Chinaunix首页 | 论坛 | 博客
  • 博客访问: 788154
  • 博文数量: 434
  • 博客积分: 11187
  • 博客等级: 上将
  • 技术积分: 5221
  • 用 户 组: 普通用户
  • 注册时间: 2009-02-19 01:00
文章分类

全部博文(434)

文章存档

2016年(2)

2013年(1)

2012年(115)

2011年(195)

2010年(32)

2009年(89)

分类: LINUX

2009-05-18 17:51:52

The trick & tips of the moment : we recently upgrade the secondary dns server of Lautre.Net. We are now using BIND 9.3.3rc2.

We has the following error message for all the hosted domains :

Apr 16 00:34:38 ns2 named[4586]: client 212.85.137.31#1293: received notify for zone 'sonntag.eu.org'
Apr 16 00:34:38 ns2 named[4586]: zone taous.net/IN: refused notify from non-master: 212.85.137.31#1293

The server ip is 212.85.137.31. The problem is that when you start bind, it send a "notfiy" message to its own daemon to check if all the hosted zones are up-to-date. But since there is no authorization, it denies himself this request !


This can be solve easily by adding an explicit authorization in bind options (usually in ) as follow :

(since we are on debian etch, the options are in /etc/bind/named.conf.options)

options {
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        allow-query { any; };              // This is the default
        recursion no;                      // Do not provide recursive service
        // We add a manual authorization for bind own ip
        allow-notify { 212.85.137.31; };

}

Then, restart bind with /etc/init.d/bind9 restart and you'll see the good news :

Apr 16 00:43:13 ns2 named[4973]: zone sonntag.eu.org/IN: sending notifies (serial 2004110621)
Apr 16 00:43:13 ns2 named[4973]: client 212.85.137.31#1295: received notify for zone 'sonntag.eu.org'
Apr 16 00:43:13 ns2 named[4973]: zone sonntag.eu.org/IN: notify from 212.85.137.31#1295: zone is up to date

Bind sent a notify message to himself, received it and sent a SOA request to the master to check the zone serial number, to know if it has a up-to-date zone file...

阅读(2273) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~