ITEM: I2568L

DNS Zone Transfer Fails with Master Unreachable error


Question:
  My zone transfers are failing with a "master unreachable" error,
  what could cause this?

Response:
  1. Can the secondary ping the primary by ip-address? If not
     resolve TCP/IP connectivity issues
  2. Verify that the secondary has the correct ip-address of the
     DNS primary in the secondaries /etc/named.boot for data and rev files
  3. Verify that the SOA record for the data and rev file on primary is valid:
     
@               86400 IN        SOA     host.sub1.sub2.comp.com. root.host.sub1.
sub2.comp.com. (
                                        1.503           ; Serial
                                        600             ; Refresh
                                        300             ; Retry
                                        3600000         ; Expire
                                        86400 )         ; Minimum
                9999999 IN      NS      host
     where host is the hostname, sub1-subn is the the subdomain structure for
     for the DNS design, comp is the company name and com is the type of
     DNS connection.
  4. Is the primary authoritative for the zone? At the beginning of a zone 
     transfer, the secondary checks the primary to see if it is authoritative 
     for the zone it is trying to transfer. This check can be accomplished 
     with nslookup. Look for the "auth. answer" flag in the answer header with 
     nslookup debug on. Here's an example:

     wizard:/u/userl> nslookup
     Default Server:  host.sub1.sub2.comp.com
     Address:  123.123.123.123
     > server host
     Default Server:  host.sub1.sub2.comp.com
     Address:  123.123.123.124
     > set type=any
     > set debug
     > 123.123.in-addr.arpa.
     Server:  host.sub1.sub2.comp.com
     Address:  123.123.123.124
     res_mkquery(0, 123.123.in-addr.arpa, 1, 255)
     ------------
     Got answer:
       HEADER:
          opcode = QUERY, id = 4, rcode = NOERROR
HERE:  -->      header flags:  response, auth. answer, want recursion,
      recursion avail.
          questions = 1,  answers = 8,  authority records = 0,
      additional = 7

       QUESTIONS:
          123.123.in-addr.arpa, type = ANY, class = IN
 [extra stuff deleted]

  If this is the problem, run debug on named on the primary on startup while 
  it is loading the zone and look for  errors.





Support Line: DNS Zone Transfer Fails with Master Unreachable error ITEM: I2568L

Dated: April 1994 Category: N/A

This HTML file was generated 99/06/24~13:30:45

Comments or suggestions?
Contact us