This is a discussion on Re: ; Transfer failed. on dig axfr with bind9 - DNS ; Clemens Bergmann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > hi, > I have a problem getting AXFR work with bind9. > because of the fact that i have 8 zone file i don't attach everyting he= re. ...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I have a problem getting AXFR work with bind9.
> because of the fact that i have 8 zone file i don't attach everyting he=
re. I putted my config file on a webserver so you can view it.
> The URI is http://angel.homelinux.org/bind/
> I need AXFR but when I do a `dig home.loc AXFR` i get:
> ; <<>> DiG 9.2.4rc5 <<>> home.loc AXFR
> ;; global options: printcmd
> ; Transfer failed.
> same from the server directly and from a pc in 192.168.0.1/24;
> i also tried to do with "@192.168.0.254" respectively "@127.0.0.1" but =
that does not chage anything.
> obviously something is send back from the NS because when i start ether=
eal on the pc i do the request i get a package back but with "[Unreassemb=
led Packet]" (I don't know what that means).
> Here is the tcpdump -w output for that package so you can open it up in=
ethereal an have a look (package 8):
> In hope of quick response
> sorry for my bad english i am not a native english speaker (german)
I cannot see the problem, but i see some other problems :
your external view misses hint zone=20
2/ you use forwarders. In a few special cases is this needed but in most =
cases it will only complicate things and get worse performance. Get rid o=
f them !
slave for "2nd-angel.de" is 18.104.22.168 ( according to delegation)
You allow 22.214.171.124 Is this intentional ?
in spite of your good idea to have config+files avaliable "on demand" i g=
You don't have permission to access /bind/zones/2nd-angel.de.zone on this=
(this might not mean that there is a fault in the file only that i cannot=
(and your english is fully understandable, this is a technical discussion=
not an english grammar contest !)
Peter H=E5kanson =20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out=
remove "icke-reklam" if you feel for mailing me. Thanx.