HPE Community
Operating System - Linux
1820474 Members
3262 Online
109624 Solutions
New Discussion юеВ

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

 
SOLVED
Go to solution
'chris'
Super Advisor

тАО09-09-2003 01:28 PM

тАО09-09-2003 01:28 PM

ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

I have 2 intern DNS server BIND 9.2.2
one MASTER ns1 (192.168.0.5)
and one SLAVE (10.41.1.10) running on linux SUSE 8.2
The problem is that MASTER can not transfer to the SLAVE and I get following error all the time:

Sep 9 23:06:41 ns1 named[2636]: transfer of '0.168.192.in-addr.arpa/IN' from 19 2.168.0.5#53: failed while receiving responses: REFUSED
Sep 9 23:06:41 ns1 named[2636]: transfer of '0.168.192.in-addr.arpa/IN' from 19 2.168.0.5#53: end of transfer
Sep 9 23:07:41 ns1 named[2636]: transfer of 'ns2.xxx.de/IN' from 192.168. 0.5#53: failed while receiving responses: REFUSED
Sep 9 23:07:41 ns1 named[2636]: transfer of 'ns2.xxx.de/IN' from 192.168. 0.5#53: end of transfer

MASTER configuration in named.conf:

zone "ns2.xxx.de" {
type master;
file "/var/lib/named/ns2.xxx.de.hosts";
notify yes;
also-notify {
10.41.1.10;
};
};

zone "0.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.0.rev";
allow-update {
192.168.0.0/24;
127.0.0.1;
};
notify yes;
also-notify {
10.41.1.10;
};
};

SLAVE configuration:

zone " " {
type slave;
file "/var/lib/named/ns2.xxx.de.hosts";
masters {
192.168.0.5;
};
};

zone "0.168.192.in-addr.arpa" {
type slave;
file "/var/lib/named/192.168.0.rev";
masters {
192.168.0.5;
};
};


Know someone, what's wrong ?

regards
chris
0 Kudos
Reply
16 REPLIES 16
Steven E. Protter
Exalted Contributor

тАО09-09-2003 04:25 PM

тАО09-09-2003 04:25 PM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

for help......
http://forums.itrc.hp.com/cm/TopSolutions/1,,BR751299!1!questions,00.html

Assign points to prior help.

1 for 131 is not so good.

The way this place works is you hand out points for help. I spent 40 minutes digging up scripts for you last night and deserver better treatment.

One hint though. You error mesage can be found in an itrc search.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Manuel Wolfshant
Trusted Contributor

тАО09-10-2003 01:41 AM

тАО09-10-2003 01:41 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

you need a line in the zone configuration of the master, allowing transfer to the slave
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО09-10-2003 02:19 AM

тАО09-10-2003 02:19 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

Hi,

Edit named.conf in master servers, under options put...

options {
directory "/var/named";

allow-transfer {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};

};

where xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy should be the IP addresses of your slave servers.

Restart named in masters and slaves.

regards,

U.SivaKumar.


Innovations are made when conventions are broken
0 Kudos
Reply
'chris'
Super Advisor

тАО09-10-2003 04:13 AM

тАО09-10-2003 04:13 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

I did, but I still get the same message:

Sep 10 14:09:51 ns1 named[6101]: client ::ffff:192.168.0.5#32809: zone transfer 'ch.xxx.de/IN' denied
Sep 10 14:09:51 ns1 named[6101]: transfer of 'ns2.xxx.de/IN' from 192.168. 0.5#53: failed while receiving responses: REFUSED
Sep 10 14:09:51 ns1 named[6101]: transfer of 'ns2.xxx.de/IN' from 192.168. 0.5#53: end of transfer
Sep 10 14:09:51 ns1 named[6101]: client ::ffff:192.168.0.5#32810: zone transfer 'xxx.de/IN' denied
Sep 10 14:09:51 ns1 named[6101]: transfer of '0.168.192.in-addr.arpa/IN' from 19 2.168.0.5#53: failed while receiving responses: REFUSED
Sep 10 14:09:51 ns1 named[6101]: transfer of '0.168.192.in-addr.arpa/IN' from 19 2.168.0.5#53: end of transfer

regards
chris
0 Kudos
Reply
'chris'
Super Advisor

тАО09-10-2003 04:15 AM

тАО09-10-2003 04:15 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

I did, but I still get the same message:

Sep 10 14:09:51 ns1 named[6101]: client ::ffff:192.168.0.5#32809: zone transfer 'xxx.de/IN' denied
Sep 10 14:09:51 ns1 named[6101]: transfer of 'ns2.xxx.de/IN' from 192.168. 0.5#53: failed while receiving responses: REFUSED
Sep 10 14:09:51 ns1 named[6101]: transfer of 'ns2.xxx.de/IN' from 192.168. 0.5#53: end of transfer
Sep 10 14:09:51 ns1 named[6101]: client ::ffff:192.168.0.5#32810: zone transfer 'xxx.de/IN' denied
Sep 10 14:09:51 ns1 named[6101]: transfer of '0.168.192.in-addr.arpa/IN' from 19 2.168.0.5#53: failed while receiving responses: REFUSED
Sep 10 14:09:51 ns1 named[6101]: transfer of '0.168.192.in-addr.arpa/IN' from 19 2.168.0.5#53: end of transfer

regards
chris
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО09-10-2003 07:52 PM

тАО09-10-2003 07:52 PM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

Hi,

Do you have firewalling enabled in your master server using iptables or ipchains.

Log in to the master server.

#netstat -an | grep -i listening | grep 53

Does TCP 53 is in listening state ?.

#iptables -F

OK. Now log in to the slave server.

#telnet xxx.xxx.xxx.xxx 53

where xxx.xxx.xxx.xxx is the ip address of the master server. Do you get connected or you get connection refused ?.

If u get telnet connection to that port. Then its ok. restart named in the slave server. And check again for zone transfer logs.

Please let me know the results.

regards,

U.SivaKumar.
Innovations are made when conventions are broken
0 Kudos
Reply
'chris'
Super Advisor

тАО09-11-2003 08:36 AM

тАО09-11-2003 08:36 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi U.SivaKumar

the telnet connection (port 53)
to Master and Slave is working well.

at SLAVE:

# netstat -an | grep -i listening | grep 53
unix 2 [ ACC ] STREAM LISTENING 5352 public/flush
unix 2 [ ACC ] STREAM LISTENING 5368 public/showq
unix 2 [ ACC ] STREAM LISTENING 5344 private/bounce
unix 2 [ ACC ] STREAM LISTENING 5348 private/defer
unix 2 [ ACC ] STREAM LISTENING 5356 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 5360 private/smtp
unix 2 [ ACC ] STREAM LISTENING 5364 private/relay
unix 2 [ ACC ] STREAM LISTENING 5372 private/error
unix 2 [ ACC ] STREAM LISTENING 5376 private/local
unix 2 [ ACC ] STREAM LISTENING 5380 private/virtual
unix 2 [ ACC ] STREAM LISTENING 5384 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 5392 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 5396 private/cyrus

# iptables -F
#

at MASTER:

# netstat -an | grep -i listening | grep 53
#

# iptables -F
#

MASTER is in NOT listening on port TCP 53

the firewalling is not enabled
by MASTER.
I have installed both systems MASTER and
SLAVE by default and I didn't change anything
by iptables.

any idea ?

best regards
chris
0 Kudos
Reply
'chris'
Super Advisor

тАО09-11-2003 11:00 AM

тАО09-11-2003 11:00 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

now I get following error:

Sep 11 20:58:08 ns1 named[1459]: zone 'ns2.xxx.de/IN: refresh: unexpected rcode (REFUSED) from master 192.168.0.5#53
Sep 11 20:58:20 ns1 named[1459]: zone 0.168.192.in-addr.arpa/IN: refresh: unexpected rcode (REFUSED) from master 192.168.0.5#53

unexpected rcode ?

best regards
chris
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО09-11-2003 08:26 PM

тАО09-11-2003 08:26 PM

Solution

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

Hi,

Apologies for my grave mistake.

The command should be.

#netstat -an | grep -i listen | grep 53

Anyway your telnet results shows that named is listening in tcp port 53.


