Date: Mon, 23 Apr 2001 12:58:22 -0500 From: Eric_Stanfield@kenokozie.com To: Peter Brezny <peter@black.purplecat.net> Cc: freebsd-isp@freebsd.org Subject: Re: dns transfer through ipfw keep-state rule not working Message-ID: <OFFA20C95B.254190F4-ON86256A37.006260DA@kka.com>
index | next in thread | raw e-mail
Perhaps it's just a typo, but you aren't allowing zone transfers from
209.16.228.146 in your named.conf file.
FW Rule: $fwcmd add allow all from 209.16.228.146 to $ns1
Named.conf:
allow-transfer { 209.16.228.140; //virtual/ns2
207.230.75.34; //ns1.deltacom.net
207.230.75.50; };
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Eric Stanfield, K2Access
Keno Kozie Associates
222 N LaSalle #1500
Chicago, IL 60606
(312) 332-3000
Peter Brezny
<peter@black.purple To: freebsd-isp@freebsd.org
cat.net> cc:
Sent by: Subject: dns transfer through ipfw keep-state rule not working
owner-freebsd-isp@F
reeBSD.ORG
04/23/01 12:24 PM
In a somewhat desperate attempt to convince my firewall to allow our
upstream provider to perform a zone transfer, I've added the following
line to the ipfw firewall.
$fwcmd add allow all from 209.16.228.146 to $ns1 keep-state in via
$oif
However, this is still not allowing a zone transfer. On occasion, the
secondary will write a file with a somewhat garbled name for the zone to
be transfered, but it is blank.
This firewall entry however, works.
$fwcmd add allow all from 209.16.228.146 to $ns1 in via $oif
$fwcmd add allow all from $ns1 to 209.16.228.146 out via $oif
Why doesn't the above dynamic rule work?
My rc.conf options section is as follows.
TIA,
pb
// $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.1 2000/07/15 07:49:29 kris
Exp $
options {
directory "/etc/namedb";
forwarders { 207.230.75.34; //ns1.deltacom.net
207.230.75.50; //ns2.deltacom.net
206.191.128.46; //c2901.wa.net
199.166.24.1; }; //ns1.vrx.net
allow-transfer { 209.16.228.140; //virtual/ns2
207.230.75.34; //ns1.deltacom.net
207.230.75.50; }; //ns2.deltacom.net
query-source address 209.16.228.145 port 53;
transfer-source 209.16.228.145;
listen-on { 209.16.228.145; 209.16.228.150; };
dump-file "s/named_dump.db";
pid-file "s/named.pid";
}; //end of options
Peter Brezny
SysAdmin Services Inc.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OFFA20C95B.254190F4-ON86256A37.006260DA>