DNS Slave says failed to connect: host unreachable
0
I have a DNS Master (192.168.102.159) and Slave (192.168.102.132) servers, both are VMs, the Master configuration is fine and does both forward and reverse lookups, however, when I try zone transfers with slave, the slave throws the following error failed to connect: host unreachable, I have checked the IP addresses are correct in both conf and zone files, the zone files also show no errors in named-checkzone. This is my second setup, in the earlier setup I received an error rndc.key not found followed by this error, however, in this setup I only received this error.
I have added chgrp and chown on slaves folder in Slave, however, no firewall entries are added, unsure if I have to.
Firewall entries
iptables -A INPUT -i ens33 -p tcp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -i ens33 -p udp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
named.conf (MASTER)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.159; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { 192.168.102.132; };
allow-query { localhost; internals; };
recursion yes;
/*
dnssec-enable yes;
dnssec-validation yes;
*/
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type master; file "abc.db"; allow-transfer { 192.168.102.132; }; };
zone "102.168.192.IN-ADDR.ARPA" { type master; file "cba.db"; allow-transfer { 192.168.102.132; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
named.conf (SLAVE)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.132; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-notify { 192.168.102.159; };
allow-query { localhost; internals; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type slave; masters { 192.168.102.159; }; file "slaves/abc.db"; allow-transfer { 192.168.102.159; }; };
zone "102.168.192.IN-ADDR.ARPA" { type slave; masters { 192.168.102.159; }; file "slaves/cba.db"; allow-transfer { 192.168.102.159; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
abc.db
$TTL 3H
$ORIGIN abc.local.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
ns1 IN A 192.168.102.159
ns2 IN A 192.168.102.132
cba.db
$TTL 3H
$ORIGIN 102.168.192.IN-ADDR.ARPA.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
159 IN PTR ns1.abc.local.
132 IN PTR ns2.abc.local.
Error
30-Dec-2018 20:33:24.030 managed-keys-zone: journal file is out of date: removing journal file
30-Dec-2018 20:33:24.030 managed-keys-zone: loaded serial 2
30-Dec-2018 20:33:24.031 zone 0.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.033 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost.localdomain/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost/IN: loaded serial 0
30-Dec-2018 20:33:24.037 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.037 all zones loaded
30-Dec-2018 20:33:24.037 running
30-Dec-2018 20:34:54.045 zone abc.local/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
30-Dec-2018 20:34:54.045 zone abc.local/IN: Transfer started.
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: failed to connect: host unreachable
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
30-Dec-2018 20:34:54.547 zone 102.168.192.IN-ADDR.ARPA/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
Both master and slave can ping each other.
centos dns
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
add a comment |
0
I have a DNS Master (192.168.102.159) and Slave (192.168.102.132) servers, both are VMs, the Master configuration is fine and does both forward and reverse lookups, however, when I try zone transfers with slave, the slave throws the following error failed to connect: host unreachable, I have checked the IP addresses are correct in both conf and zone files, the zone files also show no errors in named-checkzone. This is my second setup, in the earlier setup I received an error rndc.key not found followed by this error, however, in this setup I only received this error.
I have added chgrp and chown on slaves folder in Slave, however, no firewall entries are added, unsure if I have to.
Firewall entries
iptables -A INPUT -i ens33 -p tcp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -i ens33 -p udp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
named.conf (MASTER)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.159; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { 192.168.102.132; };
allow-query { localhost; internals; };
recursion yes;
/*
dnssec-enable yes;
dnssec-validation yes;
*/
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type master; file "abc.db"; allow-transfer { 192.168.102.132; }; };
zone "102.168.192.IN-ADDR.ARPA" { type master; file "cba.db"; allow-transfer { 192.168.102.132; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
named.conf (SLAVE)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.132; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-notify { 192.168.102.159; };
allow-query { localhost; internals; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type slave; masters { 192.168.102.159; }; file "slaves/abc.db"; allow-transfer { 192.168.102.159; }; };
zone "102.168.192.IN-ADDR.ARPA" { type slave; masters { 192.168.102.159; }; file "slaves/cba.db"; allow-transfer { 192.168.102.159; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
abc.db
$TTL 3H
$ORIGIN abc.local.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
ns1 IN A 192.168.102.159
ns2 IN A 192.168.102.132
cba.db
$TTL 3H
$ORIGIN 102.168.192.IN-ADDR.ARPA.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
