On 19/12/13 18:37, Timothe Litt wrote:
> I doubt you'll get help without providing configuration data for
> master
> and slaves and exact log and error messages.
>
> But I'll take one blind guess. DNSSEC validation enabled and your
> in-addr.arpa zones are not delegated and not in DLV?
>
DNSSEC is not currently used on these servers.
The following is logged on the slave:
Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: connected using
192.168.5.2#47108
Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: failed while receiving
responses: SERVFAIL
Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: Transfer completed: 0
messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
Dig returns the following:
[root@server2 ~]# dig @192.168.5.1 5.168.192.in-addr.arpa AXFR
; <<>> DiG 9.9.4-P1 <<>> @192.168.5.1 5.168.192.in-addr.arpa AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.
There are no errors reported on the master server.
Master - named.conf
include "/etc/named.conf.local";
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
};
zone "." {
type hint;
file "/etc/db.cache";
};
key rndc-key {
algorithm hmac-md5;
secret "XXX";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};
Configuration of the problem reverse zone:
zone "5.168.192.in-addr.arpa" {
type master;
file "/var/named/5.168.192.in-addr.arpa.hosts";
allow-transfer {
192.168.5.2;
};
allow-update {
key rndc-key;
};
};
Slave Zone Configuration:
zone "5.168.192.in-addr.arpa" {
type slave;
masters {
192.168.5.1;
};
file "/var/named/slaves/192.168.5.rev";
};
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
