Hi, I have a DNS Master (192.168.102.159) and Slave (192.168.102.132) servers, both are VMs, the Master configuration is fine and does both forward and reverse lookups, however, when I try zone transfers with slave, the slave throws the following error failed to connect: host unreachable, I have checked the IP addresses are correct in both conf and zone files, the zone files also show no errors in named-checkzone. This is my second setup, in the earlier setup I received an error rndc.key not found followed by this error, however, in this setup I only received this error. I have added chgrp and chown on slaves folder in Slave, however, no firewall entries are added, unsure if I have to. Firewall entries Code: iptables -A INPUT -i ens33 -p tcp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT iptables -A INPUT -i ens33 -p udp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT named.conf (MASTER) Code: acl internals { 192.168.102.0/24; }; options { listen-on port 53 { 127.0.0.1; 192.168.102.159; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-transfer { 192.168.102.132; }; allow-query { localhost; internals; }; recursion yes; /* dnssec-enable yes; dnssec-validation yes; */ /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "abc.local" { type master; file "abc.db"; allow-transfer { 192.168.102.132; }; }; zone "102.168.192.IN-ADDR.ARPA" { type master; file "cba.db"; allow-transfer { 192.168.102.132; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; named.conf (SLAVE) Code: acl internals { 192.168.102.0/24; }; options { listen-on port 53 { 127.0.0.1; 192.168.102.132; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-notify { 192.168.102.159; }; allow-query { localhost; internals; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "abc.local" { type slave; masters { 192.168.102.159; }; file "slaves/abc.db"; allow-transfer { 192.168.102.159; }; }; zone "102.168.192.IN-ADDR.ARPA" { type slave; masters { 192.168.102.159; }; file "slaves/cba.db"; allow-transfer { 192.168.102.159; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; abc.db Code: $TTL 3H $ORIGIN abc.local. @ IN SOA ns1.abc.local. ns2.abc.local. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.abc.local. IN NS ns2.abc.local. ns1 IN A 192.168.102.159 ns2 IN A 192.168.102.132 cba.db Code: $TTL 3H $ORIGIN 102.168.192.IN-ADDR.ARPA. @ IN SOA ns1.abc.local. ns2.abc.local. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns1.abc.local. IN NS ns2.abc.local. 159 IN PTR ns1.abc.local. 132 IN PTR ns2.abc.local. Error Code: 30-Dec-2018 20:33:24.030 managed-keys-zone: journal file is out of date: removing journal file 30-Dec-2018 20:33:24.030 managed-keys-zone: loaded serial 2 30-Dec-2018 20:33:24.031 zone 0.in-addr.arpa/IN: loaded serial 0 30-Dec-2018 20:33:24.033 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 30-Dec-2018 20:33:24.035 zone localhost.localdomain/IN: loaded serial 0 30-Dec-2018 20:33:24.035 zone localhost/IN: loaded serial 0 30-Dec-2018 20:33:24.037 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 30-Dec-2018 20:33:24.037 all zones loaded 30-Dec-2018 20:33:24.037 running 30-Dec-2018 20:34:54.045 zone abc.local/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0) 30-Dec-2018 20:34:54.045 zone abc.local/IN: Transfer started. 30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: failed to connect: host unreachable 30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec) 30-Dec-2018 20:34:54.547 zone 102.168.192.IN-ADDR.ARPA/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0) Both master and slave can ping each other. Thank You[/code]
That is hard to read. Put files and logs in code tags to keep them readable. And mark what file it is from which host. That said, it looks like on the master the zone does not allow transfer to the slave. I have solved name service problems with the "DNS and BIND" book.
I was not able to find the code tag, unless you mean it is possible todo it manually. Thanks, I will look out for the book as well..
