9.14 -> 9.16 - Slaves zones fail to transfer - dns_request_createvia4() failed: permission denied
Lars-Johan Liman
liman at netnod.se
Mon Mar 30 06:08:15 UTC 2020
Why?
marka at isc.org 2020-03-30 09:00 [+1100]:
> Stop using a fixed reserved port for transfers.
>> On 30 Mar 2020, at 08:55, Karl Pielorz <karl.pielorz at getonline.co.uk> wrote:
>>
>>
>> Hi,
>>
>> I've recently switched one of our DNS servers from Bind 9.14 to Bind
>> 9.16 - this is under FreeBSD 11.3
>>
>> The switch seemed to go ok - no errors logged, all the master zones
>> loaded - all the slave zones reloaded, and queries worked until
>> today - where we just got:
>>
>> named[72036]: zone mydomain.com/IN: expired
>>
>> And nothing answered for queries for 'mydomain.com' So, wanting a
>> 'quick fix' - I shut down bind, remove the slave zone from disk -
>> and restarted it (thinking it would just pull it in again).
>>
>> This didn't result in a successful AXFR from the master - and
>> instead just another 'expired' error logged.
>>
>> Having turned up logging to 'debug' - I seem to be left with:
>>
>> 22:29:19.116 general: debug 1: soa_query: zone mydomain.com/IN:
>> dns_request_createvia4() failed: permission denied
>>
>> Anyone know if this is the likely cause of the slave zone not
>> getting AXFR'd - and any idea how I can fix it?
>>
>> The same config worked under 9.14 - I can't see anything in our
>> config that's 'broken' in 9.16 (and no errors logged) - and I can
>> manually 'dig' the AXFR from the command line - I'm just a bit
>> stumped as to what 'dns_request_createvia4()' failing could mean,
>> and if that's the likely cause.
>>
>> Regards,
>>
>> -Karl
>> _______________________________________________
>> bind-workers mailing list
>> bind-workers at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-workers
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> _______________________________________________
> bind-workers mailing list
> bind-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-workers
More information about the bind-workers
mailing list