AXFR/IN' denied

Torinthiel torinthiel at data.pl
Thu Apr 28 05:10:28 UTC 2011 

On 04/28/11 05:10, jeffrey j donovan wrote:
> Greetings
> 
> I have 2 systems master and slave, the slave seems to not allow the zone transfer.

It's the master that doesn't allow zone transfer. You have
allow-transfer and allow-update in mydomain.com (which I guess is
transfering correctly, at least nothing you've written says otherwise),
but you don't have these in reverse zones.
Torinthiel

> 
> master 192.168.1.2
> 
> //////////////////////////
> ////// mydomain.com////
> 
> zone "mydomain.com" {
> 	type master;
> 	file "domain.db";
> 	allow-transfer { 192.168.96.3; };
> 	allow-update {none;};
> };
> 
> zone "96.168.192.in-addr.arpa" {
> 	type master;
> 	file "in-arpa-192/REV-NOC.db";
> };
> 
> zone "97.168.192.in-addr.arpa" {
> 	type master;
> 	file "in-arpa-192/REV-EDC.db";
> };
> 
> 
> slave; 192.168.1.3
> 
> //////////////////////////
> ////// mydomain.com////
> 
> zone "mydomain.com" {
> 	type slave;
> 	masters { 192.168.96.2; };
> 	file "domain.db";
> 	allow-transfer {none;};
> };
> 
> zone "96.168.192.in-addr.arpa" {
> 	type slave;
>  	masters { 192.168.96.2; };
> 	file "in-arpa-209/REV-NOC.db";
> };
> 
> zone "97.168.192.in-addr.arpa" {
> 	type slave;
>  	masters { 209.96.96.2; };
> 	file "in-arpa-209/REV-EDC.db";
> };
> 
> 
> here is the log output
> 
> from master
> -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60712: view com.basd.DNS.public: zone transfer '96.168.192.in-addr.arpa/AXFR/IN' denied
> -Apr-2011 22:54:17.539 security: error: client 192.168.96.3#60737: view com.basd.DNS.public: zone transfer '97.168.192.in-addr.arpa/AXFR/IN' denied
> 
> from slave
> 
> 
> 27-Apr-2011 22:57:23.039 general: info: zone 96.168.192.in-addr.arpa/IN/com.basd.DNS.public: Transfer started.
> 27-Apr-2011 22:57:23.041 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: connected using 192.168.96.3#60755
> 27-Apr-2011 22:57:23.042 xfer-in: error: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: failed while receiving responses: REFUSED
> 27-Apr-2011 22:57:23.042 xfer-in: info: transfer of '96.168.192.in-addr.arpa/IN/com.basd.DNS.public' from 192.168.96.2#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
> 
> 
> firewall on the slave is off and the master has an allow statement for dns
> 12310    27110    1096192 allow tcp from any to any dst-port 53
> 12310  2124656  168384287 allow udp from any to any dst-port 53
> 
> 
> not sure what I missed , any insight would be helpful
> 
> -j
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110428/c7ced602/attachment.bin>

More information about the bind-users mailing list