Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?

Augie Schwer augie.schwer at gmail.com
Fri Mar 8 00:24:55 UTC 2013


Verify that you can query their name server like so:

dig soa rpz.spamhaus.org @199.168.90.52

and if that is successful, test that you can perform a transfer:

dig axfr rpz.spamhaus.org @199.168.90.52

I can tell you that my slaves to Spamhaus's name servers are working just
fine.




On Thu, Mar 7, 2013 at 4:02 PM, <pgbind9 at ml1.net> wrote:

> hi,
>
> i've installed
>
>  named -v
>   BIND 9.9.2-rpz+rl.028.23-P1
>
> i've registered my nameserver IP with spamhaus for use of its RPZ list;
> i've been approved for access.
>
> i've setup my bind9 conf for slave access to a spamhaus RPZ
>
>         ...
>         acl rpz4_spamhaus     { 199.168.90.51; 199.168.90.52;
>         199.168.90.53; };
>         masters rpz4_spamhaus { 199.168.90.51; 199.168.90.52;
>         199.168.90.53; };
>         ...
>           channel bind_rpzlog {
>             file "/var/log/bind-rpz.log" versions 10 size 5m;
>             print-time yes;
>             print-category yes;
>             print-severity yes;
>             severity debug;
>           };
>         ...
>           category rpz           { bind_rpzlog;    };
>         ...
>         view "internal" {
>         ...
>         response-policy {
>           zone "drop.rpz.spamhaus.org";
>         };
>         ...
>           zone "drop.rpz.spamhaus.org" IN {
>             type slave;
>             file "/namedb/slave/drop.rpz.spamhaus.org.zone";
>             masters { rpz4_spamhaus; };
>             allow-query { localhost; };
>             allow-transfer { rpz4_spamhaus; };
>             request-ixfr yes;
>             notify no;
>           };
>         ...
>
> Bind launches initially with no errors, but xfer log eventually reports:
>
>         ...
>         07-Mar-2013 13:26:25.657 xfer-in: error: transfer of
>         'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
>         failed to connect: timed out
>         07-Mar-2013 13:26:25.657 xfer-in: info: transfer of
>         'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.51#53:
>         Transfer completed: 0 messages, 0 records, 0 bytes, 7.010 secs
>         (0 bytes/sec)
>         07-Mar-2013 13:27:17.673 xfer-in: error: transfer of
>         'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
>         failed to connect: timed out
>         07-Mar-2013 13:27:17.673 xfer-in: info: transfer of
>         'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.52#53:
>         Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
>         (0 bytes/sec)
>         07-Mar-2013 13:28:09.689 xfer-in: error: transfer of
>         'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
>         failed to connect: timed out
>         07-Mar-2013 13:28:09.689 xfer-in: info: transfer of
>         'drop.rpz.spamhaus.org/IN/internal' from 199.168.90.53#53:
>         Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs
>         (0 bytes/sec)
>         ...
>
> the RPZ log @ /var/log/bind-rpz.log is created on bind start, but is
> completely empty.
>
> if i
>
>   rndc -k /usr/local/etc/named/keys/rndc-key retransfer
>   drop.rpz.spamhaus.org
>
> logs show only
>
>  ==> /var/log/bind-main.log <==
>   07-Mar-2013 13:58:43.576 general: info: received control channel
>   command 'retransfer drop.rpz.spamhaus.org'
>
> but nothing improves/changes.
>
> I've no idea as to why the 'failed to connect' message.  As an obvious
> result, no local zone file is created/written.
>
> Where should I start looking/debugging for the cause of this failed
> transfer?  Any other hints?
>
> Thanks!
>
> -pg
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Augie Schwer    -    Augie at Schwer.us    -    http://schwer.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130307/5e6eb4f4/attachment.html>


More information about the bind-users mailing list