Re: Unable to completely transfer root zone

Mon, 10 Feb 2020 12:02:43 -0800 

Hi usually it is a common problem. If u'r succesful via u'r root access, it 
mean is not a network or BIND related but FULL PATH and File Permission issue.

Daemons does not run with root privilege for priviledge escalation and 
specially bind and others are jailed.

Check if all paths are not relative (all places) and FILEs permission (not 
forgetting directory permission ( R X W )

as last some security program could intercept it as a malicious action and lock 
it.

Some checks on the way but is the common scenario when it is succesful via u'r 
root access and not via daemon



Alberto



________________________________
From: bind-users <bind-users-boun...@lists.isc.org> on behalf of von Dein, 
Thomas <thomas.vond...@f-i-ts.de>
Sent: Monday, February 10, 2020 6:53 PM
To: bind-users@lists.isc.org <bind-users@lists.isc.org>
Subject: Unable to completely transfer root zone

Hi everyone,

we are unable to complete root zone transfer from our nameservers. This is the 
error we're getting:

Feb 10 18:33:32 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: 
connected using 192.168.1.1#11281
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: 
resetting
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: 
connected using 192.168.1.1#46875
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: 
failed while receiving responses: connection reset
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: 
Transfer status: connection reset
Feb 10 18:33:33 bedns2 named[61444]: transfer of './IN' from 192.0.47.132#53: 
Transfer completed: 11 messages, 3058 records, 179403 bytes, 0.410 secs (437568 
bytes/sec)

I can, however do it manually using "dig +tcp . axfr @lax.xfr.dns.icann.org".

The relevant part of the config is:

zone "." {
        type slave;
        file "zone/slave/root.slave";
        masters {
                192.0.32.132;   // lax.xfr.dns.icann.org.
                192.0.47.132;   // iad.xfr.dns.icann.org.
        };
        notify no;
};

Does anyone have an idea, what's wrong here and how I could possibly fix this?


Thanks in advance,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to