Unable to transfer IPv4 reverse zone

/dev/rob0 rob0 at gmx.co.uk
Thu Dec 19 19:37:33 UTC 2013


On Thu, Dec 19, 2013 at 07:27:51PM +0000, Daniel Lintott wrote:
> On 19/12/13 18:37, Timothe Litt wrote:
> > I doubt you'll get help without providing configuration data for 
> > master
> > and slaves and exact log and error messages.
> > 
> > But I'll take one blind guess.  DNSSEC validation enabled and 
> > your in-addr.arpa zones are not delegated and not in DLV?

I'll offer a guess as well.

> DNSSEC is not currently used on these servers.
> 
> The following is logged on the slave:
> Dec 19 17:51:48 server2 named[7866]: transfer of
> '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: connected using
> 192.168.5.2#47108
> 
> Dec 19 17:51:48 server2 named[7866]: transfer of
> '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while 
> receiving responses: SERVFAIL
> 
> Dec 19 17:51:48 server2 named[7866]: transfer of
> '5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: Transfer 
> completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
> 
> Dig returns the following:
> [root at server2 ~]# dig @192.168.5.1 5.168.192.in-addr.arpa AXFR
> 
> ; <<>> DiG 9.9.4-P1 <<>> @192.168.5.1 5.168.192.in-addr.arpa AXFR
> ; (1 server found)
> ;; global options: +cmd
> ; Transfer failed.
> 
> There are no errors reported on the master server.

How about when the zone loaded initially? I suspect a problem in the 
master zone file itself. Try named-checkzone(8) on it.

Can you query SOA and PTR records from the master?
    dig 5.168.192.in-addr.arpa. any @192.168.5.1
    dig 1.5.168.192.in-addr.arpa. any @192.168.5.1
Try this also on the master itself.

Note also, regarding logging, that depending on your syslogd's 
configuration you might see errors in a different file than logs of 
lower syslog priority.

> Master - named.conf
> 
> include "/etc/named.conf.local";
> 
> options {
> 	directory "/var/named";
> 	pid-file "/var/run/named/named.pid";
> 	};
> 
> zone "." {
> 	type hint;
> 	file "/etc/db.cache";
> 	};
> 
> key rndc-key {
> 	algorithm hmac-md5;
> 	secret "XXX";
> 	};
> controls {
> 	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
> 	};
> 
> Configuration of the problem reverse zone:
> 
> zone "5.168.192.in-addr.arpa" {
>         type master;
> 	file "/var/named/5.168.192.in-addr.arpa.hosts";
>         allow-transfer {
>                 192.168.5.2;
>                 };
> 	allow-update {
> 		key rndc-key;
> 		};
>         };
> 
> Slave Zone Configuration:
> 
> zone "5.168.192.in-addr.arpa" {
> 	type slave;
> 	masters {
> 		192.168.5.1;
> 		};
> 	file "/var/named/slaves/192.168.5.rev";
> 	};
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:


More information about the bind-users mailing list