Hello,
can someone explain these errors
Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
is this caused by a misconfiguration at the master dns or this dns (slave)? (the master dns can only be connected by IPv6)
is there a serious problem?
there also can be found such entries
Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: connected using IPV6-THIS#46019 Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: Transfer completed: 0 messages, 1 records, 0 bytes, 0.064 secs (0 bytes/sec)
or is this just caused by #0 - I guess source port 0?
these are the ip6tables entries on this dns (slave)
-A INPUT -i eth0 -d IPV6-THIS -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i eth0 -d IPV6-THIS -m udp -p udp --dport 53 -j ACCEPT
the master has these for each dns
-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 -j ACCEPT
the master DNS has this in /etc/named.conf
acl dns-hosts { IPV6-SLAVE; // IPv6only: slave ... };
view "auth" { match-clients { dns-hosts; }; empty-zones-enable no; recursion no;
additional-from-auth no; additional-from-cache no;
also-notify { IPV6-SLAVE; // IPv6only: slave ... }; notify-source 0.0.0.0; notify-source-v6 IPV6-MASTER; transfer-source 0.0.0.0; transfer-source-v6 IPV6-MASTER;
zone "#ZONE#" IN { type master; notify yes; file "named._authzone-#ZONE#"; allow-transfer { dns-hosts; }; allow-update { none; }; };
... };
the slaves itself have this in /etc/named.conf
masters masterhost { IPV6-MASTER; // IPv6only: master };
view "auth" { match-clients { any; }; empty-zones-enable no; recursion no;
transfer-source 0.0.0.0; transfer-source-v6 IPV6-SLAVE;
additional-from-auth no; additional-from-cache no;
zone "#ZONE#" IN { type slave; masters { masterhost; }; file "slaves/named._authzone-#ZONE#"; };
... };
I have 3 slave DNS servers, each has the same master; and such log entries are at all three slave DNS servers; each of these 3 slaves is DualStack (in the wild) and the master is IPv6only (at home)
Thanks, Walter