LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Authoritative bind server cannot list hosts. (https://www.linuxquestions.org/questions/linux-newbie-8/authoritative-bind-server-cannot-list-hosts-4175653951/)

ddenial 05-15-2019 09:40 AM
Authoritative bind server cannot list hosts.
 
Hello

I have set up an authoritative bind server in CentOS 7. It can resolve individual host in the zone, but cannot list all the hosts in that zone. It gives the error 'Transfer failed'

Code:
# host server1.test.lab
server1.test.lab has address 192.168.122.50

# host tester1.test.lab
tester1.test.lab has address 192.168.122.150

# host outsider1.alien.lab
outsider1.alien.lab has address 192.168.100.100

# host -l test.lab
; Transfer failed.
; Transfer failed.
; Transfer failed.
Host test.lab.alien.lab not found: 2(SERVFAIL)
; Transfer failed.

# host -l alien.lab
; Transfer failed.
; Transfer failed.
; Transfer failed.
Host alien.lab.alien.lab not found: 2(SERVFAIL)
; Transfer failed.
Here are my config files:
Code:
# cat /etc/resolv.conf
# Generated by NetworkManager
search nix.com test.lab alien.lab
nameserver 192.168.1.7
nameserver 8.8.8.8
nameserver fe80::1%enp3s0

# cat /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 192.168.1.7; };
        listen-on-v6 port 53 { ::1; };
        directory        "/var/named";
        dump-file        "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file  "/var/named/data/named.secroots";
        allow-query    { localhost; };

        recursion no;
        allow-transfer { none; };

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "nix.com" IN {
  type master;
  file "nix.com.fwd";
  allow-update { none; }; 
};

zone "1.168.192.in-addr.arpa" IN {
  type master;
  file "nix.com.rev";
  allow-update { none; }; 
};

zone "test.lab" IN {
  type master;
  file "test.lab.fwd";
  allow-update { none; }; 
};

zone "122.168.192.in-addr.arpa" IN {
  type master;
  file "test.lab.rev";
  allow-update { none; }; 
};

zone "alien.lab" IN {
  type master;
  file "alien.lab.fwd";
  allow-update { none; }; 
};

zone "100.168.192.in-addr.arpa" IN {
  type master;
  file "alien.lab.rev";
  allow-update { none; }; 
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

# tail -n +1 /var/named/{test,alien}.lab.{fwd,rev}
==> /var/named/test.lab.fwd <==
$TTL 3d
$ORIGIN test.lab.
@ IN SOA svr.nix.com. root.nix.com. ( 19022201 12h 15m 3w 3h )
@ IN NS  dns.nix.com.
rhel IN A 192.168.122.51
cent IN A 192.168.122.52
cnt6 IN A 192.168.122.53
ubun IN A 192.168.122.54
debn IN A 192.168.122.55
server1 IN A 192.168.122.50
tester1 IN A 192.168.122.150

==> /var/named/test.lab.rev <==
$TTL 3d
$ORIGIN 122.168.192.in-addr.arpa.
@ IN SOA svr.nix.com. root.nix.com. ( 19011301 12h 15m 3w 3h )
@ IN NS  dns.nix.com.
51  IN PTR rhel.test.lab.
52  IN PTR cent.test.lab.
53  IN PTR cnt6.test.lab.
54  IN PTR ubun.test.lab.
55  IN PTR debn.test.lab.
50  IN PTR server1.test.lab.
150 IN PTR tester1.test.lab.

==> /var/named/alien.lab.fwd <==
$TTL 3d
$ORIGIN alien.lab.
@ IN SOA svr.nix.com. root.nix.com. ( 19011301 12h 15m 3w 3h )
@ IN NS  dns.nix.com.
outsider1 IN A 192.168.100.100

==> /var/named/alien.lab.rev <==
$TTL 3d
$ORIGIN 100.168.192.in-addr.arpa.
@ IN SOA svr.nix.com. root.nix.com. ( 18121701 12h 15m 3w 3h )
@ IN NS  dns.nix.com.
100 IN PTR outsider1.alien.lab.
Can't figure it out what I've done wrong?

Appreciate any help, Thanks.

scasey 05-15-2019 01:37 PM
From man host:
Code:
List mode is selected by the -l option. This makes host perform a zone transfer for zone name.
emphasis added

Your named.conf:
Code:
allow-transfer { none; };

ddenial 05-15-2019 02:05 PM
Quote:
Originally Posted by scasey (Post 5995372)
From man host:
Code:
List mode is selected by the -l option. This makes host perform a zone transfer for zone name.
emphasis added

Your named.conf:
Code:
allow-transfer { none; };
Oh! You saved my day. I replaced it with allow-transfer { localhost; }. Now it's working fine.

Thanks.


All times are GMT -5. The time now is 01:50 AM.