159 IN PTR ns1.abc.local.
132 IN PTR ns2.abc.local.
Error
30-Dec-2018 20:33:24.030 managed-keys-zone: journal file is out of date: removing journal file
30-Dec-2018 20:33:24.030 managed-keys-zone: loaded serial 2
30-Dec-2018 20:33:24.031 zone 0.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.033 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost.localdomain/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost/IN: loaded serial 0
30-Dec-2018 20:33:24.037 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.037 all zones loaded
30-Dec-2018 20:33:24.037 running
30-Dec-2018 20:34:54.045 zone abc.local/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
30-Dec-2018 20:34:54.045 zone abc.local/IN: Transfer started.
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: failed to connect: host unreachable
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
30-Dec-2018 20:34:54.547 zone 102.168.192.IN-ADDR.ARPA/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
Both master and slave can ping each other.
centos dns
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
Your two firewall rules are too restrictive. Remove them, relax them, or prefix them with a LOG file that shows you the source port of the slave transfer requests.
– roaima
Dec 31 '18 at 9:37
I disabled firewall and checked again, the error still showed up, failed to connect: host unreachable, what about the rndc.key error could it be the reason ?
– Huud Rych
Dec 31 '18 at 11:49
dnssec-validation no; - would it help? Also take out the DLV validation, the service has been terminated in 2015.
– Rui F Ribeiro
Dec 31 '18 at 14:26
also, has it got any other interfaces? Could it be reaching it with another IP address?
– Rui F Ribeiro
Dec 31 '18 at 14:41
add a comment |
0
0
0
I have a DNS Master (192.168.102.159) and Slave (192.168.102.132) servers, both are VMs, the Master configuration is fine and does both forward and reverse lookups, however, when I try zone transfers with slave, the slave throws the following error failed to connect: host unreachable, I have checked the IP addresses are correct in both conf and zone files, the zone files also show no errors in named-checkzone. This is my second setup, in the earlier setup I received an error rndc.key not found followed by this error, however, in this setup I only received this error.
I have added chgrp and chown on slaves folder in Slave, however, no firewall entries are added, unsure if I have to.
Firewall entries
iptables -A INPUT -i ens33 -p tcp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -i ens33 -p udp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
named.conf (MASTER)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.159; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { 192.168.102.132; };
allow-query { localhost; internals; };
recursion yes;
/*
dnssec-enable yes;
dnssec-validation yes;
*/
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type master; file "abc.db"; allow-transfer { 192.168.102.132; }; };
zone "102.168.192.IN-ADDR.ARPA" { type master; file "cba.db"; allow-transfer { 192.168.102.132; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
named.conf (SLAVE)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.132; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-notify { 192.168.102.159; };
allow-query { localhost; internals; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type slave; masters { 192.168.102.159; }; file "slaves/abc.db"; allow-transfer { 192.168.102.159; }; };
zone "102.168.192.IN-ADDR.ARPA" { type slave; masters { 192.168.102.159; }; file "slaves/cba.db"; allow-transfer { 192.168.102.159; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
abc.db
$TTL 3H
$ORIGIN abc.local.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
ns1 IN A 192.168.102.159
ns2 IN A 192.168.102.132
cba.db
$TTL 3H
$ORIGIN 102.168.192.IN-ADDR.ARPA.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
159 IN PTR ns1.abc.local.
132 IN PTR ns2.abc.local.
Error
30-Dec-2018 20:33:24.030 managed-keys-zone: journal file is out of date: removing journal file
30-Dec-2018 20:33:24.030 managed-keys-zone: loaded serial 2
30-Dec-2018 20:33:24.031 zone 0.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.033 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost.localdomain/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost/IN: loaded serial 0
30-Dec-2018 20:33:24.037 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.037 all zones loaded
30-Dec-2018 20:33:24.037 running
30-Dec-2018 20:34:54.045 zone abc.local/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
30-Dec-2018 20:34:54.045 zone abc.local/IN: Transfer started.
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: failed to connect: host unreachable
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
30-Dec-2018 20:34:54.547 zone 102.168.192.IN-ADDR.ARPA/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
Both master and slave can ping each other.
centos dns
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
I have a DNS Master (192.168.102.159) and Slave (192.168.102.132) servers, both are VMs, the Master configuration is fine and does both forward and reverse lookups, however, when I try zone transfers with slave, the slave throws the following error failed to connect: host unreachable, I have checked the IP addresses are correct in both conf and zone files, the zone files also show no errors in named-checkzone. This is my second setup, in the earlier setup I received an error rndc.key not found followed by this error, however, in this setup I only received this error.
I have added chgrp and chown on slaves folder in Slave, however, no firewall entries are added, unsure if I have to.
Firewall entries
iptables -A INPUT -i ens33 -p tcp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -i ens33 -p udp -m state --state NEW,ESTABLISHED -s 192.168.102.132 --sport 1024:65535 --dport 53 -j ACCEPT
named.conf (MASTER)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.159; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-transfer { 192.168.102.132; };
allow-query { localhost; internals; };
recursion yes;
/*
dnssec-enable yes;
dnssec-validation yes;
*/
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type master; file "abc.db"; allow-transfer { 192.168.102.132; }; };
zone "102.168.192.IN-ADDR.ARPA" { type master; file "cba.db"; allow-transfer { 192.168.102.132; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
named.conf (SLAVE)
acl internals { 192.168.102.0/24; };
options {
listen-on port 53 { 127.0.0.1; 192.168.102.132; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-notify { 192.168.102.159; };
allow-query { localhost; internals; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "abc.local" { type slave; masters { 192.168.102.159; }; file "slaves/abc.db"; allow-transfer { 192.168.102.159; }; };
zone "102.168.192.IN-ADDR.ARPA" { type slave; masters { 192.168.102.159; }; file "slaves/cba.db"; allow-transfer { 192.168.102.159; }; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
abc.db
$TTL 3H
$ORIGIN abc.local.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
ns1 IN A 192.168.102.159
ns2 IN A 192.168.102.132
cba.db
$TTL 3H
$ORIGIN 102.168.192.IN-ADDR.ARPA.
@ IN SOA ns1.abc.local. ns2.abc.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.local.
IN NS ns2.abc.local.
159 IN PTR ns1.abc.local.
132 IN PTR ns2.abc.local.
Error
30-Dec-2018 20:33:24.030 managed-keys-zone: journal file is out of date: removing journal file
30-Dec-2018 20:33:24.030 managed-keys-zone: loaded serial 2
30-Dec-2018 20:33:24.031 zone 0.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.033 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost.localdomain/IN: loaded serial 0
30-Dec-2018 20:33:24.035 zone localhost/IN: loaded serial 0
30-Dec-2018 20:33:24.037 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
30-Dec-2018 20:33:24.037 all zones loaded
30-Dec-2018 20:33:24.037 running
30-Dec-2018 20:34:54.045 zone abc.local/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
30-Dec-2018 20:34:54.045 zone abc.local/IN: Transfer started.
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: failed to connect: host unreachable
30-Dec-2018 20:34:54.046 transfer of 'abc.local/IN' from 192.168.102.159#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
30-Dec-2018 20:34:54.547 zone 102.168.192.IN-ADDR.ARPA/IN: refresh: retry limit for master 192.168.102.159#53 exceeded (source 0.0.0.0#0)
Both master and slave can ping each other.
centos dns
centos dns
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
edited Dec 31 '18 at 7:33
P_Yadav
1,5633923
1,5633923
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
asked Dec 31 '18 at 7:07
Huud RychHuud Rych
215
215
Your two firewall rules are too restrictive. Remove them, relax them, or prefix them with a LOG file that shows you the source port of the slave transfer requests.
– roaima
Dec 31 '18 at 9:37
I disabled firewall and checked again, the error still showed up, failed to connect: host unreachable, what about the rndc.key error could it be the reason ?
– Huud Rych
Dec 31 '18 at 11:49
dnssec-validation no; - would it help? Also take out the DLV validation, the service has been terminated in 2015.
