Unable to get Zone transfer to work

Gaston Benitez gbenitez at telecentro.net.ar
Thu Dec 20 18:29:48 UTC 2007


First of all, sorry by my English

Hi, I see in the mail that you are using nat, I guess there is a PIX or 
something. Have you allowed TCP port 53 to go through? Zone transfers are 
made by TCP, you said that queries and ping work ok, maybe there is only udp 
allowed.


bye

Atte. Gaston Benitez
Operaciones Banda Ancha
Cel - 15-5731-1716
Telecentro S.A - 4858-0937
----- Original Message ----- 
From: "Vincent Yonemitsu" <vince at soilengineersltd.com>
To: <jeff.reasoner at mail.hccanet.org>
Cc: <vince at soilengineersltd.com>; <bind-users at isc.org>
Sent: Thursday, December 20, 2007 3:02 PM
Subject: Re: Unable to get Zone transfer to work


>I added that to the named.conf file on the master and bounced the servers
> and waited and still no zone file details on the slave.
>
> -- 
>
> Vincent Yonemitsu
> Information Technology and Infrastructure Manager
> vincentyonemitsu at soilengineersltd.com
> Tel. (416) 754-8515 x 270
>
> 100 Nugget Avenue
> Toronto, Ontario M1S 3A7
> Toll Free Tel. (800) 268-5624 x 270
> Fax: (416) 754-8516
>
> This message is intended only for the use of the individual to which it is
> addressed and contains information that is privileged and confidential. If
> this e-mail is not intended for you, any reading, distribution, copying,
> or disclosure of this e-mail is strictly prohibited. If you have received
> this communication in error, please notify Soil Engineers Ltd.
> immediately. Soil Engineers Ltd. assumes no liability for any unauthorized
> use or alteration of the contents or attachments of this e-mail.
>
> Have a look at our website: http://www.soilengineersltd.com
>
>> Try adding this to your named.conf options clause
>>
>> allow-transfer { 192.168.1.11; };
>>
>> Also the allow-notify statement probably isn't needed given the zone
>> file you've included. However, if you change the A records to the public
>> NAT IP addresses, you will need to add something like
>>
>> also-notify { 192.168.1.11; };
>>
>>
>> On Thu, 2007-12-20 at 11:45 -0500, Vincent Yonemitsu wrote:
>>> Ok,
>>> I have a pair of Bind servers 9.xx running on fedora.
>>> These are sitting on IP's 192.168.1.10 and 192.168.1.11 master and slave
>>> respectively.
>>>
>>> They have static Nats to the outside world of 99.99.99.10 and
>>> 99.99.99.11
>>> I am unable to get the master zone on the master to transfer to the
>>> slave.
>>> Here is my named.conf on the master
>>>
>>> [root at ns1 named]# cat /etc/named.conf
>>> acl "trusted" {
>>>         localhost;
>>>         192.168.0.0/24;
>>>         192.168.1.0/24;
>>> };
>>>
>>> options {
>>>   directory "/var/named";
>>>   allow-recursion { trusted; };
>>>   allow-query { trusted; };
>>>   allow-notify {192.168.1.11; };
>>>   version "get lost";
>>>   listen-on {
>>>                 192.168.1.10;
>>>                 127.0.0.1;
>>>   };
>>>   forwarders {
>>>                 207.181.101.4;
>>>                 207.181.101.5;
>>>   };
>>>   forward first;
>>>   recursion yes;
>>> };
>>>
>>> logging{
>>>   channel example_log{
>>>    file "/var/log/named/example.log" versions 3 size 2m;
>>>    severity info;
>>>    print-severity yes;
>>>    print-time yes;
>>>    print-category yes;
>>>  };
>>>
>>> category default{
>>>   example_log;
>>>  };
>>> };
>>>
>>> zone "." {
>>>   type hint;
>>>   file "/var/named/root.servers";
>>> };
>>> zone "mydomain.com" in{
>>>   type master;
>>>   file "/var/named/mydomain.com.zone";
>>>   allow-transfer {192.168.1.11;};
>>> };
>>>
>>> Here is the mydomain.com zone file.
>>>
>>> [root at ns1 named]# cat mydomain.com.zone
>>> $TTL    86400
>>> mydomain.com.      IN      SOA     ns1.mydomain.com. ns2.mydomain.com. (
>>>                                                         200712201
>>>                                                         60
>>>                                                         3600
>>>                                                         604800
>>>                                                         38400
>>>  )
>>>
>>> mydomain.com.      IN      NS              ns1.mydomain.com.
>>> mydomain.com.      IN      NS              ns2.mydomain.com.
>>> mydomain.com.      IN      MX     10       mail.mydomain.com.
>>>
>>> www              IN      A       99.99.99.230
>>> mail             IN      A       99.99.99.229
>>> ns1              IN      A       192.168.1.10
>>> ns2              IN      A       192.168.1.11
>>> ldap             IN      A       99.99.99.232
>>> iis              IN      A       99.99.99.231
>>> dms              IN      A       99.99.99.234
>>> brback           IN      A       99.99.99.233
>>>
>>>
>>> Here is the named.conf file on the Slave
>>>
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]#
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# ls
>>> data  dynamic  named.ca  named.empty  named.localhost  named.loopback
>>> root.servers  slaves
>>> [root at ns2 named]# service named stop
>>> Stopping named:                                            [  OK  ]
>>> [root at ns2 named]# vi soilengineersltd.com
>>> [root at ns2 named]# service named start
>>> Starting named:                                            [  OK  ]
>>> [root at ns2 named]# ls
>>> data     named.ca     named.localhost  root.servers
>>> soilengineersltd.com
>>> dynamic  named.empty  named.loopback   slaves
>>> [root at ns2 named]# service named stop
>>> Stopping named:                                            [  OK  ]
>>> [root at ns2 named]# vi soilengineersltd.com.zone
>>> [root at ns2 named]# service named start
>>> Starting named:                                            [  OK  ]
>>> [root at ns2 named]# cat soilengineersltd.com.zone
>>> [root at ns2 named]# rm soilengineersltd.com
>>> rm: remove regular empty file `soilengineersltd.com'? y
>>> [root at ns2 named]# ls
>>> data     named.ca     named.localhost  root.servers
>>> soilengineersltd.com.zone
>>> dynamic  named.empty  named.loopback   slaves
>>> [root at ns2 named]# cat named.conf
>>> cat: named.conf: No such file or directory
>>> [root at ns2 named]# cat /etc/named.conf
>>> acl "trusted" {
>>>         localhost;
>>>         192.168.0.0/24;
>>>         192.168.1.0/24;
>>> };
>>>
>>> options {
>>>   directory "/var/named";
>>>   allow-recursion { trusted; };
>>>   allow-query { trusted; };
>>>   version "get lost";
>>>   allow-transfer {192.168.1.10;};
>>>   listen-on {
>>>                 192.168.1.11;
>>>                 127.0.0.1;
>>>   };
>>>   forwarders {
>>>                 207.181.101.4;
>>>                 207.181.101.5;
>>>   };
>>>   forward first;
>>>   recursion yes;
>>> };
>>>
>>> logging{
>>>   channel example_log{
>>>    file "/var/log/named/example.log" versions 3 size 2m;
>>>    severity info;
>>>    print-severity yes;
>>>    print-time yes;
>>>    print-category yes;
>>>  };
>>>
>>> category default{
>>>   example_log;
>>>  };
>>> };
>>>
>>> zone "." {
>>>   type hint;
>>>   file "/var/named/root.servers";
>>> };
>>> zone "soilengineersltd.com" in{
>>>   type slave;
>>>   file "/var/named/soilengineersltd.com.zone";
>>>   masters {192.168.1.10; };
>>> };
>>>
>>>
>>> Here is named.conf file on the Slave
>>>
>>> [root at ns2 named]# cat /etc/named.conf
>>> acl "trusted" {
>>>         localhost;
>>>         192.168.0.0/24;
>>>         192.168.1.0/24;
>>> };
>>>
>>> options {
>>>   directory "/var/named";
>>>   allow-recursion { trusted; };
>>>   allow-query { trusted; };
>>>   version "get lost";
>>>   allow-transfer {192.168.1.10;};
>>>   listen-on {
>>>                 192.168.1.11;
>>>                 127.0.0.1;
>>>   };
>>>   forwarders {
>>>                 207.181.101.4;
>>>                 207.181.101.5;
>>>   };
>>>   forward first;
>>>   recursion yes;
>>> };
>>>
>>> logging{
>>>   channel example_log{
>>>    file "/var/log/named/example.log" versions 3 size 2m;
>>>    severity info;
>>>    print-severity yes;
>>>    print-time yes;
>>>    print-category yes;
>>>  };
>>>
>>> category default{
>>>   example_log;
>>>  };
>>> };
>>>
>>> zone "." {
>>>   type hint;
>>>   file "/var/named/root.servers";
>>> };
>>> zone "mydomain.com" in{
>>>   type slave;
>>>   file "/var/named/mydomain.com.zone";
>>>   masters {192.168.1.10; };
>>> };
>>>
>>>
>>> Any Ideas on where I screwed up? The server can ping eahcother and can
>>> resolave against eachother but the zone file won't transfer.
>>> I created a blank /var/named/mydomain.com.zone on the slave but it
>>> continues to be empty after many bounces of the server...Ps I reduced
>>> the
>>> refresh to 60 to try and hurry up the process.
>>>
>>> --
>>>
>>> Vincent Yonemitsu
>>> Information Technology and Infrastructure Manager
>>> vincentyonemitsu at soilengineersltd.com
>>> Tel. (416) 754-8515 x 270
>>>
>>> 100 Nugget Avenue
>>> Toronto, Ontario M1S 3A7
>>> Toll Free Tel. (800) 268-5624 x 270
>>> Fax: (416) 754-8516
>>>
>>> This message is intended only for the use of the individual to which it
>>> is
>>> addressed and contains information that is privileged and confidential.
>>> If
>>> this e-mail is not intended for you, any reading, distribution, copying,
>>> or disclosure of this e-mail is strictly prohibited. If you have
>>> received
>>> this communication in error, please notify Soil Engineers Ltd.
>>> immediately. Soil Engineers Ltd. assumes no liability for any
>>> unauthorized
>>> use or alteration of the contents or attachments of this e-mail.
>>>
>>> Have a look at our website: http://www.soilengineersltd.com
>>>
>>>
>>>
>> --
>> Jeff Reasoner
>> HCCA
>> 513 728-7902 office
>> 513 728-7958 fax
>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.503 / Virus Database: 269.17.4/1187 - Release Date: 
> 12/16/2007 11:36 AM
> 



More information about the bind-users mailing list