named errors in /var/log/messages

["Walter H." <Walter.H@xxxxxxxxxxxxxxxxx>]

Hello,

can someone explain these errors

Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.

is this caused by a misconfiguration at the master dns or this dns (slave)?
(the master dns can only be connected by IPv6)

is there a serious problem?

there also can be found such entries

Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: connected using IPV6-THIS#46019
Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: Transfer completed: 0 messages, 1 records, 0 bytes, 0.064 secs (0 bytes/sec)

or is this just caused by #0 - I guess source port 0?

these are the ip6tables entries on this dns (slave)

-A INPUT -i eth0 -d IPV6-THIS -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -i eth0 -d IPV6-THIS -m udp -p udp --dport 53 -j ACCEPT

the master has these for each dns

-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 -j ACCEPT

the master DNS has this in /etc/named.conf

acl dns-hosts {
        IPV6-SLAVE;            // IPv6only: slave
        ...
};

view "auth" {
        match-clients {
                dns-hosts;
        };
        empty-zones-enable no;
        recursion no;

        additional-from-auth no;
        additional-from-cache no;

        also-notify {
                IPV6-SLAVE;            // IPv6only: slave
                ...
        };
        notify-source 0.0.0.0;
        notify-source-v6 IPV6-MASTER;
        transfer-source 0.0.0.0;
        transfer-source-v6 IPV6-MASTER;

        zone "#ZONE#" IN {
                type master;
                notify yes;
                file "named._authzone-#ZONE#";
                allow-transfer { dns-hosts; };
                allow-update { none; };
        };

        ...
};

the slaves itself have this in /etc/named.conf

masters masterhost {
        IPV6-MASTER;                   // IPv6only: master
};

view "auth" {
        match-clients {
                any;
        };
        empty-zones-enable no;
        recursion no;

        transfer-source 0.0.0.0;
        transfer-source-v6 IPV6-SLAVE;

        additional-from-auth no;
        additional-from-cache no;

        zone "#ZONE#" IN {
                type slave;
                masters { masterhost; };
                file "slaves/named._authzone-#ZONE#";
        };

        ...
};

I have 3 slave DNS servers, each has the same master; and such log entries are at all three slave DNS servers;
each of these 3 slaves is DualStack (in the wild) and the master is IPv6only (at home)


Thanks,
Walter


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos