-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a bind server running and my secondary nameserver provider told me that he "can ask for records using UDP, but not TCP", any idea what might be wrong ? - -- Pupeno: pupeno@kde.org http://www.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xNM4tCepaMf3unIRAmFlAJ9WgPV7oU5TQHwPx0SdG81uVK3rmACdEC2P vTKdfMroysUAPdon3JoI1qY= =6/hJ -----END PGP SIGNATURE-----
I have a bind server running and my secondary nameserver provider told me that he "can ask for records using UDP, but not TCP", any idea what might be wrong ?
DNS communication happens over both UDP and TCP, port 53. The UDP version is used for lookups, whereas the your secondary NS provider will need to be able to do zone transfers, which happens over the TCP version. In the /etc/named.conf, in the options section, there maybe a section of this sort: allow-transfer { aaa.bbb.ccc.ddd; zzz.yyy.xxx.www; }; You'll need to add the IP of the secondary server there, and depending on your firewall situation add a rule allowing it to contact your machine. James -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 9.0) GNOME updates for SuSE: http://www.usr-local-bin.org
I have a bind server running and my secondary nameserver provider told me that he "can ask for records using UDP, but not TCP", any idea what might be wrong ?
DNS communication happens over both UDP and TCP, port 53. The UDP version is used for lookups, whereas the your secondary NS provider will need to be able to do zone transfers, which happens over the TCP version.
In the /etc/named.conf, in the options section, there maybe a section of this sort:
allow-transfer { aaa.bbb.ccc.ddd; zzz.yyy.xxx.www; };
You'll need to add the IP of the secondary server there, and depending on your firewall situation add a rule allowing it to contact your machine.
If you're running a firewall (for example, SuSEfirewall2), you might also need to check that TCP is allowed, in addition to UDP, for port 53. Jim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 26 November 2003 13:38, Jim Cunning wrote:
I have a bind server running and my secondary nameserver provider told me that he "can ask for records using UDP, but not TCP", any idea what might be wrong ?
DNS communication happens over both UDP and TCP, port 53. The UDP version is used for lookups, whereas the your secondary NS provider will need to be able to do zone transfers, which happens over the TCP version.
In the /etc/named.conf, in the options section, there maybe a section of this sort:
allow-transfer { aaa.bbb.ccc.ddd; zzz.yyy.xxx.www; };
You'll need to add the IP of the secondary server there, and depending on your firewall situation add a rule allowing it to contact your machine.
If you're running a firewall (for example, SuSEfirewall2), you might also need to check that TCP is allowed, in addition to UDP, for port 53. There's no firewall stoping port 53. Thanks.
Pupeno: pupeno@kde.org http://www.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xNg7tCepaMf3unIRAvxYAJ49ofMP78WJ4auicLDN/7JjP04tbQCeLvPg zWyrPBKIINxqkFLAG4IoMYo= =43hl -----END PGP SIGNATURE-----
I have a bind server running and my secondary nameserver provider told me that he "can ask for records using UDP, but not TCP", any idea what might be wrong ?
DNS communication happens over both UDP and TCP, port 53. The UDP version is used for lookups, whereas the your secondary NS provider will need to be able to do zone transfers, which happens over the TCP version.
In the /etc/named.conf, in the options section, there maybe a section of this sort:
allow-transfer { aaa.bbb.ccc.ddd; zzz.yyy.xxx.www; };
You'll need to add the IP of the secondary server there. That's already done (before I posted this mail, so, the error happens with
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 26 November 2003 13:30, James Ogley wrote: that already done (and reloaded)). - -- Pupeno: pupeno@kde.org http://www.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xNdctCepaMf3unIRAoU5AJ9ZKjFdnaDGWallHzzAzWSsNoMNMgCdEFq5 oB6KhfhEDXowdLlVNh0MyaY= =KKXT -----END PGP SIGNATURE-----
That's already done (before I posted this mail, so, the error happens with that already done (and reloaded)).
Is it blocked by a firewall (either running locally on the DNS server itself, or at a gateway)? Does anything show up in /var/log/messages when the zone transfer is attempted? -- James Ogley, Webmaster, Rubber Turnip james@rubberturnip.org.uk http://www.rubberturnip.org.uk Jabber: riggwelter@myjabber.net Using Free Software since 1994, running GNU/Linux (SuSE 9.0) GNOME updates for SuSE: http://www.usr-local-bin.org
* James Ogley;
That's already done (before I posted this mail, so, the error happens with that already done (and reloaded)).
Is it blocked by a firewall (either running locally on the DNS server itself, or at a gateway)?
Does anything show up in /var/log/messages when the zone transfer is attempted?
If logging is enabled in the named.conf IIRC the default suse configuration is no logging -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://susefaq.sf.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 26 November 2003 13:41, James Ogley wrote:
Does anything show up in /var/log/messages when the zone transfer is attempted? How can I 'simulate' the zone transfer by myself from my desktop pc to see what happens ?
Pupeno: pupeno@kde.org http://www.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/xOJStCepaMf3unIRAvykAJ4r1kRCHRwssSOz99IDgpzD42NiZQCePrQG cVTSNrCO5MejadSZFP3Z3+4= =dRa7 -----END PGP SIGNATURE-----
On Wednesday 26 November 2003 12:26, Pupeno wrote:
How can I 'simulate' the zone transfer by myself from my desktop pc to see what happens ?
Use the "-l" argument of the "host" command, e.g., host -l my.domain my.nameserver This of course assumes that zone transfers to your "desktop pc" are allowed in the name server configuration.
participants (5)
-
Gary Gapinski
-
James Ogley
-
Jim Cunning
-
Pupeno
-
Togan Muftuoglu