Zone transfer failing

Danny Mayer mayer at gis.net
Fri Jun 26 21:15:28 UTC 2009


Scott Haneda wrote:
> On Jun 23, 2009, at 3:01 PM, Hauke Lampe wrote:
> 
>> Scott Haneda wrote:
>>
>>> $dig sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
>>
>> Do you block 53/tcp anywhere on the path to your nameserver?
>> It rejects TCP queries:
>>
>> | dig +tcp sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
>> | ;; Connection to 64.84.37.14#53(64.84.37.14) for
>> sugardimplesdesigns.com failed: connection refused.
>>
>> This matches the error log from your secondary:
>>
>>>    Description:
>>>    transfer of 'sugardimplesdesigns.com/IN' from 64.84.37.14#53:
>>> failed to
>>>    connect: connection refused
>>
>> You must allow TCP to port 53 for DNS to function properly.
>>
>>> Appears to me I am refusing them, I do not see it in my logs, what logs
>>> would be it in, or what logging statements would I turn on to be able to
>>> diagnose this?
>>
>> I would probably first check if the server actually listens on 53/tcp
>> (with fuser, netstat or similar) and then use tcpdump.
> 
> 
> Good observation.  This is a long standing issue that I assumed was
> solved.  Named on OS X will go deaf on port 53 tcp for some reason.  I
> just kicked it, and now I can tcp dig it.
> 
> $dig +tcp sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
> ns1.hostwizard.com. scott.hostwizard.com. 2009062206 28800 7200 2419200
> 3600
> 
> I now the men and mice guys are familiar with this, if you guys are
> reading, have you ever pinned this down, or found a solution to it?

You should upgrade to the latest version of BIND9. You didn't mention
the version of BIND9. A connection refused means that it is not
listening at all on that IPaddress/TCP port. If it still fails from time
to time with the latest release version file a bug report with
bind9-bugs at isc.org.

Between NTP and BIND9 you seem to be having quite a few problems! :)

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the bind-users mailing list