[Freeipa-users] DNS zone transfers

Thu Jun 16 19:38:18 UTC 2011

El jue, 16-06-2011 a las 11:27 -0400, Simo Sorce escribió:
> On Thu, 2011-06-16 at 10:31 -0430, Loris Santamaria wrote:
> > Hi,
> > 
> > I would like to use my freeIPA v2 server as my master name server and
> > have other normal (non ldap based) bind servers as caching / secondary
> > name servers. Ideally the clients would query only the secondary servers
> > and the secondary name servers would perform regular zone transfers from
> > the master server.
> > 
> > So I'm trying to setup zone transfer in my IPA based name server. First
> > of all I see that the attribute "idnsAllowTransfer" referenced in the
> > bind-dyndb-ldap documentation is not really supported in the schema
> > installed in IPA. Next, using a global "allow-transfer" in named.conf
> > doesn't work also.
> 
> A global allow-transfer should work, have you restarted named after
> setting it ?
> 
> If it doesn't work we may have a bug.

I'm adding to named.conf options section:

allow-transfer { 127.0.0.1; };

then I restart named and try a zone transfer on the same host:

# host -l ipa.corpfbk. 127.0.0.1
; Transfer failed.
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

Host ipa.corpfbk not found: 9(NOTAUTH)
; Transfer failed.

In the logs I get:

Jun 16 11:10:26 ipa01 named[30044]: client 127.0.0.1#59303: bad zone transfer request: 'ipa.corpfbk/IN': non-authoritative zone (NOTAUTH)

-- 
Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
------------------------------------------------------------
-O9 -omg-optimize -fomit-instructions

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5909 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110616/75731d1b/attachment.bin>