– Rui F Ribeiro
Dec 31 '18 at 14:26
also, has it got any other interfaces? Could it be reaching it with another IP address?
– Rui F Ribeiro
Dec 31 '18 at 14:41
add a comment |
Your two firewall rules are too restrictive. Remove them, relax them, or prefix them with a LOG file that shows you the source port of the slave transfer requests.
– roaima
Dec 31 '18 at 9:37
I disabled firewall and checked again, the error still showed up, failed to connect: host unreachable, what about the rndc.key error could it be the reason ?
– Huud Rych
Dec 31 '18 at 11:49
dnssec-validation no; - would it help? Also take out the DLV validation, the service has been terminated in 2015.
– Rui F Ribeiro
Dec 31 '18 at 14:26
also, has it got any other interfaces? Could it be reaching it with another IP address?
– Rui F Ribeiro
Dec 31 '18 at 14:41
Your two firewall rules are too restrictive. Remove them, relax them, or prefix them with a LOG file that shows you the source port of the slave transfer requests.
– roaima
Dec 31 '18 at 9:37
Your two firewall rules are too restrictive. Remove them, relax them, or prefix them with a LOG file that shows you the source port of the slave transfer requests.
– roaima
Dec 31 '18 at 9:37
I disabled firewall and checked again, the error still showed up, failed to connect: host unreachable, what about the rndc.key error could it be the reason ?
– Huud Rych
Dec 31 '18 at 11:49
I disabled firewall and checked again, the error still showed up, failed to connect: host unreachable, what about the rndc.key error could it be the reason ?
– Huud Rych
Dec 31 '18 at 11:49
dnssec-validation no; - would it help? Also take out the DLV validation, the service has been terminated in 2015.
– Rui F Ribeiro
Dec 31 '18 at 14:26
dnssec-validation no; - would it help? Also take out the DLV validation, the service has been terminated in 2015.
– Rui F Ribeiro
Dec 31 '18 at 14:26
also, has it got any other interfaces? Could it be reaching it with another IP address?
– Rui F Ribeiro
Dec 31 '18 at 14:41
also, has it got any other interfaces? Could it be reaching it with another IP address?
– Rui F Ribeiro
Dec 31 '18 at 14:41
add a comment |
1 Answer
1
active
oldest
votes
0
This issue is resolved, being a non-Linux user and still learning, I found out that IP tables was never installed, it was firewalld that was working and blocking tcp/udp on port 53, once I allowed both in firewalld, zones transfer took place.
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491708%2fdns-slave-says-failed-to-connect-host-unreachable%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
This issue is resolved, being a non-Linux user and still learning, I found out that IP tables was never installed, it was firewalld that was working and blocking tcp/udp on port 53, once I allowed both in firewalld, zones transfer took place.
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
add a comment |
0
This issue is resolved, being a non-Linux user and still learning, I found out that IP tables was never installed, it was firewalld that was working and blocking tcp/udp on port 53, once I allowed both in firewalld, zones transfer took place.
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
add a comment |
0
0
0
This issue is resolved, being a non-Linux user and still learning, I found out that IP tables was never installed, it was firewalld that was working and blocking tcp/udp on port 53, once I allowed both in firewalld, zones transfer took place.
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
This issue is resolved, being a non-Linux user and still learning, I found out that IP tables was never installed, it was firewalld that was working and blocking tcp/udp on port 53, once I allowed both in firewalld, zones transfer took place.
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
answered Dec 31 '18 at 23:05
Huud RychHuud Rych
215
215
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491708%2fdns-slave-says-failed-to-connect-host-unreachable%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Your two firewall rules are too restrictive. Remove them, relax them, or prefix them with a LOG file that shows you the source port of the slave transfer requests.
– roaima
Dec 31 '18 at 9:37
I disabled firewall and checked again, the error still showed up, failed to connect: host unreachable, what about the rndc.key error could it be the reason ?
– Huud Rych
Dec 31 '18 at 11:49
dnssec-validation no; - would it help? Also take out the DLV validation, the service has been terminated in 2015.
– Rui F Ribeiro
Dec 31 '18 at 14:26
also, has it got any other interfaces? Could it be reaching it with another IP address?
– Rui F Ribeiro
Dec 31 '18 at 14:41