns2 named]# service named stop
> Stopping named: [ OK ]
> [root at ns2 named]# vi soilengineersltd.com
> [root at ns2 named]# service named start
> Starting named: [ OK ]
> [root at ns2 named]# ls
> data named.ca named.localhost root.servers soilengineersltd.com
> dynamic named.empty named.loopback slaves
> [root at ns2 named]# service named stop
> Stopping named: [ OK ]
> [root at ns2 named]# vi soilengineersltd.com.zone
> [root at ns2 named]# service named start
> Starting named: [ OK ]
> [root at ns2 named]# cat soilengineersltd.com.zone
> [root at ns2 named]# rm soilengineersltd.com
> rm: remove regular empty file `soilengineersltd.com'? y
> [root at ns2 named]# ls
> data named.ca named.localhost root.servers
> soilengineersltd.com.zone
> dynamic named.empty named.loopback slaves
> [root at ns2 named]# cat named.conf
> cat: named.conf: No such file or directory
> [root at ns2 named]# cat /etc/named.conf
> acl "trusted" {
> localhost;
> 192.168.0.0/24;
> 192.168.1.0/24;
> };
>
> options {
> directory "/var/named";
> allow-recursion { trusted; };
> allow-query { trusted; };
> version "get lost";
> allow-transfer {192.168.1.10;};
> listen-on {
> 192.168.1.11;
> 127.0.0.1;
> };
> forwarders {
> 207.181.101.4;
> 207.181.101.5;
> };
> forward first;
> recursion yes;
> };
>
> logging{
> channel example_log{
> file "/var/log/named/example.log" versions 3 size 2m;
> severity info;
> print-severity yes;
> print-time yes;
> print-category yes;
> };
>
> category default{
> example_log;
> };
> };
>
> zone "." {
> type hint;
> file "/var/named/root.servers";
> };
> zone "soilengineersltd.com" in{
> type slave;
> file "/var/named/soilengineersltd.com.zone";
> masters {192.168.1.10; };
> };
>
>
> Here is named.conf file on the Slave
>
> [root at ns2 named]# cat /etc/named.conf
> acl "trusted" {
> localhost;
> 192.168.0.0/24;
> 192.168.1.0/24;
> };
>
> options {
> directory "/var/named";
> allow-recursion { trusted; };
> allow-query { trusted; };
> version "get lost";
> allow-transfer {192.168.1.10;};
> listen-on {
> 192.168.1.11;
> 127.0.0.1;
> };
> forwarders {
> 207.181.101.4;
> 207.181.101.5;
> };
> forward first;
> recursion yes;
> };
>
> logging{
> channel example_log{
> file "/var/log/named/example.log" versions 3 size 2m;
> severity info;
> print-severity yes;
> print-time yes;
> print-category yes;
> };
>
> category default{
> example_log;
> };
> };
>
> zone "." {
> type hint;
> file "/var/named/root.servers";
> };
> zone "mydomain.com" in{
> type slave;
> file "/var/named/mydomain.com.zone";
> masters {192.168.1.10; };
> };
>
>
> Any Ideas on where I screwed up? The server can ping eahcother and can
> resolave against eachother but the zone file won't transfer.
> I created a blank /var/named/mydomain.com.zone on the slave but it
> continues to be empty after many bounces of the server...Ps I reduced the
> refresh to 60 to try and hurry up the process.
>
> --
>
> Vincent Yonemitsu
> Information Technology and Infrastructure Manager
> vincentyonemitsu at soilengineersltd.com
> Tel. (416) 754-8515 x 270
>
> 100 Nugget Avenue
> Toronto, Ontario M1S 3A7
> Toll Free Tel. (800) 268-5624 x 270
> Fax: (416) 754-8516
>
> This message is intended only for the use of the individual to which it is
> addressed and contains information that is privileged and confidential. If
> this e-mail is not intended for you, any reading, distribution, copying,
> or disclosure of this e-mail is strictly prohibited. If you have received
> this communication in error, please notify Soil Engineers Ltd.
> immediately. Soil Engineers Ltd. assumes no liability for any unauthorized
> use or alteration of the contents or attachments of this e-mail.
>
> Have a look at our website: http://www.soilengineersltd.com
>
>
>
--
Jeff Reasoner
HCCA
513 728-7902 office
513 728-7958 fax
More information about the bind-users
mailing list