Nameserver: Slave não pode transferir zonas do master [closed]

4

Meu escravo não pode transferir as zonas do mestre.

Minha configuração:

  • Servidor master: Ubuntu 12.04 com o Plesk 11.5. O Plesk usa o Bind 9 como servidor de nomes.
  • Servidor slave: Ubuntu 12.04, Bind 9.

Para dizer ao servidor slave quais zonas ele precisa transferir, eu uso esta extensão do Plesk e segui este tutorial: link

Infelizmente, algo parece não funcionar. Aqui uma parte do meu syslog no escravo que é idêntico para todas as zonas:

May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: refresh: unexpected rcode (REFUSED) from master XX.XX.XX.XX#53 (source 0.0.0.0#0)
May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: Transfer started.
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX.30#53: connected using XX.XX.XX.XX#55218
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: failed while receiving responses: NOTAUTH
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.008 secs (0 bytes/sec)

Algumas outras informações

Servidor escravo

named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named.conf.local

controls {
    inet * port 953 allow { 93.186.200.30; 127.0.0.1; };
};

named.conf.options

options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
};

/var/cache/bind/xxxxx.nzf

zone domain.de { type slave; file "/var/lib/bind/domain.de"; masters { XX.XX.XX.XX; }; };

proprietário / atributos

root@vps79:~# ls -ld /var/lib/bind
drwxr-xr-x 2 bind bind 4096 May 21 20:58 /var/lib/bind

servidor mestre

named.conf

options {
    allow-recursion {
        localnets;
    };

listen-on-v6 { any; };
    version "none";
    directory "/var";
    auth-nxdomain no;
    pid-file "/var/run/named/named.pid";

};

key "rndc-key" {
    algorithm hmac-md5;
    secret "CeMgS23y0oWE20nyv0x40Q==";
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
    type hint;
    file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
    type master;
    file "localhost.rev";
};
zone "domain.de" {
    type master;
    file "domain.de";
    allow-transfer {
        XX.XX.XX.XX;
        YY.YY.YY.YY;
        common-allow-transfer;
    };

Log de início detalhado:

root@200030:~# named -u bind -g
22-May-2014 21:35:40.780 starting BIND 9.8.1-P1 -u bind -g
22-May-2014 21:35:40.780 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
22-May-2014 21:35:40.780 adjusted limit on open files from 4096 to 1048576
22-May-2014 21:35:40.780 found 2 CPUs, using 2 worker threads
22-May-2014 21:35:40.780 using up to 4096 sockets
22-May-2014 21:35:40.795 loading configuration from '/etc/bind/named.conf'
22-May-2014 21:35:40.795 reading built-in trusted keys from file '/etc/bind/bind.keys'
22-May-2014 21:35:40.796 using default UDP/IPv4 port range: [1024, 65535]
22-May-2014 21:35:40.796 using default UDP/IPv6 port range: [1024, 65535]
22-May-2014 21:35:40.797 listening on IPv6 interfaces, port 53
22-May-2014 21:35:40.798 listening on IPv4 interface lo, 127.0.0.1#53
22-May-2014 21:35:40.798 listening on IPv4 interface venet0:0, 93.186.200.30#53
22-May-2014 21:35:40.799 generating session key for dynamic DNS
22-May-2014 21:35:40.799 sizing zone task pool based on 5 zones
22-May-2014 21:35:40.802 using built-in root key for view _default
22-May-2014 21:35:40.802 set up managed keys zone for view _default, file 'managed-keys.bind'
22-May-2014 21:35:40.802 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
22-May-2014 21:35:40.802 automatic empty zone: 254.169.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 2.0.192.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 100.51.198.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 113.0.203.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: D.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 9.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: A.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: B.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
22-May-2014 21:35:40.804 command channel listening on 127.0.0.1#953
22-May-2014 21:35:40.804 command channel listening on ::1#953
22-May-2014 21:35:40.804 ignoring config file logging statement due to -g option
22-May-2014 21:35:40.805 zone 0.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 127.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 255.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.806 zone localhost/IN: loaded serial 2
22-May-2014 21:35:40.807 managed-keys-zone ./IN: loaded serial 4
22-May-2014 21:35:40.807 running

Você tem uma ideia de por que esse erro ocorreu e o que posso fazer para corrigi-lo? Se você precisar de mais informações, me deixe agora.

Obrigado antecipadamente!

    
por w3thax 22.05.2014 / 21:39

0 respostas