[Pdns-users] Allowing AXFR's

[Cemil Degirmenci]

Hi there,

Marc wrote:

> I'm having the same problem over and over again, and I can't find the 
> answer to it. The master DNS server is a PowerDNS 2.9.16 server, 
> the slave also (I'm not 100% sure, because I don't have control over it).

you can check this, when you do:
host -c chaos -t txt version.bind your.secondary.nameserver.tld

example:

host:/home/foo# host -c chaos -t txt version.bind ns2.wavecon.de
;; Warning: Message parser reports malformed message packet.
Using domain server:
Name: ns2.wavecon.de
Address: 83.151.17.51#53
Aliases:

version.bind text "Served by POWERDNS 2.9.16 $Id: packethandler.cc,v 
1.24 2004/02/08 10:43:50 ahu Exp $"

this only works, when it is not faked by the admin.


> When I add a domain to the master and the slave, the slave requests an 
> AXFR for that domain, which is done succesfull and within a few minutes. 
> The problem is when I request an update of that same domain: the slave 
> always reports back that the transfer was unsuccesful. Can somebody 
> please explain how the settings should be? At this moment I've got the 
> following settings:
>  
> disable-axfr=no
> allow-axfr-ips=y.y.y.y
> I thought I had to change disable-axfr to yes, but then the AXFR is 
> refused from all IP's.
>  
> I've changed the IP to a server I am in control of and used dig to try 
> to do a AXFR, and that works without problems. Does anybody have tips or 
> tricks I can try?

can you paste the complete error message of the server? and, maybe, the 
complete pdns.conf. What Backend do you use? Can you show some dumps of 
the Domain? (master and - if possible - slave)


Mit freundlichen Grüßen / Kind regards,

Cemil Degirmenci
-- 
Wavecon GbR | Schanzaeckerstr. 43a | 90443 Nuernberg
phonenr +49 911 120 658 1 |  faxnr +49 911 212 923 3
www.wavecon.de | cd at wavecon.de | gpgkeyId 0x67D5D458