Re: Problem-In-TranferingZone

2015-12-06 Thread Anand Buddhdev 
On 06/12/15 06:59, Ejaz wrote:

Hi Ejaz,

> I have implemented new slave server and wanted to  get all the 2000 zones
> from primary/master server to the new slave one. But zone file  some time
> comes with empty records and sometimes  appears as below, Any idea Would be
> highly appreciated. 

You have not provided even a single piece of detail about your
configuration, such as how you tried to copy the zones from the master
to the slave. Did you use scp or sync? Did you configure the slave to do
zone transfer? We can't read your mind.

If you want help, please ask some better questions, and provide:

1. Your configuration
2. What you expected to see
3. Log snippets from your slave server
4. Your BIND version
5. Any other relevant information about what commands you typed, etc

Regards,
Anand
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Problem-In-TranferingZone

2015-12-06 Thread Ejaz 
Sorry for that. Thanks for your reply.. below are the details. 

 

My config

 

//

// named.conf

 

options {

listen-on port 53 { 127.0.0.1; 1.1.1.1;};

listen-on-v6 port 53 { ::1; };

directory   "/var/named";

dump-file   "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

masterfile-format text;

//  allow-query { localhost; };

 

transfers-out 5000 ;

allow-transfer { myslave server ip;};

allow-query {127.0.0.0/8;.;}

;

/*

 - If you are building an AUTHORITATIVE DNS server, do NOT enable recurs

ion.

 - If you are building a RECURSIVE (caching) DNS server, you need to ena

ble

   recursion.

 - If your recursive DNS server has a public IP address, you MUST enable

access

   control to limit queries to your legitimate users. Failing to do so w

ill

   cause your server to become part of large scale DNS amplification

   attacks. Implementing BCP38 within your network would greatly

   reduce such attack surface

*/

recursion yes;

 

dnssec-enable yes;

dnssec-validation yes;

 

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

 

managed-keys-directory "/var/named/dynamic";

 

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

};

 

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

 

 

I wanted to see all the transferred zones from master  server to the slave 
should be  readable format. Instead of raw… 

 

 

Few logs entries from the slave server 

 

ords, 0 bytes, 0.005 secs (0 bytes/sec)

Dec  6 13:24:26 ns10 named[2202]: transfer of 'alinmaipo.com/IN' from 
212.93.192.4#53: failed while receiving responses: REFUSED

Dec  6 13:24:26 ns10 named[2202]: transfer of 'alinmaipo.com/IN' from 
212.93.192.4#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.005 secs 
(0 bytes/sec)

Dec  6 13:24:26 ns10 named[2202]: zone mustafa.com/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

6 13:24:23 ns10 named[2202]: transfer of 'alinmainvestment.com/IN' from 
212.93.192.4#53: connected using 212.119.93.5#45083

Dec  6 13:24:23 ns10 named[2202]: transfer of 'alahlitrade.com/IN' from 
212.93.192.4#53: connected using 212.119.93.5#40208

Dec  6 13:24:23 ns10 named[2202]: transfer of 'alinmainvestment.com/IN' from 
212.93.192.4#53: failed while receiving responses: REFUSED

Dec  6 13:24:23 ns10 named[2202]: transfer of 'alinmainvestment.com/IN' from 
212.93.192.4#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.003 secs 
(0 bytes/sec)

Dec  6 13:24:23 ns10 named[2202]: transfer of 'alahlitrade.com/IN' from 
212.93.192.4#53: failed while receiving responses: REFUSED

Dec  6 13:24:23 ns10 named[2202]: transfer of 'alahlitrade.com/IN' from 
212.93.192.4#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.004 secs 
(0 bytes/sec)

Dec  6 13:24:23 ns10 named[2202]: zone ejaz.com/IN: refresh: unexpected rcode 
(REFUSED) from master 212.119.64.6#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]: zone ejaz.com/IN: Transfer started.

Dec  6 13:24:23 ns10 named[2202]: zone amoudico.com/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]: zone c-r.com.sa/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]: zone intawana.net/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]: transfer of 'ejaz.com/IN' from 
212.119.64.6#53: connected using 212.119.93.5#42454

Dec  6 13:24:23 ns10 named[2202]: zone smc-groups.com/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]: zone tsf.com.sa/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]: zone cepcomed.com.com/IN: refresh: 
non-authoritative answer from master 212.119.92.5#53 (source 0.0.0.0#0)

Dec  6 13:24:23 ns10 named[2202]:

 

 

 

Master server 

[root@ns6 named]# named -v

BIND 9.9.8 (Extended Support Version) 

 

 

Slave server

 

[root@ns10 named]# named -v

BIND 9.9.4-RedHat-9.9.4-29.el7 (Extended Support Version)

 

 

 

I am trying to retrieve all the zones together from the master. Did not copied 
from the old serer 

 

 

 

Ejaz 

 

-Original Message-
From: Anand Buddhdev [mailto:ana...@ripe.net] 
Sent: Sunday, December 6, 20