For powerdns axfr transfer to bind secondary yes.When the firewall was not open the logs shows the below. 0 bytes as I recall.
19-Apr-2023 07:44:41.419 xfer-in: info: 0x7f9a84a8d
c00: transfer of 'testingforonedomain.com/IN' from
2400:8901::f03c:93ff:fe63:5988#53: Transfer complet
ed: 0 messages, 0 records, 0 bytes, 23.208 secs
For opening port 53 incoming and outgoing on all the interface, no. When it is open and not set to a specific IP address the AXFR is completed
9-Apr-2023 07:44:41.727 xfer-in: info: zone testin
gforonedomain.com/IN: Transfer started.
19-Apr-2023 07:44:41.967 xfer-in: info: 0x7f5d90e31
000: transfer of 'testingforonedomain.com/IN' from
2400:8901::f03c:93ff:fe63:5988#53: connected using
2400:8901::f03c:93ff:fe63:5988#53
19-Apr-2023 07:44:42.447 xfer-in: info: zone testin
gforonedomain.com/IN: transferred serial 2023041905
19-Apr-2023 07:44:42.447 xfer-in: info: 0x7f5d90e31
000: transfer of 'testingforonedomain.com/IN' from
2400:8901::f03c:93ff:fe63:5988#53: Transfer status:
success
19-Apr-2023 07:44:42.447 xfer-in: info: 0x7f5d90e31
000: transfer of 'testingforonedomain.com/IN' from
2400:8901::f03c:93ff:fe63:5988#53: Transfer complet
ed: 3 messages, 14 records, 512 bytes, 0.480 secs (
1066 bytes/sec) (serial 2023041905)
19-Apr-2023 07:44:42.447 notify: info: zone testing
foronedomain.com/IN: sending notifies (serial 20230
41905)
Below is the zonefile.
root@rambutan:~# cat /etc/bind/named.conf.testingfo
ronedomain.com
zone "testingforonedomain.com" in {
type slave;
file "/var/lib/bind/testingforonedomain.com.save"
;
zone-statistics yes;
masters {
2400:8901::f03c:93ff:fe63:5988;
139.162.3.44;
};
};
For firewall it is ufw. Ssh rule omit
To Action From
-- ------ ----
53/udp ALLOW Anywhere
53/tcp ALLOW Anywhere
53/udp (v6) ALLOW Anywhere (v6
)
53/tcp (v6) ALLOW Anywhere (v6
)
123/udp ALLOW OUT Anywhere
80/tcp ALLOW OUT Anywhere
443/tcp ALLOW OUT Anywhere
53/tcp ALLOW OUT Anywhere
53/udp ALLOW OUT Anywhere
123/udp (v6) ALLOW OUT Anywhere (v6
)
80/tcp (v6) ALLOW OUT Anywhere (v6
)
443/tcp (v6) ALLOW OUT Anywhere (v6
)
53/tcp (v6) ALLOW OUT Anywhere (v6
)
53/udp (v6) ALLOW OUT Anywhere (v6
)
I will just have to let port 53 to open as it can resolve the pdns hosted domian.
From: Andy Smith via BitFolk Users <users@mailman.bitfolk.com>
Sent: Sunday, April 23, 2023, 07:50
To: users@mailman.bitfolk.com <users@mailman.bitfolk.com>
Cc: Andy Smith <andy@bitfolk.com>
Subject: [bitfolk] Re: question on bind9 listening.
Hi Badli,
On Sat, Apr 22, 2023 at 11:16:22PM +0000, Badli Al Rashid via BitFolk Users wrote:
> When I open Port 53 was to all not just 2 IP address my axfr was completed.
So is that not what you want to happen? If not then what do you try
in order to change that, and what was the result of that?
Please show the configuration, firewalling and logs for what you
tried and what happened when you tried it.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting