issues transfering zones.

Kevin Darcy kcd at chrysler.com
Thu Nov 6 00:02:22 UTC 2008


Translated from IM-speak, I think the suggestions are:
a) open up TCP/53 through the firewall, or
b) disable the firewall altogether and see if the transfers start working

Option (b) might be possible with a software firewall running on the DNS 
box itself, but if the firewall is a separate box that's integral to a 
defense-in-depth security infrastructure, it might not be possible to 
just "disable" it, without compromising the whole infrastructure.

Option (a) should have been fairly obvious given the previous post in 
the thread.

                                                                         
            - Kevin

odzaen at gmail.com wrote:
> hi dude,
>
> U  can't solve this problem by configure u iptables to open TCP port 53
> or try disable u firewall.. i hope can solve u problem..
>
> Thanks
> Matzain
>
> Dawn Connelly wrote:
>   
>> Has this ever worked? Typically when I see this error, that means that TCP
>> isn't open but UDP is. The notify packet is on UDP53 but the actual zone
>> transfer has to happen on TCP53. Can you telnet <masterIP> 53 from the slave
>> and telnet <slaveIP> 53 from the master? The quota message just means "Dude,
>> I've tried this enough time with a big ol' no go so I'm taking a break and
>> will try again later."
>> On Thu, Oct 30, 2008 at 10:48 AM, Shawn Somers <shawn at skynetbb.com> wrote:
>>
>>   
>>     
>>> I have two hsphere hosting boxes that are not transferring
>>> approximately  DNS zones between them.
>>>
>>> the error logs are full of :
>>> Oct 30 10:27:35 cp named[3754]: transfer of 'xxx.xxx/IN' from
>>> 209.147.123.91#53: end of transfer
>>> Oct 30 10:27:35 cp named[3754]: transfer of 'xxx.xxx/IN' from
>>> 209.147.123.91#53: failed to connect: host unreachable
>>> Oct 30 10:27:35 cp named[3754]: zone xxxx.xxx/IN: Transfer started.
>>> Oct 30 10:27:35 cp named[3754]: zone txxxx.xxx/IN: Transfer started.
>>> Oct 30 10:27:35 cp named[3754]: transfer of 'xxxxx.xxx/IN' from
>>> 209.147.123.91#53: end of transfer
>>> Oct 30 10:27:35 cp named[3754]: zone xx.xxx/IN: zone transfer deferred
>>> due to quota
>>> Oct 30 10:27:35 cp named[3754]: zone xxxxxx.xxx/IN: zone transfer
>>> deferred due to quota
>>> Oct 30 10:27:36 cp named[3754]: zone xxxxx.xxx/IN: zone transfer
>>> deferred due to quota
>>>
>>> Bind version is 9.4.2-P1.
>>>
>>> I can supply configs if needed...
>>>
>>> What would be causing the host unreachable errors? how do I increase the
>>> quota that is causing deferrals?
>>>
>>> the machines have PLENTY of horsepower and memory to spare, so I'm not
>>> worried about overloading them with bind. (dual quads with 16GB of RAM
>>> each)
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Shawn Somers
>>> Systems Administrator
>>> Skynet BroadBand
>>>
>>>
>>>
>>>     
>>>       
>>   
>>     
>
>
>
>
>   



More information about the bind-users mailing list