Re: Unable to slave root zones
On 04/07/17 09:21, Tony Finch wrote: Mark Knightwrote: I've just noticed (after the slave zones expired), that the root name servers have been refusing my zone transfer requests since the end of March. This is because Cloudflare are now helping isc.org to host f.root-servers.net, and the Cloudflare instances don't allow zone transfers. https://lists.dns-oarc.net/pipermail/dns-operations/2017-March/016150.html I have switched to transferring the root zone from k.root-servers.net. ICANN has "sanctioned" servers for doing root zone transfers that are separate from the root DNS servers. See: http://www.dns.icann.org/services/axfr/ It's probably better to use the servers listed there (although they do appear to be US-centric), to avoid having to deal with changes akin to f-root. michael ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to slave root zones
Mark Knightwrote: > I've just noticed (after the slave zones expired), that the root name servers > have been refusing my zone transfer requests since the end of March. This is because Cloudflare are now helping isc.org to host f.root-servers.net, and the Cloudflare instances don't allow zone transfers. https://lists.dns-oarc.net/pipermail/dns-operations/2017-March/016150.html I have switched to transferring the root zone from k.root-servers.net. Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode South Utsire: Northwesterly 5 or 6, occasionally 7 at first in southeast, backing westerly 4 or 5. Slight or moderate, occasionally rough at first in southeast. Occasional drizzle, fog patches. Moderate or good, occasionally very poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to slave root zones
On 2017-04-07 15:26:57 +, Matus UHLAR - fantomas said: On 07.04.17 07:36, Mark Knight wrote: I've just noticed (after the slave zones expired), that the root name servers have been refusing my zone transfer requests since the end of March. My confirm is per the standard named.conf example, e.g.: zone "." { type slave; file "/usr/local/etc/namedb/slave/root.slave"; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; allow-query { localnets; }; notify no; }; 1. are you sure you need slaving the root? most of clients doesn't... 2. there are ~13 servers for root zone. did you check on more of them? $ for ns in a b c d e f g h i j k l m ; do echo $ns: ; dig . axfr @$ns.root-servers.net | wc ; done a: 4 15 96 b: 22529 169284 2231035 c: 22529 169284 2231028 d: 4 15 96 e: 4 15 96 f: 4 15 96 g: 22529 169284 2231030 h: 4 15 96 i: 4 15 96 j: 4 15 96 k: 22529 169284 2231030 l: 4 15 96 m: 4 15 96 IPv4 only; 4 lines is a REFUSED. Sam -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to slave root zones
On 07.04.17 07:36, Mark Knight wrote: I've just noticed (after the slave zones expired), that the root name servers have been refusing my zone transfer requests since the end of March. My confirm is per the standard named.conf example, e.g.: zone "." { type slave; file "/usr/local/etc/namedb/slave/root.slave"; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; allow-query { localnets; }; notify no; }; 1. are you sure you need slaving the root? most of clients doesn't... 2. there are ~13 servers for root zone. did you check on more of them? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to slave root zones
* Mark Knight2017.04.07 16:36: > masters { > 192.5.5.241;// F.ROOT-SERVERS.NET. > }; Hi Mark, I had the same issue basically. Tracing the zone transfers with dig it turned out they worked for IPv6, but no longer work for IPv4. So I ended up with this: masters { 2001:500:2f::f; }; // @f.root-servers.net Regards Thomas signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Unable to slave root zones
I've just noticed (after the slave zones expired), that the root name servers have been refusing my zone transfer requests since the end of March. My confirm is per the standard named.conf example, e.g.: zone "." { type slave; file "/usr/local/etc/namedb/slave/root.slave"; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; allow-query { localnets; }; notify no; }; Apr 7 00:06:29 steamer named[25909]: transfer of './IN' from 192.5.5.241#53: Transfer status: REFUSED Apr 7 13:21:20 steamer named[550]: transfer of 'arpa/IN' from 192.5.5.241#53: Transfer status: REFUSED I cannot find any announcement that this is now disallowed, any ideas what's changed or how I should do this? Thanks, Mark -- Mark Knight Mobile: +44 7753 250584. http://www.knigma.org/ Email: ma...@knigma.org. Skype: knigma ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users