> Hi there,
> I'm new with BIND and got this message when trying to receive zones in a
> slave from the master:
>
> Aug 27 15:51:37 mortadelo named[10644]: zone tuxland.com/IN: Transfer
> started.
> Aug 27 15:51:37 mortadelo named[10644]: transfer of 'tuxland.com/IN' from
> 100.100.100.2#53: connected using 100.100.100.1#37276
> Aug 27 15:51:37 mortadelo named[10644]: transfer of 'tuxland.com/IN' from
> 100.100.100.2#53: failed while receiving responses: REFUSED
> Aug 27 15:51:37 mortadelo named[10644]: transfer of 'tuxland.com/IN' from
> 100.100.100.2#53: end of transfer
>
> In the machine with the master got the message:
>
> Aug 27 16:53:52 filemon named[7231]: running
> Aug 27 16:54:41 filemon named[7231]: client ::ffff:100.100.100.1#37276: zone
> transfer 'tuxland.com/IN' denied


Now if the platform has a non-broken IPv6 stack we wouldn't see
this.

To workaround the broken IPv6 stack set

match-mapped-addresses yes;

> There is no firewall active.
> Any idea about what i'm doing wrong?
> Thanks in advance for your help.
> Below you can find the named.conf from the master, from the slave, and "
> tuxland.com" zone file data:
>
> By the way, i'm using Suse10.
>
> **********************************
> Machine: mortadelo
> Acting as DNS server master
> named.conf data
> *********************************
> # Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
> # All rights reserved.
> #
> # Author: Frank Bodammer, Lars Mueller
> #
> # /etc/named.conf
> #
> # This is a sample configuration file for the name server BIND 9. It works
> as
> # a caching only name server without modification.
> #
> # A sample configuration for setting up your own domain can be found in
> # /usr/share/doc/packages/bind/sample-config.
> #
> # A description of all available options can be found in
> # /usr/share/doc/packages/bind/misc/options.
>
> options {
>
> # The directory statement defines the name server's working
> directory
>
> directory "/var/lib/named";
>
> # Write dump and statistics file to the log subdirectory. The
> # pathenames are relative to the chroot jail.
>
> dump-file "/var/log/named_dump.db";
> statistics-file "/var/log/named.stats";
>
> # The forwarders record contains a list of servers to which queries
> # should be forwarded. Enable this line and modify the IP address
> to
> # your provider's name server. Up to three servers may be listed.
>
> #forwarders { 192.0.2.1; 192.0.2.2; };
>
> # Enable the next entry to prefer usage of the name server declared
> in
> # the forwarders section.
>
> #forward first;
>
> # The listen-on record contains a list of local network interfaces
> to
> # listen on. Optionally the port can be specified. Default is to
> # listen on all interfaces found on your system. The default port
> is
> # 53.
>
> #listen-on port 53 { 127.0.0.1; };
>
> # The listen-on-v6 record enables or disables listening on IPv6
> # interfaces. Allowed values are 'any' and 'none' or a list of
> # addresses.
>
> listen-on-v6 { any; };
>
> # The next three statements may be needed if a firewall stands
> between
> # the local server and the internet.
>
> #query-source address * port 53;
> #transfer-source * port 53;
> #notify-source * port 53;
>
> # The allow-query record contains a list of networks or IP addresses
> # to accept and deny queries from. The default is to allow queries
> # from all hosts.
>
> #allow-query { 127.0.0.1; };
>
> # If notify is set to yes (default), notify messages are sent to
> other
> # name servers when the the zone data is changed. Instead of
> setting
> # a global 'notify' statement in the 'options' section, a separate
> # 'notify' can be added to each zone definition.
>
> notify no;
> forwarders { 82.82.82.82; 83.83.83.83; };
> };
>
> # To configure named's logging remove the leading '#' characters of the
> # following examples.
> #logging {
> # # Log queries to a file limited to a size of 100 MB.
> # channel query_logging {
> # file "/var/log/named_querylog"
> # versions 3 size 100M;
> # print-time yes; // timestamp log entries
> # };
> # category queries {
> # query_logging;
> # };
> #
> # # Or log this kind alternatively to syslog.
> # channel syslog_queries {
> # syslog user;
> # severity info;
> # };
> # category queries { syslog_queries; };
> #
> # # Log general name server errors to syslog.
> # channel syslog_errors {
> # syslog user;
> # severity error;
> # };
> # category default { syslog_errors; };
> #
> # # Don't log lame server messages.
> # category lame-servers { null; };
> #};
>
> # The following zone definitions don't need any modification. The first one
> # is the definition of the root name servers. The second one defines
> # localhost while the third defines the reverse lookup for localhost.
>
> zone "." in {
> type hint;
> file "root.hint";
> };
>
> zone "localhost" in {
> type master;
> file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
> };
>
> # Include the meta include file generated by createNamedConfInclude. This
> # includes all files as configured in NAMED_CONF_INCLUDE_FILES from
> # /etc/sysconfig/named
>
> include "/etc/named.conf.include";
> zone "tuxland.com" in {
> file "master/tuxland.com";
> type master;
