Re: [Bind-dlz-testers] How to allow zone transfer?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Graeme Fowler wrote:
> On 12/09/2006 02:39, Ronald Wiplinger wrote:
>   
>> I have now one dns server running with mysql
>> How can I allow zone transfer to a dns without mysql?
>>     
>
> The clue is in your SQL structure for the DLZ queries:
>
>   
>>    {select zone from xfr_table where zone = '%zone%' and client = 
>> '%client%' limit 1}
>>     
>
> Ensure you have a table in your DB called "xfr_table" with columns 
> "zone" and "client". For the hosts you want to be able to do zone 
> transfers, do:
>
> INSERT INTO xfr_table VALUES("*","192.168.1.100");
>   

Thanks for your help.

I inserted the line with the secondary's ip address. Than I reloaded 
both dns and still get on the slave dns:
Sep 12 23:02:54 dns named[24445]: transfer of 'xxx.com/IN' from 
xx.xx.xx.xx#53: failed while receiving responses: REFUSED
Sep 12 23:02:54 dns named[24445]: transfer of 'xxx.com/IN' from 
xx.xx.xx.xx#53: end of transfer

on the master's dns I see:
Sep 12 23:05:30 pegasus named[22881]: client yy.yy.yy.yy#60086: zone 
transfer 'yy.yy/IN' denied

What do I still miss?

bye

Ronald

> That example will allow 192.168.1.100 to do zone transfers of all zones. 
> You can tune it as follows (some more examples):
>
> # Allow 192.168.1.0/24 hosts to transfer .com domains:
> INSERT INTO xfr_table VALUES(".com","192.168.1.");
>
> # Allow 192.168.1.100 to transfer domain.com:
> INSERT INTO xfr_table VALUES("domain.com","192.168.1.100");
>
> ...and so on, and so forth. Be careful with your wildcarding - remember 
> that *, % and so on can mean different things to different backends.
>
> Graeme
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bind-dlz-testers mailing list
> Bin...@li...
> https://lists.sourceforge.net/lists/listinfo/bind-dlz-testers
>
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 0637-0, 2006/09/11
> Tested on: 2006/9/12 ¤U¤È 04:37:42
> avast! - copyright (c) 1988-2006 ALWIL Software.
> http://www.avast.com
>
>
>
>
>   

-- 
Ronald Wiplinger  (CEO of ELMIT)
http://www.elmit.com  http://voip.elmit.com  http://e-paper.elmit.com 
Tel. (M) +886.939.775.516  (O) +886.2.2835.7765 (ENUM)   or FWD 511208
- I'm a SpamCon Foundation Member, #694, Verify it at http://www.spamcon.org

PS: Spam prevention!
Our system is protected with a spam prevention program. 
If you send us an e-mail, our system will send you a confirmation message back. Just reply to this confirmation message please. 
After receiving this confirmation message, our system will send the hold message (one) and all future messages (after the received confirmation message) to me without asking you again.