A Zone Transfer Question

David Li dlipubkey at gmail.com
Tue Feb 23 01:12:32 UTC 2016 

Hi Mark,

Thanks for the explanation!

At this time all my stuff are internal to the data center so I just
added an option to listen to the IPv4 only. This seems to have made
these error messages gone away.

I do have another question:  If I don't need to do reverse lookup, do
I still need PTR records? In other words, is there any downside if I
don't have PTR records in my zone files?

David





On Mon, Feb 22, 2016 at 4:04 PM, Mark Andrews <marka at isc.org> wrote:
>
> This is named trying to talk to nameservers over IPv6 and being
> told by the OS that they are unreachable.
>
> At this point in time you should be yelling at your ISP to supply
> you with IPv6 connectivity if they aren't already as the world ran
> out of IPv4 addresses years ago and the network is only running
> because ISP's that don't have enough addresses are sharing them
> between multiple customers which is costing everyone in one way or
> another.
>
> If your ISP is offering you IPv6 you may need to update your CPE
> router to one which supports IPv6.
>
> There is no valid excuse for a ISP not supplying IPv6 in 2016.  They
> have had over a decade to plan for how to deliver IPv6 to you.
>
> Mark
>
>
> In message <CAEuTsAyDpMHZiKENFyZEpPxgAfQAzfDecSBtzjX+h7F4YGpKGg at mail.gmail.com>
> , David Li writes:
>> Barry and others:
>>
>> Thanks for the help!
>> It's my bad that the slave zone's subnet range was missing from
>> allow-query. I also added the slave IP explicitly to the
>> allow-transfer option. Now it's seems to be working.
>>
>>
>> Another issue that I haven't quite figured out is the errors in the
>> syslog. I have no idea where these are coming from:
>>
>>
>>
>> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
>> resolving 'node2/A/IN': 2001:503:c27::2:30#53
>> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
>> resolving 'node2/A/IN': 2001:7fd::1#53
>> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
>> resolving './NS/IN': 2001:500:1::803f:235#53
>> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
>> resolving './NS/IN': 2001:503:c27::2:30#53
>> Feb 22 15:27:33 dli-centos7 named[2170]: error (network unreachable)
>> resolving './NS/IN': 2001:7fd::1#53
>> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
>> resolving 'node2/A/IN': 2001:dc3::35#53
>> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
>> resolving 'node2/A/IN': 2001:7fe::53#53
>> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
>> resolving './NS/IN': 2001:dc3::35#53
>> Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
>> resolving './NS/
>>
>>
>> I don't have a zone file that have these records defined. Any idea?
>>
>> David
>>
>>
>>
>>
>> > ------------------------------
>> >
>> > Message: 3
>> > Date: Fri, 19 Feb 2016 21:25:43 -0500
>> > From: Barry Margolin <barmar at alum.mit.edu>
>> > To: comp-protocols-dns-bind at isc.org
>> > Subject: Re: A Zone Transfer Question
>> > Message-ID: <barmar-B6877F.21254319022016 at 88-209-239-213.giganet.hu>
>> >
>> > In article <mailman.269.1455926963.73610.bind-users at lists.isc.org>,
>> >  David Li <dlipubkey at gmail.com> wrote:
>> >
>> >> Hi John,
>> >>
>> >> Well, I was wrong about the log. I did find some info about why zone
>> >> transfer failed. On one server running zone rack1.com, I see:
>> >>
>> >> Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#20745
>> >> (rack1.com): query 'rack1.com/SOA/IN' denied
>> >> Feb 19 16:04:27 dli-centos7 named[13882]: client 10.4.3.101#52612
>> >> (rack1.com): transfer of 'rack1.com/IN': IXFR ended
>> >>
>> >> Any idea why it's denied?
>> >
>> > VM1 has the option:
>> >
>> >     allow-query {
>> >        10.4.1/24;
>> >        127.0.0.1;
>> >     };
>> >
>> > 10.4.3.101 isn't in 10.4.1/24. The slave has to be allowed to query the
>> > master.
>> >
>> > --
>> > Barry Margolin
>> > Arlington, MA
>> >
>> >
>> > ------------------------------
>> >
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>  from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list