Meu escravo não pode transferir as zonas do mestre.
Minha configuração:
Para dizer ao servidor slave quais zonas ele precisa transferir, eu uso esta extensão do Plesk e segui este tutorial: link
Infelizmente, algo parece não funcionar. Aqui uma parte do meu syslog no escravo que é idêntico para todas as zonas:
May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: refresh: unexpected rcode (REFUSED) from master XX.XX.XX.XX#53 (source 0.0.0.0#0)
May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: Transfer started.
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX.30#53: connected using XX.XX.XX.XX#55218
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: failed while receiving responses: NOTAUTH
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.008 secs (0 bytes/sec)
Algumas outras informações
Servidor escravo
named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
named.conf.local
controls {
inet * port 953 allow { 93.186.200.30; 127.0.0.1; };
};
named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
};
/var/cache/bind/xxxxx.nzf
zone domain.de { type slave; file "/var/lib/bind/domain.de"; masters { XX.XX.XX.XX; }; };
proprietário / atributos
root@vps79:~# ls -ld /var/lib/bind
drwxr-xr-x 2 bind bind 4096 May 21 20:58 /var/lib/bind
servidor mestre
named.conf
options {
allow-recursion {
localnets;
};
listen-on-v6 { any; };
version "none";
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
};
key "rndc-key" {
algorithm hmac-md5;
secret "CeMgS23y0oWE20nyv0x40Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "domain.de" {
type master;
file "domain.de";
allow-transfer {
XX.XX.XX.XX;
YY.YY.YY.YY;
common-allow-transfer;
};
Log de início detalhado:
root@200030:~# named -u bind -g
22-May-2014 21:35:40.780 starting BIND 9.8.1-P1 -u bind -g
22-May-2014 21:35:40.780 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
22-May-2014 21:35:40.780 adjusted limit on open files from 4096 to 1048576
22-May-2014 21:35:40.780 found 2 CPUs, using 2 worker threads
22-May-2014 21:35:40.780 using up to 4096 sockets
22-May-2014 21:35:40.795 loading configuration from '/etc/bind/named.conf'
22-May-2014 21:35:40.795 reading built-in trusted keys from file '/etc/bind/bind.keys'
22-May-2014 21:35:40.796 using default UDP/IPv4 port range: [1024, 65535]
22-May-2014 21:35:40.796 using default UDP/IPv6 port range: [1024, 65535]
22-May-2014 21:35:40.797 listening on IPv6 interfaces, port 53
22-May-2014 21:35:40.798 listening on IPv4 interface lo, 127.0.0.1#53
22-May-2014 21:35:40.798 listening on IPv4 interface venet0:0, 93.186.200.30#53
22-May-2014 21:35:40.799 generating session key for dynamic DNS
22-May-2014 21:35:40.799 sizing zone task pool based on 5 zones
22-May-2014 21:35:40.802 using built-in root key for view _default
22-May-2014 21:35:40.802 set up managed keys zone for view _default, file 'managed-keys.bind'
22-May-2014 21:35:40.802 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
22-May-2014 21:35:40.802 automatic empty zone: 254.169.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 2.0.192.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 100.51.198.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 113.0.203.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: D.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 9.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: A.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: B.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
22-May-2014 21:35:40.804 command channel listening on 127.0.0.1#953
22-May-2014 21:35:40.804 command channel listening on ::1#953
22-May-2014 21:35:40.804 ignoring config file logging statement due to -g option
22-May-2014 21:35:40.805 zone 0.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 127.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 255.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.806 zone localhost/IN: loaded serial 2
22-May-2014 21:35:40.807 managed-keys-zone ./IN: loaded serial 4
22-May-2014 21:35:40.807 running
Você tem uma ideia de por que esse erro ocorreu e o que posso fazer para corrigi-lo? Se você precisar de mais informações, me deixe agora.
Obrigado antecipadamente!