Why is my secondary server trying sometimes to use a different source IP address for zone transfers?
- 16 Jan 2019
- 1 Minute to read
-
Contributors
-
Print
-
DarkLight
-
PDF
Why is my secondary server trying sometimes to use a different source IP address for zone transfers?
- Updated on 16 Jan 2019
- 1 Minute to read
-
Contributors
-
Print
-
DarkLight
-
PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
There are several configuration options in named.conf that control which IPv4 and/or IPv6 source addresses are used for the SOA refresh queries and for the zone transfers themselves. See the Administrator Reference Manual for more details.
The well-known ones are these:
transfer-source - determines which local IPv4 address will be used as the source for both SOA refresh queries and zone transfer requests that need to be made to servers.
transfer-source-v6 - the same as transfer-source, but used when the destination is an IPv6 address.
Less well-known are:
alt-transfer-source - this provides an alternative local IPv4 source address to use if the first one fails.
alt-transfer-source-v6 - the same as alt-transfer-source, but used when the destination is an IPv6 address.
use-alt-transfer-source - defines whether or not named will fall back to using the alternative source addresses when the first attempt at a zone transfer fails.
If you are using views, the configuration option use-alt-transfer-source will default to 'yes'
Administrators using views should ensure that they either configure use-alt-transfer-source no; or that they have appropriate settings for alt-transfer-source and/or alt-transfer-source-v6.
If undefined, named will itself choose the source IPv4 or IPv6 address(es) to use
This applies to both transfer-source and alt-transfer-source (and also to the IPv6 options). named will usually select the source address that is "closest" to the remote end. This can lead to unexpected outcomes - therefore it is best to configure all of these options explicitly to avoid surprises!