Re: Name Service error

Glynn Clements (
Sun, 14 Mar 1999 17:17:12 +0000 (GMT)

Matthew A Brodycz wrote:

> I have named running, it answers all queries from nslookup fine, except
> when I try to do ls to get all hosts in the data base.
> When I try this, the following error is added to the syslogs.
> Jan 25 15:02:01 Server1 named[7346]: unapproved AXFR from
> [].1174 for "" (not zone top)
> Because this is a stand-alone net (no internet) I do not have a root
> servers listed. Because of this I get errors like
> this when I query addresses outside the network.
> .... Server1 named [66]: No root nameservers for class IN
> After reading the docs again, this is still the only solution because I
> have no internet yet.
> However, I have read the docs and found only one line that says anything
> about AXFR.
> I don't what it is, much less how to fix it.

AXFR is a `zone transfer', i.e. reading the entire zone. This is used
by secondary DNS servers, and by nslookup's `ls' command.

The `allow-transfer' option controls which hosts are allowed to
perform zone transfers. However, if not specified, the default should
be to allow zone transfers from all hosts.

> /usr/doc/BIND-8.1.2-REL/CHANGES
> 313. [bug] The nameserver would only try zone transfers from the master
> that answered its SOA query.
> If a master for some reason can answer the SOA but not the AXFR, the
> other masters (if any)
> should be tried.

This isn't relevant to your problem.

> Can someone give me an idea of which way to go. I have a program that
> builds a database of allowed hosts
> from this query. And so far the program has turned out to be completely
> useless without the allowed hosts file.

You should probably configure the root zone, even if you can't reach
any of the root nameservers.

You should also ensure that the corresponding domain is
configured correctly.

Glynn Clements <>
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to