31 Pro
2017
31 Pro
'17
17:44
Helly everybody,
there is a KNOT DNS master name server that I do not manage myself for my domain. I try to
setup a BIND DNS server as a slave in-house. BIND fails to do the zone transfer and
reports
31-Dec-2017 16:19:02.503 zone whka.de/IN: Transfer started.
31-Dec-2017 16:19:02.504
transfer of 'whka.de/IN' from 2001:7c7:2000:53::#53:
connected using 2001:7c7:20e8:18e::2#53509
31-Dec-2017 16:19:02.505
transfer of 'whka.de/IN' from 2001:7c7:2000:53::#53:
failed while receiving responses: NOTAUTH
31-Dec-2017 16:19:02.505
transfer of 'whka.de/IN' from 2001:7c7:2000:53::#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs
If try dig (this time using the IPv4 address), I get a failure, too.
# dig axfr @141.70.45.160 whka.de.
; <<>> DiG 9.9.5-9+deb8u7-Debian <<>> axfr @141.70.45.160
whka.de.
; (1 server found)
;; global options: +cmd
; Transfer failed.
Wireshark tells me that the reply code of the name server is `1001 Server is not an
authority for domain`. What is going on here?
Especially, if I query the same nameserver for an usual A-record it claims to be
authoritative. Moreover, KNOT DNS manual says KNOT is an authoritative-only name server.
So there is no way of being non-authoritative.
Has anybody already observed something like this?
Best regards, Matthias
--
Evang. Studentenwohnheim Karlsruhe e.V. – Hermann-Ehlers-Kolleg
Matthias Nagel
Willy-Andreas-Allee 1, 76131 Karlsruhe, Germany
Phone: +49-721-96869289, Mobile: +49-151-15998774
E-Mail: matthias.nagel(a)hermann-ehlers-kolleg.de
31 Pro
31 Pro
19:19
New subject: Zone transfer from KNOT (master) to BIND (slave) fails with NAUTH
Hello Matthias,
The 'NotAuth' RCODE means 'Not Authorized' in this context (see
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-pa…).
It seems that your slave server's IP address is either not from the
allowed address range in the master ACL configuration or a TSIG key is
missing in your slave server configuration.
Regards,
Daniel
On 2017-12-31 17:44, Matthias Nagel wrote:
Helly everybody,
there is a KNOT DNS master name server that I do not manage myself for
my domain. I try to setup a BIND DNS server as a slave in-house. BIND
fails to do the zone transfer and reports
31-Dec-2017 16:19:02.503 zone whka.de/IN: Transfer started.
31-Dec-2017 16:19:02.504
transfer of 'whka.de/IN' from 2001:7c7:2000:53::#53:
connected using 2001:7c7:20e8:18e::2#53509
31-Dec-2017 16:19:02.505
transfer of 'whka.de/IN' from 2001:7c7:2000:53::#53:
failed while receiving responses: NOTAUTH
31-Dec-2017 16:19:02.505
transfer of 'whka.de/IN' from 2001:7c7:2000:53::#53:
Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs
If try dig (this time using the IPv4 address), I get a failure, too.
# dig axfr @141.70.45.160 whka.de.
; <<>> DiG 9.9.5-9+deb8u7-Debian <<>> axfr @141.70.45.160
whka.de.
; (1 server found)
;; global options: +cmd
; Transfer failed.
Wireshark tells me that the reply code of the name server is `1001
Server is not an authority for domain`. What is going on here?
Especially, if I query the same nameserver for an usual A-record it
claims to be authoritative. Moreover, KNOT DNS manual says KNOT is an
authoritative-only name server. So there is no way of being
non-authoritative.
Has anybody already observed something like this?
Best regards, Matthias
--
Evang. Studentenwohnheim Karlsruhe e.V. – Hermann-Ehlers-Kolleg
Matthias Nagel
Willy-Andreas-Allee 1, 76131 Karlsruhe, Germany
Phone: +49-721-96869289, Mobile: +49-151-15998774
E-Mail: matthias.nagel(a)hermann-ehlers-kolleg.de
2520
days inactive
2520
days old
1 comments
2 participants
participants (2)
-
daniel.salzman@nic.cz -
Matthias Nagel