rcode 5, refused since upgrade

jim glass4545 at gmail.com
Thu Jan 6 17:51:36 UTC 2011


Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1.
Pretty much copied the named.conf file from one to the other.
We are a slave for a three other sites, two I download the zones OK, one I
get REFUSED since the upgrade.
I thought permissions or config error on my side but have not found anything

Sniffer trace shows my server requesting:
 Question Section: Type =  Transfer of entire zone of authority (AXFR.252)
and remote master replying
 Response code = Refused (5)

Shooting in the dark, I stopped signing my zone and took out;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
but no change.

Could it be a miss-configure on my side to have the master refuse to allow a
zone transfer? I ask the remote zone admin if they could check but have not
heard back yet. I just have a hard time understanding how my upgrade would
have their zone refuse to transfer to the same IP address and FQDN.

Refused - The name server refuses to
perform the specified operation for
policy reasons.  For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110106/21d7165f/attachment.html>

More information about the bind-users mailing list