unexpected rcode (REFUSED) from master
Mark Andrews
marka at isc.org
Fri Jun 10 00:35:30 UTC 2011
In message <BANLkTinMNhmpxocoTYbFjs_VG0DxUOvWAg at mail.gmail.com>, Face writes:
> Hello all,
>
> I am tring to setup a master/slave using bing BIND 9.8.0-P2. thing seem
> to be working with some problems.
>
> 1. keep reciveing on both master/slave
> Jun 9 18:19:31 localhost named[29444]: managed-keys-zone
> ./IN/internal: loading from master file
> 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys
> failed: file not found
> Jun 9 18:19:31 localhost named[29444]: managed-keys-zone
> ./IN/external: loading from master file
> 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys
> failed: file not found
> named user and group have permissions to:
> /etc/bind.d
> /var/named
> =
You can ignore that unless you have managed-keys clauses in named.conf.
Named has to stop managing keys if the clauses are removed so that is
why you see the messages without managed-keys clauses.
> 2. cannot transfer one of my zones to slave dns
> Jun 9 18:32:50 localhost named[29444]: zone
> \194\173facilitatingkneads.com/IN/external: refresh: unexpected rcode
> (REFUSED) from master 173.214.173.75#53 (source 0.0.0.0#0)
> Jun 9 18:32:50 localhost named[29444]: zone
> \194\173facilitatingkneads.com/IN/external: Transfer started.
> I have another domains with the same setteing transfer fine however this
> domain would not transfer for some reason i dont understand,
> also i see "\194\173" in front of the domain i don't no why?
Because you have a typo in the zone name in named.conf that includes
those characters. \DDD is how non-ascii printable characters are
encoded for ascii presentation. 0x00 (NUL) is encoded as \000. The
D's are decimal values.
> Any help would be much appreciated.
>
>
> here are my named.conf for both master/slave:
> ------------------------------------------------------------------------
> ns1.aldimna.com (Master) 10.0.1.1, 173.214.173.75
> ------------------------------------------------------------------------
> acl "Externals" {173.214.173.77;};
> acl "Internals" {10.0.1.0/27;127.0.0.1; };
> options {
> directory "/etc/bind.d";
> pid-file "/var/run/named/named.pid";
> auth-nxdomain yes;
> datasize default;
> provide-ixfr no;
> forwarders {
> 8.8.8.8;8.8.4.4; # Google DNS
> };
> allow-recursion { 10.0.1.0/27;127.0.0.1; };
> allow-transfer { none; };
> allow-update { none; };
> version none;
> hostname none;
> server-id none;
> check-names master ignore;
> check-names slave ignore;
> also-notify { 173.214.173.75; 173.214.173.77; };
> };
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "S5kzqLD1EkzlaAYCLJYZaA=3D=3D";
> };
>
> controls {
> inet 127.0.0.1 allow { localhost; }
> keys { rndc-key; };
> };
>
> view "internal" {
> match-clients { Internals; };
> recursion yes;
> notify yes;
> allow-transfer { 10.0.1.2; }; =
>
> key DHCP_UPDATER { // DNS UPDATE SECURITY
> algorithm HMAC-MD5.SIG-ALG.REG.INT;
> secret pRP5FapFoJ95JEL06sv4PQ=3D=3D;
> };
> zone "localhost" IN {
> type master;
> file "/etc/bind.d/internals.d/default.d/named.internals.default
> .zone.loca=
> lhost";
> allow-transfer { any; };
> };
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "/etc/bind.d/internals.d/default.d/named.internals.default
> .zone.127.=
> 0.0";
> allow-transfer { any; };
> allow-update { key DHCP_UPDATER; }; // DNS UPDATE SECURITY
> };
> zone "." IN {
> type hint;
> file "/etc/bind.d/internals.d/default.d/named.internals.default
> .root.hint=
> ";
> };
> zone "4legsmanagement.com" {
> type master;
> file "/etc/bind.d/internals.d/domains.d/zone.internals.4legsman
> agement.co=
> m";
> };
> zone "aldimna.com" {
> type master;
> file "/etc/bind.d/internals.d/domains.d/zone.internals.aldimna.
> com";
> allow-update { key DHCP_UPDATER; }; // DNS UPDATE SECURITY
> };
> zone "facilitatingkneads.com" {
> type master;
> file "/etc/bind.d/internals.d/domains.d/zone.internals.facilita
> tingkneads=
> .com";
> };
> zone "1.1.0.10.in-addr.arpa" {
> type master;
> file "/etc/bind.d/internals.d/domains.d/rev.internals.10.0.1.1"
> ;
> };
> zone "2.1.0.10.in-addr.arpa" {
> type master;
> file "/etc/bind.d/internals.d/domains.d/rev.internals.10.0.1.2"
> ;
> };
> };
> view "external" {
> match-clients { !localnets; any; };
> recursion yes;
> notify yes;
> allow-transfer { 173.214.173.77; };
>
> zone "4legsmanagement.com" {
> type master;
> file "/etc/bind.d/externals.d/domains.d/zone.externals.4legsman
> agement.co=
> m";
> };
> zone "aldimna.com" {
> type master;
> file "/etc/bind.d/externals.d/domains.d/zone.externals.aldimna.
