I have a master and secondary DNS server. The secondary tries to do a zone-transfer from the master, but reports a connection
refused.
However, the master claims it approved the transfer.
Both master and slave are test machines.
The strange thing is: There are only 4 UDP packets between master and slave, while a zone transfer for the same domain between a
production master and slave contains over 30 packets.
The only difference is that the test systems are located in two different subnets 192.168.1.0/24 and 192.168.101.0/24, while the
production pair is within the same subnet 192.168.1.0/24
I also added another test machine within the 192.168.101.0/24 network and I can set up mirroring between those two.
So the problem seems to be setting up mirroring between different subnets. What do I have to consider when I do this?
Thanks,
MARK
The server (master) seems to allow the transfer:
------------------------------------------------
requestmgr_detach: 0x9d363c0: eref 1 iref 0
client 192.168.101.96#34085: UDP request
client 192.168.101.96#34085: request is not signed
client 192.168.101.96#34085: recursion available: approved
client 192.168.101.96#34085: query
client 192.168.101.96#34085: query 'my-domain.com/IN' approved
client 192.168.101.96#34085: send
client 192.168.101.96#34085: sendto
client 192.168.101.96#34085: senddone
client 192.168.101.96#34085: next
client 192.168.101.96#34085: endrequest
client @0x9d14eb0: udprecv
However, the client (sceondary mirror) says:
--------------------------------------------
queue_xfrin: zone my-domain.com/IN: enter
zone my-domain.com/IN: no database exists yet, requesting AXFR of initial version from 192.168.1.22#53
transfer of 'my-domain.com/IN' from 192.168.1.22#53: failed to connect: connection refused
zone my-domain.com/IN: zone transfer finished: connection refused
transfer of 'my-domain.com/IN' from 192.168.1.22#53: end of transfer
What is the problem here?
The master configuration file is:
---------------------------------
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-transfer { 192.168.0.0/16; };
};
logging {
category "unmatched" { "debug"; "default_syslog"; "default_debug"; };
category "default" { "debug"; "default_syslog"; "default_debug"; };
channel "debug" {
file "/tmp/named_debug";
severity debug 3;
};
};
zone "my-domain.com" {
notify no;
type slave;
file "pz/named.<MY_DOMAIN>.com";
masters { 192.168.1.136; };
};
Slave config file:
------------------
// Default named.conf generated by install of bind-9.2.4-2
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
logging {
category "unmatched" { "debug"; "default_syslog"; "default_debug"; };
category "default" { "debug"; "default_syslog"; "default_debug"; };
channel "debug" {
file "/tmp/named_debug";
severity debug 3;
};
};
zone "my-domain.com" {
notify no;
type slave;
file "pz/named.my-domain.com";
masters { 192.168.1.136; };
};
Thanks,
MARK
