On 10/30/19 1:14 AM, Walter H. wrote:
can someone explain these errors
Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh:
retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
https://access.redhat.com/solutions/1231573
I believe this means that the client is trying to reach the server over
UDP, and is unable to do so.
is this caused by a misconfiguration at the master dns or this dns
(slave)?
Probably the firewall or ACL on the master.
is there a serious problem?
I think so, yes.
the master has these for each dns
-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53
-m state --state NEW -j ACCEPT
-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53
-j ACCEPT
You're obscuring kind of a lot of information, so it's hard to guess.
If the ACLs are denying transfers, I believe the server's named logs
will reflect that, so check those. If the firewall is denying it, you
should be able to observe that using tcpdump on the server to watch
requests and responses from the client.
You might also want to check whether the client is using RFC4941 temp
addresses, and whether your ACLs and rules will actually match the
address it uses for requests:
http://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch06s05.html
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
