[Pdns-users] AXFRs completely non-functional
Ian R. Justman
ianj at ian-justman.com
Sun Jul 6 07:22:22 UTC 2003
Hi.
Just installed PDNS 2.9.10. Tried very hard to get it to work, but AXFRs
do not work AT ALL.
I tried explicitly saying:
disable-axfr=no
and no allow-axfr-ips= line. No dice.
I've even tried putting IPs to allow AXFRs from for allow-axfr-ips= and it
still will not work. This was without a "disable-axfr=no" line.
For example, I put in:
allow-axfr-ips=207.126.72.240/28
to allow all machines on my subnet to do zone transfers. No joy.
I also tried:
allow-axfr-ips=207.126.72.242,207.126.72.243,207.126.72.246
These are the individual IPs of all the machines which are active
nameservers on my subnet. Again, does not work.
I even tried this:
allow-axfr-ips=207.126.72.242
(This IP is the machine's own IP just for the sake of argument).
And it still denies an axfr even to itself when I do a dig @207.126.72.242
axfr (domain name).
This is also the case when I tried any of the above plus explicitly having
a "disable-axfr=no" line in addition to the allow-axfr-ips= line.
I've gone back to the old discussion regarding AXFRs during 2.9.9's cycle
for any info on the matter, but to no avail.
Am I missing anything? Am I doing something wrong? Or is this a genuine bug?
I'm using the Debian build of PDNS, everything dynamic (I don't want the
static version because that's a lot of stuff I don't use in the binary)
running under Debian Woody. Had to get some additional stuff from
apt-get.org, notably newer PgSQL stuff, so the whole package would build.
Also, I'm using the BIND backend for all my nameservers.
In the meantime, I've fallen back to 2.9.8 which works the way I need it
to. Zone transfers work (which I have verified using dig and with my other
nameservers).
--Ian.
P.S. Is there any way of starting the pdns_recursor daemon when you start
pdns_server using the rc scripts? Or do I have to write my own script?
Currently, I use a cron script which I wrote during the days when
pdns_recursor had stability issues, though it seems to be quite stable now.
More information about the Pdns-users
mailing list