Dns (bind 9) Slave Server Zone Transfer Fails

[quackking]

Hi. This is sort of complicated and I have no idea why it isn't working - please read all the way through! BIND gurus -- HELP HELP HELP!!!

I have a BIND 9.3.1 server running on a Mandriva 2006.0 box. Until yesterday this server was a secondary for about 40 domains - the primary server for these domains was a (yuck) WIndows NT box running the elderly version of MS's DNS.

It worked fine; zone transfers from the NT box to the Mandriva box occurred normally as per schedule.

Yesterday the NT box died a horrible hard-disk death. I have converted the zones on the Mandriva (BIND) box to be master zones, and have made the appropriate changes at the registrar to point to the Mandriva box as primary.

I have another box on a different network which I have set up (I thought, correctly!) to act as the new secondary. This new secondary is running Ubuntu 6.06.1 LTS, and is using Bind 9.3.2.

Here's the problem: When I set up a slave zone on the Ubuntu box and point to the Mandriva box as master, the zone never gets transferred. I am using Webmin 1.290 on both Linux boxes to manage BIND. Also, I am storing the hosts files for BIND in files named "/var/named/domain.com.hosts" as opposed to under /etc. /var/named is 40775, owned by root.bind. I can manually copy files from the master DNS server to the slave DNS server, and the slave will work fine. However if I use Webmin's "FORCE UPDATE" button on the slave, it eventually leaves messages in the Bind log (I have that set to /var/log/bind_info) like this:

30-Aug-2006 10:41:23.408 general: info: zone testdomain.com/IN: Transfer started.
30-Aug-2006 10:44:32.418 xfer-in: error: transfer of 'testdomain.com/IN' from 66.105.94.248#53: failed to connect: timed out
30-Aug-2006 10:44:32.418 xfer-in: info: transfer of 'testdomain.com/IN' from 66.105.94.248#53: end of transfer

I temporariy have IPTABLES on both machines set up to allow unblocked traffic (both UDP and TCP) on ports 53 and 953.

The files on the slave in /var/named are 664.

I don't think that I have anything set re: dnssec - and I don't see anything in the log on the master server that indicates a security or auth failure.

I have the book "DNS and BIND" by O'Reilly, third edition, and I have read the whole thing three times.

Can somebody PLEASE give me a nice step-by-step guide to setting up the relationships necessary to make the slave transfer zones from the master?

HELP HELP HELP!!!

[kovert]

I would try internally from another machine doing "host -al <server ip>" this will do a zone transfer from that server. You should also post your /etc/named.conf you have to have defined allow-transfer { <ip>; }; for the specific IP addresses requesting the transfer in the named.conf file for the zone that you wish to allow. You can assign this globally as well.