Dns (bind 9) Slave Server Zone Transfer Fails
Hi. This is sort of complicated and I have no idea why it isn't working - please read all the way through! BIND gurus -- HELP HELP HELP!!!
I have a BIND 9.3.1 server running on a Mandriva 2006.0 box. Until yesterday this server was a secondary for about 40 domains - the primary server for these domains was a (yuck) WIndows NT box running the elderly version of MS's DNS.
It worked fine; zone transfers from the NT box to the Mandriva box occurred normally as per schedule.
Yesterday the NT box died a horrible hard-disk death. I have converted the zones on the Mandriva (BIND) box to be master zones, and have made the appropriate changes at the registrar to point to the Mandriva box as primary.
I have another box on a different network which I have set up (I thought, correctly!) to act as the new secondary. This new secondary is running Ubuntu 6.06.1 LTS, and is using Bind 9.3.2.
Here's the problem: When I set up a slave zone on the Ubuntu box and point to the Mandriva box as master, the zone never gets transferred. I am using Webmin 1.290 on both Linux boxes to manage BIND. Also, I am storing the hosts files for BIND in files named "/var/named/domain.com.hosts" as opposed to under /etc. /var/named is 40775, owned by root.bind. I can manually copy files from the master DNS server to the slave DNS server, and the slave will work fine. However if I use Webmin's "FORCE UPDATE" button on the slave, it eventually leaves messages in the Bind log (I have that set to /var/log/bind_info) like this:
30-Aug-2006 10:41:23.408 general: info: zone testdomain.com/IN: Transfer started.
30-Aug-2006 10:44:32.418 xfer-in: error: transfer of 'testdomain.com/IN' from 220.127.116.11#53: failed to connect: timed out
30-Aug-2006 10:44:32.418 xfer-in: info: transfer of 'testdomain.com/IN' from 18.104.22.168#53: end of transfer
I temporariy have IPTABLES on both machines set up to allow unblocked traffic (both UDP and TCP) on ports 53 and 953.
The files on the slave in /var/named are 664.
I don't think that I have anything set re: dnssec - and I don't see anything in the log on the master server that indicates a security or auth failure.
I have the book "DNS and BIND" by O'Reilly, third edition, and I have read the whole thing three times.
Can somebody PLEASE give me a nice step-by-step guide to setting up the relationships necessary to make the slave transfer zones from the master?
HELP HELP HELP!!!