Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: rcode 5, refused since upgrade
90 views
Skip to first unread message
jim
Jan 6, 2011, 3:02:22 PM1/6/11
to Jeremy C. Reed, bind-...@lists.isc.org
Hi Jeremy,
Thanks for the reply, I am using allow-transfer { ... }
I just heard back about five minutes ago for the admin and they had removed our site as a secondary.
The RCODE 5 was right on the money telling me what was going on and the logging
" failed while receiving responses: REFUSED "
and even in CAPs :-)
thanks!
jim
Thanks for the reply, I am using allow-transfer { ... }
I just heard back about five minutes ago for the admin and they had removed our site as a secondary.
The RCODE 5 was right on the money telling me what was going on and the logging
" failed while receiving responses: REFUSED "
and even in CAPs :-)
thanks!
jim
On Thu, Jan 6, 2011 at 2:55 PM, Jeremy C. Reed <jr...@isc.org> wrote:
On Thu, 6 Jan 2011, jim wrote:Check your BIND logging too.
> Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1.
> Pretty much copied the named.conf file from one to the other.
> We are a slave for a three other sites, two I download the zones OK, one I
> get REFUSED since the upgrade.
Are you using allow-transfer configuration?
You may also want to read
http://www.isc.org/faq/item/773
and the ARM which describe some changes.
Jeremy C. Reed
Jan 6, 2011, 2:55:55 PM1/6/11
to jim, bind-...@lists.isc.org
jim
Jan 6, 2011, 12:51:36 PM1/6/11
to bind-...@lists.isc.org
Greetings,
Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1.
Pretty much copied the named.conf file from one to the other.
We are a slave for a three other sites, two I download the zones OK, one I get REFUSED since the upgrade.
I thought permissions or config error on my side but have not found anything yet.
Sniffer trace shows my server requesting:
Question Section: Type = Transfer of entire zone of authority (AXFR.252)
and remote master replying
Response code = Refused (5)
Shooting in the dark, I stopped signing my zone and took out;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
but no change.
Could it be a miss-configure on my side to have the master refuse to allow a zone transfer? I ask the remote zone admin if they could check but have not heard back yet. I just have a hard time understanding how my upgrade would have their zone refuse to transfer to the same IP address and FQDN.
RCODE (5)
Refused - The name server refuses to
perform the specified operation for
policy reasons. For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.
thanks!
jim
Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1.
Pretty much copied the named.conf file from one to the other.
We are a slave for a three other sites, two I download the zones OK, one I get REFUSED since the upgrade.
Sniffer trace shows my server requesting:
Question Section: Type = Transfer of entire zone of authority (AXFR.252)
and remote master replying
Response code = Refused (5)
Shooting in the dark, I stopped signing my zone and took out;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
but no change.
Could it be a miss-configure on my side to have the master refuse to allow a zone transfer? I ask the remote zone admin if they could check but have not heard back yet. I just have a hard time understanding how my upgrade would have their zone refuse to transfer to the same IP address and FQDN.
RCODE (5)
Refused - The name server refuses to
perform the specified operation for
policy reasons. For example, a name
server may not wish to provide the
information to the particular requester,
or a name server may not wish to perform
a particular operation (e.g., zone
transfer) for particular data.
thanks!
jim
0 new messages