Also in your named.conf of your slave server,

zone " " {
type slave;
file "/var/lib/named/ns2.xxx.de.hosts";
masters {
192.168.0.5;
};
};

Why have you left the zone"" field empty ?. Please put the complete zone name like this.

zone "ns2.xxx.de" {
type slave;
file "/var/lib/named/ns2.xxx.de.hosts";
masters {
192.168.0.5;
};
};

Restart the named in slave server and look for zone transfer logs.

Also please try this.

From the slave server.


#dig @xxx.xxx.xxx.xxx 0.168.192.in-addr.arpa axfr

#dig @xxx.xxx.xxx.xxx ns2.xxx.de axfr

Where xxx.xxx.xxx.xxx is the IP address of your master server.

Does it show complete zone data (zone tranfer)?.

Please let me know the resuls.

regards,

U.SivaKumar






Innovations are made when conventions are broken
Reply
'chris'
Super Advisor

тАО09-12-2003 01:26 PM

тАО09-12-2003 01:26 PM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi U.SivaKumar

thanks for your help and your time

sorry I did wrong posting
of course the slave entryis:

zone "ns2.xxx.de " {
type slave;
file "/var/lib/named/ns2.xxx.de.hosts";
masters {
192.168.0.5;
};
};

from SLAVE:

# dig @192.168.0.5 ns2.xxx.de axfr
# ; <<>> DiG 9.2.2 <<>> @192.168.0.5 0.168.192.in-addr.arpa axfr
;; global options: printcmd
; Transfer failed.

# netstat -an | grep -i listen | grep 53
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 2953 private/virtual

from MASTER:

netstat -an | grep -i listen | grep 53
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
tcp 0 0 ::1:953 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 5319 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 5338 public/flush
unix 2 [ ACC ] STREAM LISTENING 5354 public/showq
unix 2 [ ACC ] STREAM LISTENING 5326 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 5330 private/bounce
unix 2 [ ACC ] STREAM LISTENING 5334 private/defer
unix 2 [ ACC ] STREAM LISTENING 5342 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 5346 private/smtp
unix 2 [ ACC ] STREAM LISTENING 5350 private/relay
unix 2 [ ACC ] STREAM LISTENING 5358 private/error
unix 2 [ ACC ] STREAM LISTENING 5362 private/local
unix 2 [ ACC ] STREAM LISTENING 5366 private/virtual
unix 2 [ ACC ] STREAM LISTENING 5370 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 5378 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 5382 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 5386 private/uucp
unix 2 [ ACC ] STREAM LISTENING 5390 private/ifmail
unix 2 [ ACC ] STREAM LISTENING 5394 private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 5398 private/vscan

regards
chris



0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО09-13-2003 02:37 AM

тАО09-13-2003 02:37 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

Hi,

I have BIND 9.2.2 in which zone transfers works without any problems without any allow acl statements.

So acl is not your problem. check the ownership and read/write permissions /var/lib/named directory in slave server.

#chown named:named /var/lib/named

#chmod 755 /var/lib/named

restart named in the slave server.

Can you resolve host names in the master server using nslookup ?.

Can you post your permissions of zone files in master server ?.

#ll /var/lib/named

regards,

U.SivaKumar.






Innovations are made when conventions are broken
Reply
'chris'
Super Advisor

тАО09-14-2003 06:22 AM

тАО09-14-2003 06:22 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

I change it, but it doesn't help.

I can resolve host names in the master server using nslookup.

MASTER:

#ll /var/lib/named

drwxr-xr-x 10 named root 4096 Sep 14 15:33 .
drwxr-xr-x 40 root root 4096 Sep 9 22:21 ..
-rw-r--r-- 1 root root 192 Mar 14 2003 127.0.0.zone
-rw------- 1 named named 425 Sep 14 15:33 192.168.0.rev
-rw-r--r-- 1 named named 1307 Sep 12 02:03 192.168.0.rev.jnl
drwxr-xr-x 2 root root 4096 Sep 12 21:56 dev
drwxr-xr-x 2 named named 4096 Mar 14 2003 dyn
drwxr-xr-x 2 root root 4096 Mar 14 2003 etc
-rw-r--r-- 1 root root 158 Mar 14 2003 localhost.zone
drwxr-xr-x 2 named named 4096 Mar 14 2003 log
drwxr-xr-x 2 root root 4096 Mar 14 2003 master
-rw-r--r-- 1 root root 204 Sep 12 00:00 ns2.xxx.de.hosts
-rw-r--r-- 1 root root 1498 Jul 16 12:04 root.hint
-rw-r--r-- 1 root root 2498 Jul 16 12:03 root.hint.bak
drwxr-xr-x 2 named named 4096 Mar 14 2003 slave
drwxr-xr-x 4 root root 4096 Mar 14 2003 var

I want to say still something.
That was working before and I didn't have any
transfer problems.
The SLAVE server had a total crash and
I did a new setup with the same configuration.
Since does it doesn't work.
I think it have to do with SLAVE

Kind Regards
chris






0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО09-14-2003 08:16 PM

тАО09-14-2003 08:16 PM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

Hi,

Do this from MASTER.

#dig @127.0.0.1 localhost axfr
#dig @127.0.0.1 ns2.xxx.de axfr
#dig @127.0.0.1 0.168.192.in-addr.arpa axfr

If You cannot see the zone data. Then the problem is with the master server itself. Then download BIND 9.2.2 source from

http://www.isc.org/products/BIND/

and compile the source and install , run the service and try again.


If the above dig methods are successful with the master then you have to look at the slave. Try a fresh compilation and installation of BIND 9.2.2.

please get back with results.

regards,
U.Sivakumar




Innovations are made when conventions are broken
Reply
'chris'
Super Advisor

тАО09-14-2003 10:58 PM

тАО09-14-2003 10:58 PM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

from MASTER:

# dig @127.0.0.1 localhost axfr

; <<>> DiG 9.2.2 <<>> @127.0.0.1 localhost axfr
;; global options: printcmd
; Transfer failed.

# dig @127.0.0.1 ns2.ch.bluee.net axfr

; <<>> DiG 9.2.2 <<>> @127.0.0.1 ns2.xxx.de axfr
;; global options: printcmd
; Transfer failed.

# dig @127.0.0.1 0.168.192.in-addr.arpa axfr

; <<>> DiG 9.2.2 <<>> @127.0.0.1 0.168.192.in-addr.arpa axfr
;; global options: printcmd
; Transfer failed.

from SLAVE:

# dig @127.0.0.1 localhost axfr

; <<>> DiG 9.2.2 <<>> @127.0.0.1 localhost axfr
;; global options: printcmd
; Transfer failed.

# dig @127.0.0.1 ns2.xxx.de axfr

; <<>> DiG 9.2.2 <<>> @127.0.0.1 ns2.ch.bluee.net axfr
;; global options: printcmd
; Transfer failed.

# dig @127.0.0.1 0.168.192.in-addr.arpa axfr

; <<>> DiG 9.2.2 <<>> @127.0.0.1 0.168.192.in-addr.arpa axfr
;; global options: printcmd
; Transfer failed.

what I'm NOT understanding.
If I create Slave zone at the SLAVE Server
( I'm doing with webmin ) then I can see
at /var/lib/named 2 empty files:
192.168.0.rev and ns2.xxx.de.hosts
If I restart the BIND these 2 files
will be renamed to:
db-XX2hIJFH and db-XX4gc2To
Both are empty.

perhaps the Master is looking for:
192.168.0.rev and ns2.xxx.de.hosts
at SLAVE and can't find.

best regards
chris















0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

тАО09-15-2003 01:16 AM

тАО09-15-2003 01:16 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

Hi,

the problem is with master server itself. otherwise , your dig commands should have done zone transfer successfully.

Don't create files in slave server. As named checks the files for DNS serial number and proper ownership and permission. If it finds a empty file , it renames the file.

Please try this . remove all those notify line and allow-update from master server's named.conf.

notify yes;
also-notify {
10.41.1.10;
};

Restart named. Try dig commands again from the master server itself.

Are you sure that you are using the named.conf file which the named in master server is reading when starting up or is it reading named.conf in someother location ?.

please get back with results. Also please try compiling and installing BIND 9.2.2 in master again.

regards,

U.SivaKumar.
Innovations are made when conventions are broken
Reply
'chris'
Super Advisor

тАО09-16-2003 07:58 AM

тАО09-16-2003 07:58 AM

Re: ailed while receiving responses: REFUSED on SLAVE with BIND 9.2.2

hi

thanks for your help.
I did a new installation and now is working.

best regards
chris
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.