[CentOS] named errors in /var/log/messages
Gordon Messmer
gordon.messmer at gmail.comSat Nov 9 17:58:41 UTC 2019
- Previous message: [CentOS] Need help modding src.rpms to generate complete SAMBA AD DC binary RPMs for CentOS 8
- Next message: [CentOS] Intel Wireless 3160 adapter misbehaving
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 10/30/19 1:14 AM, Walter H. wrote: > can someone explain these errors > > Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: > retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) https://access.redhat.com/solutions/1231573 I believe this means that the client is trying to reach the server over UDP, and is unable to do so. > is this caused by a misconfiguration at the master dns or this dns > (slave)? Probably the firewall or ACL on the master. > is there a serious problem? I think so, yes. > the master has these for each dns > > -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 > -m state --state NEW -j ACCEPT > -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 > -j ACCEPT You're obscuring kind of a lot of information, so it's hard to guess. If the ACLs are denying transfers, I believe the server's named logs will reflect that, so check those. If the firewall is denying it, you should be able to observe that using tcpdump on the server to watch requests and responses from the client. You might also want to check whether the client is using RFC4941 temp addresses, and whether your ACLs and rules will actually match the address it uses for requests: http://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch06s05.html
- Previous message: [CentOS] Need help modding src.rpms to generate complete SAMBA AD DC binary RPMs for CentOS 8
- Next message: [CentOS] Intel Wireless 3160 adapter misbehaving
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list