Unable to transfer IPv4 reverse zone

Daniel Lintott daniel at serverb.co.uk
Thu Dec 19 19:27:51 UTC 2013


On 19/12/13 18:37, Timothe Litt wrote:
> I doubt you'll get help without providing configuration data for 
> master
> and slaves and exact log and error messages.
> 
> But I'll take one blind guess.  DNSSEC validation enabled and your
> in-addr.arpa zones are not delegated and not in DLV?
> 

DNSSEC is not currently used on these servers.

The following is logged on the slave:
Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: connected using
192.168.5.2#47108

Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while receiving
responses: SERVFAIL

Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: Transfer completed: 0
messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)

Dig returns the following:
[root at server2 ~]# dig @192.168.5.1 5.168.192.in-addr.arpa AXFR

; <<>> DiG 9.9.4-P1 <<>> @192.168.5.1 5.168.192.in-addr.arpa AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.

There are no errors reported on the master server.

Master - named.conf

include "/etc/named.conf.local";

options {
	directory "/var/named";
	pid-file "/var/run/named/named.pid";
	};

zone "." {
	type hint;
	file "/etc/db.cache";
	};

key rndc-key {
	algorithm hmac-md5;
	secret "XXX";
	};
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
	};

Configuration of the problem reverse zone:

zone "5.168.192.in-addr.arpa" {
        type master;
	file "/var/named/5.168.192.in-addr.arpa.hosts";
        allow-transfer {
                192.168.5.2;
                };
	allow-update {
		key rndc-key;
		};
        };

Slave Zone Configuration:

zone "5.168.192.in-addr.arpa" {
	type slave;
	masters {
		192.168.5.1;
		};
	file "/var/named/slaves/192.168.5.rev";
	};


More information about the bind-users mailing list