> allow-query { any; };
> allow-transfer { 100.100.100.1; };
> };
>
> # You can insert further zone records for your own domains below or create
> # single files in /etc/named.d/ and add the file names to
> # NAMED_CONF_INCLUDE_FILES.
> # See /usr/share/doc/packages/bind/README.SuSE for more details.
>
>
>
>
> **********************************
> Machine: mortadelo
> Acting as DNS server master
> tuxland.com file data
> *********************************
>
> $TTL 2d
> @ IN SOA tuxland.com. root.tuxland.com. (
> 2006082502 ; serial
> 3h ; refresh
> 1h ; retry
> 1w ; expiry
> 1d ) ; minimum
>
> @ IN NS dnsmaster.tuxland.com.
> @ IN NS dnsslave.tuxland.com.
>
> @ IN A 100.100.100.2
> dnsmaster IN A 100.100.100.2
> dnsslave IN A 100.100.100.1
>
> **********************************
> Machine: filemon
> Acting as DNS server slave
> named.conf file
> *********************************
> # Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
> # All rights reserved.
> #
> # Author: Frank Bodammer, Lars Mueller
> #
> # /etc/named.conf
> #
> # This is a sample configuration file for the name server BIND 9. It works
> as
> # a caching only name server without modification.
> #
> # A sample configuration for setting up your own domain can be found in
> # /usr/share/doc/packages/bind/sample-config.
> #
> # A description of all available options can be found in
> # /usr/share/doc/packages/bind/misc/options.
>
> options {
>
> # The directory statement defines the name server's working
> directory
>
> directory "/var/lib/named";
>
> # Write dump and statistics file to the log subdirectory. The
> # pathenames are relative to the chroot jail.
>
> dump-file "/var/log/named_dump.db";
> statistics-file "/var/log/named.stats";
>
> # The forwarders record contains a list of servers to which queries
> # should be forwarded. Enable this line and modify the IP address
> to
> # your provider's name server. Up to three servers may be listed.
>
> forwarders { 82.82.82.82; 83.83.83.83; };
>
> # Enable the next entry to prefer usage of the name server declared
> in
> # the forwarders section.
>
> #forward first;
>
> # The listen-on record contains a list of local network interfaces
> to
> # listen on. Optionally the port can be specified. Default is to
> # listen on all interfaces found on your system. The default port
> is
> # 53.
>
> #listen-on port 53 { 127.0.0.1; };
>
> # The listen-on-v6 record enables or disables listening on IPv6
> # interfaces. Allowed values are 'any' and 'none' or a list of
> # addresses.
>
> listen-on-v6 { any; };
>
> # The next three statements may be needed if a firewall stands
> between
> # the local server and the internet.
>
> #query-source address * port 53;
> #transfer-source * port 53;
> #notify-source * port 53;
>
> # The allow-query record contains a list of networks or IP addresses
> # to accept and deny queries from. The default is to allow queries
> # from all hosts.
>
> #allow-query { 127.0.0.1; };
>
> # If notify is set to yes (default), notify messages are sent to
> other
> # name servers when the the zone data is changed. Instead of
> setting
> # a global 'notify' statement in the 'options' section, a separate
> # 'notify' can be added to each zone definition.
>
> notify no;
> };
>
> # To configure named's logging remove the leading '#' characters of the
> # following examples.
> #logging {
> # # Log queries to a file limited to a size of 100 MB.
> # channel query_logging {
> # file "/var/log/named_querylog"
> # versions 3 size 100M;
> # print-time yes; // timestamp log entries
> # };
> # category queries {
> # query_logging;
> # };
> #
> # # Or log this kind alternatively to syslog.
> # channel syslog_queries {
> # syslog user;
> # severity info;
> # };
> # category queries { syslog_queries; };
> #
> # # Log general name server errors to syslog.
> # channel syslog_errors {
> # syslog user;
> # severity error;
> # };
> # category default { syslog_errors; };
> #
> # # Don't log lame server messages.
> # category lame-servers { null; };
> #};
>
> # The following zone definitions don't need any modification. The first one
> # is the definition of the root name servers. The second one defines
> # localhost while the third defines the reverse lookup for localhost.
>
> zone "." in {
> type hint;
> file "root.hint";
> };
>
>
> zone "localhost" in {
> type master;
> file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
> };
>
> # Include the meta include file generated by createNamedConfInclude. This
> # includes all files as configured in NAMED_CONF_INCLUDE_FILES from
> # /etc/sysconfig/named
>
> include "/etc/named.conf.include";
> zone "tuxland.com" in {
> type slave;
> file "slave/datadnsslave.tuxland.com";
> allow-query { any; };
> allow-transfer { 100.100.100.2; };
> masters { 100.100.100.2; };
> };
>
> # You can insert further zone records for your own domains below or create
> # single files in /etc/named.d/ and add the file names to
> # NAMED_CONF_INCLUDE_FILES.
> # See /usr/share/doc/packages/bind/README.SUSE for more details.
>
>
>

--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training@isc.org.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org