Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?
Augie Schwer
augie.schwer at gmail.com
Fri Mar 8 00:24:55 UTC 2013
Verify that you can query their name server like so:
dig soa rpz.spamhaus.org @199.168.90.52
and if that is successful, test that you can perform a transfer:
dig axfr rpz.spamhaus.org @199.168.90.52
I can tell you that my slaves to Spamhaus's name servers are working just
fine.
On Thu, Mar 7, 2013 at 4:02 PM, <pgbind9 at ml1.net> wrote:
> hi,
>
> i've installed
>
> named -v
> BIND 9.9.2-rpz+rl.028.23-P1
>
> i've registered my nameserver IP with spamhaus for use of its RPZ list;
> i've been approved for access.
>
> i've setup my bind9 conf for slave access to a spamhaus RPZ
>
> ...
> acl rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
> 199.168.90.53; };
> masters rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
> 199.168.90.53; };
> ...
> channel bind_rpzlog {
> file "/var/log/bind-rpz.log" versions 10 size 5m;
> print-time yes;
> print-category yes;
> print-severity yes;
> severity debug;
> };
> ...
> category rpz { bind_rpzlog; };
> ...
> view "internal" {
> ...
> response-policy {
> zone "drop.rpz.spamhaus.org";
> };
> ...
> zone "drop.rpz.spamhaus.org" IN {
> type slave;
> file "/namedb/slave/drop.rpz.spamhaus.org.zone";
> masters { rpz4_spamhaus; };
> allow-query { localhost; };
> allow-transfer { rpz4_spamhaus; };
> request-ixfr yes;
> notify no;
> };
> ...
>
> Bind launches initially with no errors, but xfer log eventually reports:
>
> ...
> 07-Mar-2013 13:26:25.657 xfer-in: error: transfer of
> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
> failed to connect: timed out
> 07-Mar-2013 13:26:25.657 xfer-in: info: transfer of
> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
> Transfer completed: 0 messages, 0 records, 0 bytes, 7.010 secs
> (0 bytes/sec)
> 07-Mar-2013 13:27:17.673 xfer-in: error: transfer of
> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
> failed to connect: timed out
> 07-Mar-2013 13:27:17.673 xfer-in: info: transfer of
> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
> Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
> (0 bytes/sec)
> 07-Mar-2013 13:28:09.689 xfer-in: error: transfer of
> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
> failed to connect: timed out
> 07-Mar-2013 13:28:09.689 xfer-in: info: transfer of
> 'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
> Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
> (0 bytes/sec)
> ...
>
> the RPZ log @ /var/log/bind-rpz.log is created on bind start, but is
> completely empty.
>
> if i
>
> rndc -k /usr/local/etc/named/keys/rndc-key retransfer
> drop.rpz.spamhaus.org
>
> logs show only
>
> ==> /var/log/bind-main.log <==
> 07-Mar-2013 13:58:43.576 general: info: received control channel
> command 'retransfer drop.rpz.spamhaus.org'
>
> but nothing improves/changes.
>
> I've no idea as to why the 'failed to connect' message. As an obvious
> result, no local zone file is created/written.
>
> Where should I start looking/debugging for the cause of this failed
> transfer? Any other hints?
>
> Thanks!
>
> -pg
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Augie Schwer - Augie at Schwer.us - http://schwer.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130307/5e6eb4f4/attachment.html>
More information about the bind-users
mailing list