LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-15-2019, 09:40 AM   #1
ddenial
Member
 
Registered: Dec 2016
Distribution: CentOS, Fedora, Ubuntu
Posts: 177

Rep: Reputation: 35
Authoritative bind server cannot list hosts.


Hello

I have set up an authoritative bind server in CentOS 7. It can resolve individual host in the zone, but cannot list all the hosts in that zone. It gives the error 'Transfer failed'

Code:
# host server1.test.lab
server1.test.lab has address 192.168.122.50

# host tester1.test.lab
tester1.test.lab has address 192.168.122.150

# host outsider1.alien.lab
outsider1.alien.lab has address 192.168.100.100

# host -l test.lab
; Transfer failed.
; Transfer failed.
; Transfer failed.
Host test.lab.alien.lab not found: 2(SERVFAIL)
; Transfer failed.

# host -l alien.lab
; Transfer failed.
; Transfer failed.
; Transfer failed.
Host alien.lab.alien.lab not found: 2(SERVFAIL)
; Transfer failed.
Here are my config files:
Code:
# cat /etc/resolv.conf 
# Generated by NetworkManager
search nix.com test.lab alien.lab
nameserver 192.168.1.7
nameserver 8.8.8.8
nameserver fe80::1%enp3s0

# cat /etc/named.conf
options {
	listen-on port 53 { 127.0.0.1; 192.168.1.7; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	recursing-file  "/var/named/data/named.recursing";
	secroots-file   "/var/named/data/named.secroots";
	allow-query     { localhost; };

	recursion no;
	allow-transfer { none; };

	dnssec-enable yes;
	dnssec-validation yes;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";

	pid-file "/run/named/named.pid";
	session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "nix.com" IN { 
  type master; 
  file "nix.com.fwd"; 
  allow-update { none; };  
};

zone "1.168.192.in-addr.arpa" IN { 
  type master; 
  file "nix.com.rev"; 
  allow-update { none; };  
};

zone "test.lab" IN { 
  type master; 
  file "test.lab.fwd"; 
  allow-update { none; };  
};

zone "122.168.192.in-addr.arpa" IN { 
  type master; 
  file "test.lab.rev"; 
  allow-update { none; };  
};

zone "alien.lab" IN { 
  type master; 
  file "alien.lab.fwd"; 
  allow-update { none; };  
};

zone "100.168.192.in-addr.arpa" IN { 
  type master; 
  file "alien.lab.rev"; 
  allow-update { none; };  
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

# tail -n +1 /var/named/{test,alien}.lab.{fwd,rev}
==> /var/named/test.lab.fwd <==
$TTL 3d 
$ORIGIN test.lab. 
@ IN SOA svr.nix.com. root.nix.com. ( 19022201 12h 15m 3w 3h ) 
@ IN NS  dns.nix.com. 
rhel IN A 192.168.122.51
cent IN A 192.168.122.52
cnt6 IN A 192.168.122.53
ubun IN A 192.168.122.54
debn IN A 192.168.122.55
server1 IN A 192.168.122.50
tester1 IN A 192.168.122.150

==> /var/named/test.lab.rev <==
$TTL 3d 
$ORIGIN 122.168.192.in-addr.arpa. 
@ IN SOA svr.nix.com. root.nix.com. ( 19011301 12h 15m 3w 3h ) 
@ IN NS  dns.nix.com. 
51  IN PTR rhel.test.lab. 
52  IN PTR cent.test.lab. 
53  IN PTR cnt6.test.lab. 
54  IN PTR ubun.test.lab. 
55  IN PTR debn.test.lab. 
50  IN PTR server1.test.lab.
150 IN PTR tester1.test.lab.

==> /var/named/alien.lab.fwd <==
$TTL 3d 
$ORIGIN alien.lab. 
@ IN SOA svr.nix.com. root.nix.com. ( 19011301 12h 15m 3w 3h ) 
@ IN NS  dns.nix.com. 
outsider1 IN A 192.168.100.100

==> /var/named/alien.lab.rev <==
$TTL 3d 
$ORIGIN 100.168.192.in-addr.arpa. 
@ IN SOA svr.nix.com. root.nix.com. ( 18121701 12h 15m 3w 3h ) 
@ IN NS  dns.nix.com. 
100 IN PTR outsider1.alien.lab.
Can't figure it out what I've done wrong?

Appreciate any help, Thanks.
 
Old 05-15-2019, 01:37 PM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,056

Rep: Reputation: 1069Reputation: 1069Reputation: 1069Reputation: 1069Reputation: 1069Reputation: 1069Reputation: 1069Reputation: 1069
From man host:
Code:
List mode is selected by the -l option. This makes host perform a zone transfer for zone name.
emphasis added

Your named.conf:
Code:
allow-transfer { none; };
 
1 members found this post helpful.
Old 05-15-2019, 02:05 PM   #3
ddenial
Member
 
Registered: Dec 2016
Distribution: CentOS, Fedora, Ubuntu
Posts: 177

Original Poster
Rep: Reputation: 35
Quote:
Originally Posted by scasey View Post
From man host:
Code:
List mode is selected by the -l option. This makes host perform a zone transfer for zone name.
emphasis added

Your named.conf:
Code:
allow-transfer { none; };
Oh! You saved my day. I replaced it with allow-transfer { localhost; }. Now it's working fine.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND Non-authoritative. joeswat Linux - Newbie 2 09-02-2013 04:37 PM
Non Authoritative Zone when using particular View w/ BIND buee Linux - Server 1 06-10-2013 08:11 PM
BIND - How do you remove "Authoritative nameservers" in UDP message? wischad Linux - Networking 3 01-29-2011 10:53 AM
Authoritative Non-Authoritative ouncya Linux - Networking 2 02-01-2008 09:51 AM
How do I import bind ".hosts" files into another BIND server chantman Linux - Software 0 06-30-2006 11:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration