URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 83190
[ Назад ]

Исходное сообщение
"DNS. zone transfer denied"

Отправлено Shvapsss , 04-Дек-08 09:47 
Помогите пожалуйста!
На мастере завожу мастер зону.
На слэйве разумеется слэйв зону.

Но по какой то причине слэйв не всасывает данные с мастер зоны.
Все уже было настроено и работало раньше,произошел сбой в сети и Слэйв перегружался. Теперь вот такая батва.
В логах Мастера messages

"Dec  3 17:32:02 chip named[43508]: client **.74.*.*** #1040: zone transfer '(зона которую завел)/AXFR/IN' denied"

В логах Слэйва чисто.
Гугление мало что дало.


Содержание

Сообщения в этом обсуждении
"DNS. zone transfer denied"
Отправлено tux2002 , 04-Дек-08 10:47 
named.conf мастера покажите.



"DNS. zone transfer denied"
Отправлено Shvapsss , 04-Дек-08 12:24 
>named.conf мастера покажите.

options {                                                                                                                                                  
        directory "/etc/namedb";                                                                                                                            
                                                                                                                                                            
// In addition to the "forwarders" clause, you can force your name                                                                                          
// server to never initiate queries of its own, but always ask its                                                                                          
// forwarders only, by enabling the following line:                                                                                                        
//                                                                                                                                                          
//      forward only;                                                                                                                                      
                                                                                                                                                            
// If you've got a DNS server around at your upstream provider, enter                                                                                      
// its IP address here, and enable the line below.  This will make you                                                                                      
// benefit from its cache, thus reduce overall DNS traffic in the Internet.                                                                                
/*                                                                                                                                                          
        forwarders {                                                                                                                                        
                127.0.0.1;                                                                                                                                  
        };                                                                                                                                                  
*/                                                                                                                                                          
        /*                                                                                                                                                  
         * If there is a firewall between you and nameservers you want                                                                                      
         * to talk to, you might need to uncomment the query-source                                                                                        
         * directive below.  Previous versions of BIND always asked                                                                                        
         * questions using port 53, but BIND 8.1 uses an unprivileged                                                                                      
         * port by default.                                                                                                                                
         */                                                                                                                                                
        // query-source address * port 53;                                                                                                                  
                                                                                                                                                            
        /*                                                                                                                                                  
         * If running in a sandbox, you may have to specify a different                                                                                    
         * location for the dumpfile.                                                                                                                      
         */                                                                                                                                                
        dump-file "/var/dump/named_dump.db";                                                                                                                
        notify yes;                                                                                                                                        
        also-notify { **.236.**.*;  };                                                                                                                                  

//** звездочками я просто прикрыл свой айпишнег. Он отличается от того что в логах если это может помочь

        allow-transfer {                                                                                                                                    
                **.236.**.*;                                                                                                                                
                };                                                                                                                                          
//      allow-query { any; };                                                                                                                              
                                                                                                                                                            
};                                                                                                                                                          
                                                                                                                                                            
// Note: the following will be supported in a future release.                                                                                              
/*                                                                                                                                                          
host { any; } {                                                                                                                                            
        topology {                                                                                                                                          
                127.0.0.0/8;                                                                                                                                
        };                                                                                                                                                  
};                                                                                                                                                          
*/

//дальше зоны идут


"DNS. zone transfer denied"
Отправлено Pahanivo , 04-Дек-08 11:18 
>[оверквотинг удален]
>
>Все уже было настроено и работало раньше,произошел сбой в сети и Слэйв
>перегружался. Теперь вот такая батва.
>В логах Мастера messages
>
>"Dec  3 17:32:02 chip named[43508]: client **.74.*.*** #1040: zone transfer '(зона
>которую завел)/AXFR/IN' denied"
>
>В логах Слэйва чисто.
>Гугление мало что дало.

смотри allow transfer настройки
если не идет - явно укажи слейва в конфиге мастера


"DNS. zone transfer denied"
Отправлено YuryD , 04-Дек-08 12:32 
>"Dec  3 17:32:02 chip named[43508]: client **.74.*.*** #1040: zone transfer '(зона
>которую завел)/AXFR/IN' denied"
>В логах Слэйва чисто.

Смотрите в messages на slave. У меня такое случилось, когда слетели права записи на каталог у slave.


"DNS. zone transfer denied"
Отправлено Shvapsss , 04-Дек-08 12:59 
Спасибо что так быстро откликнулись.
Проблема была совершенно не в BIND.

Так получилось что у сервера фактически изменился айпи,он шел не через себя в интернет а через другой сервер.
Как раз IP того сервера и был в логе МАСТЕРА.

Совет всем у кого будет что то подобное, проверить как раз таки IP сервера.
В логе client **.74.*.*** должно быть равно IP slave.

А так же как и написали тут некоторые про allow transfer
...

PS/ Блин прокололся как школьник, очень обидно:(((
Еще раз всем спасибо.