[CentOS] named errors in /var/log/messages

Walter H.

Walter.H at mathemainzel.info
Wed Oct 30 08:14:13 UTC 2019 

Hello,

can someone explain these errors

Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.
Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)
Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started.

is this caused by a misconfiguration at the master dns or this dns (slave)?
(the master dns can only be connected by IPv6)

is there a serious problem?

there also can be found such entries

Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: connected using IPV6-THIS#46019
Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: Transfer completed: 0 messages, 1 records, 0 bytes, 0.064 secs (0 bytes/sec)

or is this just caused by #0 - I guess source port 0?

these are the ip6tables entries on this dns (slave)

-A INPUT -i eth0 -d IPV6-THIS -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -i eth0 -d IPV6-THIS -m udp -p udp --dport 53 -j ACCEPT

the master has these for each dns

-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 -j ACCEPT

the master DNS has this in /etc/named.conf

acl dns-hosts {
         IPV6-SLAVE;            // IPv6only: slave
         ...
};

view "auth" {
         match-clients {
                 dns-hosts;
         };
         empty-zones-enable no;
         recursion no;

         additional-from-auth no;
         additional-from-cache no;

         also-notify {
                 IPV6-SLAVE;            // IPv6only: slave
                 ...
         };
         notify-source 0.0.0.0;
         notify-source-v6 IPV6-MASTER;
         transfer-source 0.0.0.0;
         transfer-source-v6 IPV6-MASTER;

         zone "#ZONE#" IN {
                 type master;
                 notify yes;
                 file "named._authzone-#ZONE#";
                 allow-transfer { dns-hosts; };
                 allow-update { none; };
         };

         ...
};

the slaves itself have this in /etc/named.conf

masters masterhost {
         IPV6-MASTER;                   // IPv6only: master
};

view "auth" {
         match-clients {
                 any;
         };
         empty-zones-enable no;
         recursion no;

         transfer-source 0.0.0.0;
         transfer-source-v6 IPV6-SLAVE;

         additional-from-auth no;
         additional-from-cache no;

         zone "#ZONE#" IN {
                 type slave;
                 masters { masterhost; };
                 file "slaves/named._authzone-#ZONE#";
         };

         ...
};

I have 3 slave DNS servers, each has the same master; and such log entries are at all three slave DNS servers;
each of these 3 slaves is DualStack (in the wild) and the master is IPv6only (at home)


Thanks,
Walter

More information about the CentOS mailing list