Unable to completely transfer root zone

alcol alcol alcol at hotmail.com
Mon Feb 10 20:01:34 UTC 2020


Hi usually it is a common problem. If u'r succesful via u'r root access, it mean is not a network or BIND related but FULL PATH and File Permission issue.

Daemons does not run with root privilege for priviledge escalation and specially bind and others are jailed.

Check if all paths are not relative (all places) and FILEs permission (not forgetting directory permission ( R X W )

as last some security program could intercept it as a malicious action and lock it.

Some checks on the way but is the common scenario when it is succesful via u'r root access and not via daemon



Alberto



________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of von Dein, Thomas <Thomas.vonDein at f-i-ts.de>
Sent: Monday, February 10, 2020 6:53 PM
To: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Unable to completely transfer root zone

Hi everyone,

we are unable to complete root zone transfer from our nameservers. This is the error we're getting:

Feb 10 18:33:32 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: connected using 192.168.1.1#11281
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: resetting
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: connected using 192.168.1.1#46875
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: failed while receiving responses: connection reset
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: Transfer status: connection reset
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: Transfer completed: 11 messages, 3058 records, 179403 bytes, 0.410 secs (437568 bytes/sec)

I can, however do it manually using "dig +tcp . axfr @lax.xfr.dns.icann.org".

The relevant part of the config is:

zone "." {
        type slave;
        file "zone/slave/root.slave";
        masters {
                192.0.32.132;   // lax.xfr.dns.icann.org.
                192.0.47.132;   // iad.xfr.dns.icann.org.
        };
        notify no;
};

Does anyone have an idea, what's wrong here and how I could possibly fix this?


Thanks in advance,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200210/c5117c77/attachment.htm>


More information about the bind-users mailing list