更新:
BIND版本:
[root@10.224.45.130] $named -v BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5
操作系统:
CentOS release 5.6 (Final)
运行[root@10.224.45.131] $dig @ 10.224.45.130 example.com之后. AXFR:
奴隶:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @10.224.45.130 example.com. axfr ; (1 server found) ;; global options: printcmd ; Transfer Failed.
主:
28-Aug-2011 12:29:01.384 client 10.224.45.131#60553: query: example.com IN AXFR - 28-Aug-2011 12:29:01.384 client 10.224.45.131#60553: zone transfer 'example.com/AXFR/IN' denied
与以前相同的错误消息.
更新2:
[root@10.224.45.130 ~] # iptables -L -n -v Chain INPUT (policy DROP 30235 packets,1747K bytes) pkts bytes target prot opt in out source destination 171K 23M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- tap0 * 0.0.0.0/0 0.0.0.0/0 57196 6930K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 688 57376 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 37869 6120K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 392 21216 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 74 5275 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 3 192 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 13 832 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:636 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:694 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:843 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:953 119 7584 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:993 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194 1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 1 64 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.224.45.130 tcp dpt:10000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11211 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11212 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11213 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11511 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11512 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:11513 Chain FORWARD (policy DROP 0 packets,0 bytes) pkts bytes target prot opt in out source destination 2987 372K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * br0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 Chain OUTPUT (policy ACCEPT 246K packets,37M bytes) pkts bytes target prot opt in out source destination
我可能已经查看了关于BIND主/从设置的每一页,我不能为我的生活让区域传输工作.
这是我的设置:(向下滚动以查找问题)
主:
10.224.45.130
的/etc/named.conf
options { directory "/var/named"; version "unknown"; pid-file "/var/run/named/named.pid"; recursion yes; allow-recursion { localhost; localnets; }; notify explicit; allow-transfer { 10.224.45.131; }; also-notify { 10.224.45.131; }; }; zone "." { type hint; file "named.root"; }; zone "example.com" IN { type master; file "data/example.com.hosts"; };
奴隶:
10.224.45.131
的/etc/named.conf
options { directory "/var/named"; version "unknown"; pid-file "/var/run/named/named.pid"; recursion yes; allow-recursion { localhost; localnets; }; notify yes; allow-transfer { "none"; }; allow-notify { 10.224.45.130; }; }; zone "." { type hint; file "named.root"; }; zone "example.com" IN { type slave; file "slaves/example.com.hosts"; masters { 10.224.45.130; }; };
这是问题所在.当我在从属服务器上重新启动时,它看到区域文件尚不存在,并请求从主服务器传输:
named.log(奴隶)
[10.224.45.131] zone example.com/IN: no database exists yet,requesting AXFR of initial version from 10.224.45.130#53
…之后主服务器收到转移请求:
named.log(大师)
[10.224.45.130] client 10.224.45.131#53467: query: example.com IN AXFR -
…并回复转移请求,该请求被拒绝:
named.log(大师)
[10.224.45.130] client 10.224.45.131#53467: zone transfer 'example.com/AXFR/IN' denied
…在从服务器上它显示为REFUSED:
named.log(奴隶)
[10.224.45.131] transfer of 'example.com/IN' from 10.224.45.130#53: Failed while receiving responses: REFUSED
一遍又一遍地查看所有配置,我发现设置没有任何问题.我在从属区配置的主站设置中列出了主服务器的IP地址,我在主选项设置的允许传输设置中列出了从属服务器的IP地址.
所有IP地址都应该是它们,它不是因为它试图使用公共IP地址而被拒绝,因为IP地址不匹配.我有iptables设置允许两台服务器上的端口53(和953)上的TCP / UDP连接.我已正确设置文件权限,以便存储从属区域文件的/ slaves目录可由指定用户写入.
不管我做什么,我总是得到同样的错误.如果有人能给我一个关于我所缺少的线索,我将非常感激!
首先,尝试验证区域传输是否有效.
在奴隶上,发出dig @master your-domain. AXFR
什么版本的BIND和什么操作系统?