AXFR/IN' denied

jeffrey j donovan donovan at beth.k12.pa.us
Thu Apr 28 03:10:22 UTC 2011 

Greetings

I have 2 systems master and slave, the slave seems to not allow the zone transfer.

master 192.168.1.2

//////////////////////////
////// mydomain.com////

zone "mydomain.com" {
	type master;
	file "domain.db";
	allow-transfer { 192.168.96.3; };
	allow-update {none;};
};

zone "96.168.192.in-addr.arpa" {
	type master;
	file "in-arpa-192/REV-NOC.db";
};

zone "97.168.192.in-addr.arpa" {
	type master;
	file "in-arpa-192/REV-EDC.db";
};


slave; 192.168.1.3

//////////////////////////
////// mydomain.com////

zone "mydomain.com" {
	type slave;
	masters { 192.168.96.2; };
	file "domain.db";
	allow-transfer {none;};
};

zone "96.168.192.in-addr.arpa" {
	type slave;
 	masters { 192.168.96.2; };
	file "in-arpa-209/REV-NOC.db";
};

zone "97.168.192.in-addr.arpa" {
	type slave;
 	masters { 209.96.96.2; };
	file "in-arpa-209/REV-EDC.db";
};


here is the log output

from master
-Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied
-Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied

from slave


27-Apr-2011 22:57:23.039 general: info: zone 96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started.
27-Apr-2011 22:57:23.041 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: connected using 192.168.96.3#60755
27-Apr-2011 22:57:23.042 xfer-in: error: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed while receiving responses: REFUSED
27-Apr-2011 22:57:23.042 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)


firewall on the slave is off and the master has an allow statement for dns
12310    27110    1096192 allow tcp from any to any dst-port 53
12310  2124656  168384287 allow udp from any to any dst-port 53


not sure what I missed , any insight would be helpful

-j

More information about the bind-users mailing list