
<div dir="ltr">Verify that you can query their name server like so:<div><br></div><div>dig soa <a href="http://rpz.spamhaus.org">rpz.spamhaus.org</a> @<a href="http://199.168.90.52">199.168.90.52</a><br></div><div><br></div>

<div style>and if that is successful, test that you can perform a transfer:</div><div style><br></div><div style><div>dig axfr <a href="http://rpz.spamhaus.org">rpz.spamhaus.org</a> @<a href="http://199.168.90.52">199.168.90.52</a></div>

<div><br></div><div style>I can tell you that my slaves to Spamhaus's name servers are working just fine.</div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Mar 7, 2013 at 4:02 PM,  <span dir="ltr"><<a href="mailto:pgbind9@ml1.net" target="_blank">pgbind9@ml1.net</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">hi,<br>

<br>

i've installed<br>

<br>

 named -v<br>

  BIND 9.9.2-rpz+rl.028.23-P1<br>

<br>

i've registered my nameserver IP with spamhaus for use of its RPZ list;<br>

i've been approved for access.<br>

<br>

i've setup my bind9 conf for slave access to a spamhaus RPZ<br>

<br>

        ...<br>

        acl rpz4_spamhaus     { 199.168.90.51; 199.168.90.52;<br>

        199.168.90.53; };<br>

        masters rpz4_spamhaus { 199.168.90.51; 199.168.90.52;<br>

        199.168.90.53; };<br>

        ...<br>

          channel bind_rpzlog {<br>

            file "/var/log/bind-rpz.log" versions 10 size 5m;<br>

            print-time yes;<br>

            print-category yes;<br>

            print-severity yes;<br>

            severity debug;<br>

          };<br>

        ...<br>

          category rpz           { bind_rpzlog;    };<br>

        ...<br>

        view "internal" {<br>

        ...<br>

        response-policy {<br>

          zone "<a href="http://drop.rpz.spamhaus.org" target="_blank">drop.rpz.spamhaus.org</a>";<br>

        };<br>

        ...<br>

          zone "<a href="http://drop.rpz.spamhaus.org" target="_blank">drop.rpz.spamhaus.org</a>" IN {<br>

            type slave;<br>

            file "/namedb/slave/drop.rpz.spamhaus.org.zone";<br>

            masters { rpz4_spamhaus; };<br>

            allow-query { localhost; };<br>

            allow-transfer { rpz4_spamhaus; };<br>

            request-ixfr yes;<br>

            notify no;<br>

          };<br>

        ...<br>

<br>

Bind launches initially with no errors, but xfer log eventually reports:<br>

<br>

        ...<br>

        07-Mar-2013 13:26:25.657 xfer-in: error: transfer of<br>

        '<a href="http://drop.rpz.spamhaus.org/IN/internal" target="_blank">drop.rpz.spamhaus.org/IN/internal</a>' from 199.168.90.51#53:<br>

        failed to connect: timed out<br>

        07-Mar-2013 13:26:25.657 xfer-in: info: transfer of<br>

        '<a href="http://drop.rpz.spamhaus.org/IN/internal" target="_blank">drop.rpz.spamhaus.org/IN/internal</a>' from 199.168.90.51#53:<br>

        Transfer completed: 0 messages, 0 records, 0 bytes, 7.010 secs<br>

        (0 bytes/sec)<br>

        07-Mar-2013 13:27:17.673 xfer-in: error: transfer of<br>

        '<a href="http://drop.rpz.spamhaus.org/IN/internal" target="_blank">drop.rpz.spamhaus.org/IN/internal</a>' from 199.168.90.52#53:<br>

        failed to connect: timed out<br>

        07-Mar-2013 13:27:17.673 xfer-in: info: transfer of<br>

        '<a href="http://drop.rpz.spamhaus.org/IN/internal" target="_blank">drop.rpz.spamhaus.org/IN/internal</a>' from 199.168.90.52#53:<br>

        Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs<br>

        (0 bytes/sec)<br>

        07-Mar-2013 13:28:09.689 xfer-in: error: transfer of<br>

        '<a href="http://drop.rpz.spamhaus.org/IN/internal" target="_blank">drop.rpz.spamhaus.org/IN/internal</a>' from 199.168.90.53#53:<br>

        failed to connect: timed out<br>

        07-Mar-2013 13:28:09.689 xfer-in: info: transfer of<br>

        '<a href="http://drop.rpz.spamhaus.org/IN/internal" target="_blank">drop.rpz.spamhaus.org/IN/internal</a>' from 199.168.90.53#53:<br>

        Transfer completed: 0 messages, 0 records, 0 bytes, 7.014 secs<br>

        (0 bytes/sec)<br>

        ...<br>

<br>

the RPZ log @ /var/log/bind-rpz.log is created on bind start, but is<br>

completely empty.<br>

<br>

if i<br>

<br>

  rndc -k /usr/local/etc/named/keys/rndc-key retransfer<br>

  <a href="http://drop.rpz.spamhaus.org" target="_blank">drop.rpz.spamhaus.org</a><br>

<br>

logs show only<br>

<br>

 ==> /var/log/bind-main.log <==<br>

  07-Mar-2013 13:58:43.576 general: info: received control channel<br>

  command 'retransfer <a href="http://drop.rpz.spamhaus.org" target="_blank">drop.rpz.spamhaus.org</a>'<br>

<br>

but nothing improves/changes.<br>

<br>

I've no idea as to why the 'failed to connect' message.  As an obvious<br>

result, no local zone file is created/written.<br>

<br>

Where should I start looking/debugging for the cause of this failed<br>

transfer?  Any other hints?<br>

<br>

Thanks!<br>

<br>

-pg<br>

_______________________________________________<br>

Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>

<br>

bind-users mailing list<br>

<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>

<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>

</blockquote></div><br><br clear="all"><div><br></div>-- <br>Augie Schwer    -    Augie@Schwer.us    -    <a href="http://schwer.us" target="_blank">http://schwer.us</a><br>

</div>