Nameserver: Slave can't transfer zones from master

Question

My slave can't transfer the zones from the master.

My configuration:

Master server: Ubuntu 12.04 with Plesk 11.5. Plesk uses Bind 9 as nameserver.
Slave server: Ubuntu 12.04, Bind 9.

To tell the slave server which zones he needs to transfer I use this Plesk extension and followed this tutorial: http://devblog.plesk.com/2013/10/slave-dns-and-plesk/

Unfortunately something doesn't seem to work. Here a part of my syslog on the slave that is identical for all zones:

May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: refresh: unexpected rcode (REFUSED) from master XX.XX.XX.XX#53 (source 0.0.0.0#0)
May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: Transfer started.
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX.30#53: connected using XX.XX.XX.XX#55218
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: failed while receiving responses: NOTAUTH
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.008 secs (0 bytes/sec)

Some other infos

Slave server

named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named.conf.local

controls {
    inet * port 953 allow { 93.186.200.30; 127.0.0.1; };
};

named.conf.options

options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
};

/var/cache/bind/xxxxx.nzf

zone domain.de { type slave; file "/var/lib/bind/domain.de"; masters { XX.XX.XX.XX; }; };

owner / attributes

root@vps79:~# ls -ld /var/lib/bind
drwxr-xr-x 2 bind bind 4096 May 21 20:58 /var/lib/bind

Master server

named.conf

options {
    allow-recursion {
        localnets;
    };

listen-on-v6 { any; };
    version "none";
    directory "/var";
    auth-nxdomain no;
    pid-file "/var/run/named/named.pid";

};

key "rndc-key" {
    algorithm hmac-md5;
    secret "CeMgS23y0oWE20nyv0x40Q==";
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
    type hint;
    file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
    type master;
    file "localhost.rev";
};
zone "domain.de" {
    type master;
    file "domain.de";
    allow-transfer {
        XX.XX.XX.XX;
        YY.YY.YY.YY;
        common-allow-transfer;
    };

Detailed start log:

root@200030:~# named -u bind -g
22-May-2014 21:35:40.780 starting BIND 9.8.1-P1 -u bind -g
22-May-2014 21:35:40.780 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
22-May-2014 21:35:40.780 adjusted limit on open files from 4096 to 1048576
22-May-2014 21:35:40.780 found 2 CPUs, using 2 worker threads
22-May-2014 21:35:40.780 using up to 4096 sockets
22-May-2014 21:35:40.795 loading configuration from '/etc/bind/named.conf'
22-May-2014 21:35:40.795 reading built-in trusted keys from file '/etc/bind/bind.keys'
22-May-2014 21:35:40.796 using default UDP/IPv4 port range: [1024, 65535]
22-May-2014 21:35:40.796 using default UDP/IPv6 port range: [1024, 65535]
22-May-2014 21:35:40.797 listening on IPv6 interfaces, port 53
22-May-2014 21:35:40.798 listening on IPv4 interface lo, 127.0.0.1#53
22-May-2014 21:35:40.798 listening on IPv4 interface venet0:0, 93.186.200.30#53
22-May-2014 21:35:40.799 generating session key for dynamic DNS
22-May-2014 21:35:40.799 sizing zone task pool based on 5 zones
22-May-2014 21:35:40.802 using built-in root key for view _default
22-May-2014 21:35:40.802 set up managed keys zone for view _default, file 'managed-keys.bind'
22-May-2014 21:35:40.802 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
22-May-2014 21:35:40.802 automatic empty zone: 254.169.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 2.0.192.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 100.51.198.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 113.0.203.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: D.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 9.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: A.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: B.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
22-May-2014 21:35:40.804 command channel listening on 127.0.0.1#953
22-May-2014 21:35:40.804 command channel listening on ::1#953
22-May-2014 21:35:40.804 ignoring config file logging statement due to -g option
22-May-2014 21:35:40.805 zone 0.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 127.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 255.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.806 zone localhost/IN: loaded serial 2
22-May-2014 21:35:40.807 managed-keys-zone ./IN: loaded serial 4
22-May-2014 21:35:40.807 running

Do you have an idea why that error occurs and what I can do to fix it? If you need any further information let me now.

Thank you in advance!

Are you sure there are no programmed blockages (i.e. firewalls) on any of your systems or though your ISP? — mdpc, May 22 '14 at 19:51
Have you been consistent with your redacting? Specifically, you have used XX.XX.XX.XX several times and YY.YY.YY.YY once. Do they always refer to the same IP address? If your `allow-transfer` on the master does not contain the IP address of the slave, that would be the problem. We can't check your config for typos due to self-redaction. — Ladadadada, May 22 '14 at 21:30
Looks like you are missing one `};` at the end of master named.conf — Dusan Bajic, May 22 '14 at 21:38
Yes I am sure, that the connections aren't blocked by firewall or ISP. XX.XX.XX.XX is the master IP and YY.YY.YY.YY is the slave IP.The config of the master and the xxxxxx.nzf is generated by Plesk. I forgot the `};`. It is in the config. — jenswet, May 23 '14 at 11:36

Nameserver: Slave can't transfer zones from master

0 Answers0