> com";
> };
> zone "facilitatingkneads.com" {
> type master;
> file "/etc/bind.d/externals.d/domains.d/zone.externals.facilita
> tingkneads=
> .com";
> };
> zone "75.173.214.173.in-addr.arpa" {
> type master;
> file "/etc/bind.d/externals.d/domains.d/rev.externals.173.214.1
> 73.75";
> };
> zone "77.173.214.173.in-addr.arpa" {
> type master;
> file "/etc/bind.d/externals.d/domains.d/rev.externals.173.214.1
> 73.77";
> };
> };
>
> logging {
> channel xfer-log {
> file "/var/log/named.log";
> print-category yes;
> print-severity yes;
> print-time yes;
> severity info;
> };
> category xfer-in { xfer-log; };
> category xfer-out { xfer-log; };
> category notify { xfer-log; };
>
> channel update-debug {
> file "/var/log/named-update-debug.log";
> severity debug 3;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> channel security-info {
> file "/var/log/named-auth-info.log";
> severity info;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> category update { update-debug; };
> category security { security-info; };
>
> };
>
>
>
>
>
>
> ------------------------------------------------------------------------
> ns2.aldimna.com (Slave) 10.0.1.2, 173.214.173.77
> ------------------------------------------------------------------------
> acl "Externals" {173.214.173.75;};
> acl "Internals" {10.0.1.0/28;127.0.0.1; };
>
> options {
> directory "/var/named";
> pid-file "/var/run/named/named.pid";
> auth-nxdomain yes;
> datasize default;
> provide-ixfr no;
> forwarders {
> 8.8.8.8;8.8.4.4; # Google DNS
> };
> // Default security settings.
> allow-recursion { 10.0.1.0/28;127.0.0.1; };
> allow-transfer { none; };
> allow-update { none; };
> version none;
> hostname none;
> server-id none;
> check-names master ignore;
> check-names slave ignore;
> also-notify { 173.214.173.75; 173.214.173.77; };
> };
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "S5kzqLD1EkzlaAYCLJYZaA=3D=3D";
> };
> controls {
> inet 127.0.0.1 allow { localhost; }
> keys { rndc-key; };
> };
> view "internal" {
> match-clients { Internals; };
> zone "localhost" IN {
> type master;
> file "/etc/bind.d/named.internals.default.zone.localhost";
> allow-transfer { any; };
> };
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "/etc/bind.d/named.internals.default.zone.127.0.0";
> allow-transfer { any; };
> };
> zone "." IN {
> type hint;
> file "/etc/bind.d/named.internals.default.root.hint";
> };
> zone "aldimna.com" {
> type slave;
> file "internals.aldimna.com";
> masters {10.0.1.1;};
> };
> zone "facilitatingkneads.com" {
> type slave;
> file "internals.facilitatingkneads.com";
> masters {10.0.1.1;};
> };
> zone "4legsmanagement.com" {
> type slave;
> file "internals.4legsmanagement.com";
> masters {10.0.1.1;};
> };
> zone "1.1.0.10.in-addr.arpa" {
> type slave;
> file "rev.internals.10.0.1.1";
> masters {10.0.1.1;};
> };
> zone "2.1.0.10.in-addr.arpa" {
> type slave;
> file "rev.internals.10.0.1.2";
> masters {10.0.1.1;};
> };
> };
>
> view "external" {
> match-clients { !localnets; any; };
> allow-query { 173.214.173.75; };
> zone "aldimna.com" {
> type slave;
> =
>
> file "external.aldimna.com";
> masters { 173.214.173.75; };
> };
> zone "4legsmanagement.com" {
> type slave;
> =
>
> file "external.4legsmanagement.com";
> masters { 173.214.173.75; };
> };
> zone "=ADfacilitatingkneads.com" {
> type slave;
> =
>
> file "external.=ADfacilitatingkneads.com";
> masters {173.214.173.75;};
> };
> zone "75.173.214.173.in-addr.arpa" {
> type slave;
> =
>
> file "rev.external.173.214.173.75";
> masters { 173.214.173.75; };
> };
> zone "77.173.214.173.in-addr.arpa" {
> type slave;
> =
>
> file "rev.external.173.214.173.77";
> masters { 173.214.173.75; };
> };
> };
>
> logging {
> channel xfer-log {
> file "/var/log/named.log";
> print-category yes;
> print-severity yes;
> print-time yes;
> severity info;
> };
> category xfer-in { xfer-log; };
> category xfer-out { xfer-log; };
> category notify { xfer-log; };
>
> channel update-debug {
> file "/var/log/named-update-debug.log";
> severity debug 3;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> channel security-info {
> file "/var/log/named-auth-info.log";
> severity info;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> category update { update-debug; };
> category security { security-info; };
>
> };
>
>
>
>
> Any help would be much appreciated.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list