BIND 9 errors

Y z yankel at hotmail.com
Thu Jul 1 14:59:22 UTC 2010


Thanks for your reply, comments inline:

> Peter Andreev wrote (on Thu, Jul 01, 2010 at 10:45:44AM +0400):
> 2010/7/1 Y z 
>
>>
>> (bind version 9.7.0-P1)
>>
>> A DNS slave server has two IPs: an internal RFC1918 number to talk to
>> the internal net, and an external one to talk to the rest of the world.
>>
>> If I *don't* put the external IP in a master:
>>
>> zone "example.com" {
>> type slave;
>> file "example";
>> masters port 1053 { 172.16.0.30; } ;

This is the internal IP of the (true) master.

>> };
>
>> I get errors:
>>
>> Jun 30 14:03:54 hostname named[1865]: zone example.com/IN: refused notify
>> from non-master: external.ip#59808
>>
> This error appears because your master sends notify from external.ip, which
> isn't listed in "masters {};" statement.

No. Sorry if I was confusing. external.ip belongs to the slave server;
i.e., the slave server appears to want to talk to itself.

>> Whereas, if I *do* put the IP in as a master, I get:
>>
>> Jun 30 14:02:08 hostname named[1792]: transfer of 'example.com/IN' from
>> external.ip#1053 failed to connect: connection refused
>>
> And this error appears because your master doesn't configured to allow
> connections to external.ip#1053.

The slave (external.ip) doesn't, it is true. But the true master does; I
just checked. Again, I'm theorizing that (somewhere) NAT is confusing
the box into wanting to talk to itself.

> It will be very helpful in resolving your problem if you provide
> "options{};" part of your named.conf file.

ok:

options {
pid-file "/var/run/bind/run/named.pid";
directory "/var/named";
allow-recursion { 127.0.0.1; internal.net; external.ip.subnet; };
allow-transfer { external.slave.ip; internal.ip; external.ip };
/* both internal.ip and external.ip are assigned to this host;
external.slave.ip is a host on another network */

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

>> (the reason I'm using port 1053 is because the real master is running
>> on two different instances, one on port 53, and one on port 1053).
>>
>> Despite the errors, the zones still seem to function. So, what do I do
>> to make the errors go away?
>>
>> Thanks!
 		 	   		  
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5


More information about the bind-users mailing list