Secondary - SERVFAIL - ReadList.com

1 msg	Marshal V Langlois is out of the office.
3 msg	Why does host Command in bind9.3.2 Repeat Itself?
5 msg	wildcard reverse lookups?
3 msg	unable to find masters list
1 msg	Ok: BIND 9.4.0rc1 is now available: Unifix Linu...
3 msg	Disabling queries over IPv6

Secondary - SERVFAIL
\ Mueller, Rex (19 Dec 2006)
. \ Mark Andrews (19 Dec 2006)
. \ Mueller, Rex (20 Dec 2006)

5 msg	Caching nameserver
8 msg	Force Clients to always use authoritative
2 msg	rrset-order fixed not working in bind 9.4.0b4
2 msg	is this correct ?
6 msg	Resolving a domain
25 msg	Domain not resolve but resolve with other ISP d...
2 msg	Reverse Lookups from Slaves on Private Network
7 msg	NXDOMAIN returned on while updating
9 msg	nsupdate and round robin
2 msg	migration from bind8 to bind9
1 msg	RE: BIND 9.3.3 RC3 is now available.
2 msg	Best practice for zone with resonable amount of...
6 msg	big problem - possibly dns?

Subject:	Secondary - SERVFAIL
Group:	Bind-users
From:	Mueller, Rex
Date:	19 Dec 2006

We are rebuilding a secondary BIND server on a temporary box. In order
to migrate from Bind 9.2.1 to 9.3.2 Our current box is running RH9 with
BIND 9.2.1

I've loaded Fedora FC6 with BIND 9.3.2 on a temporary box,

I am able to get BIND 9.3.2 to start and RNDC sees the zone files,

I have it setup in the /var/named/chroot with a symbolic link from the
/var/named/chroot/etc/named.conf to /etc/named.conf

I do an RNDC STATUS and see it is reading the zone files,

number of zones: 239

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 2

query logging is OFF

recursive clients: 0/1000

tcp clients: 0/100

server is up and running

when I query the zone via NSLOOKUP or DIG I get a SERVFAIL

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10654

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

My primary server named.conf has the allow-transfer { secondary;
secondary-temp; }: directives..

My temp named.conf has the following info in the header:

options {

directory "/etc";

allow-transfer { primary-address; };

allow-query { any; };

// query-source address * port 53;

};

controls {

Here is what is being seen in the /var/log/messages

Dec 19 13:39:50 esutemp kernel: audit(1166553590.778:6905): avc: denied
{ write } for pid878 comm="named" name="secondary" dev=dm-0
inoe47817 scontext=root:system_r:named_t:s0
tcontext=root:object_r:named_conf_t:s0 tclass=dir

Dec 19 13:39:50 esutemp named[19877]: zone waterloo/IN: loading master
file secondary/waterloo: permission denied

...

Dec 19 13:59:10 esutemp named[20107]: zone ben.esu3.k12.ne.us/IN:
ben_node85.ben.esu3.k12.ne.us/A: bad owner name (check-names)

..

..

Dec 19 13:59:14 esutemp named[20107]: zone 236.202.205.in-addr.arpa/IN:
zone transfer deferred due to quota

On ad naseum.

I know the RTFM stuff.. I've been reading it ... Google-ing the
"permission denied" and "deferred due to quota" yields results of
unanswered questions..