LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (https://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   DNS not replicating (https://www.linuxquestions.org/questions/linux-desktop-74/dns-not-replicating-740023/)

deibertine 07-14-2009 12:03 PM

DNS not replicating
 
I have two DNS servers using named service.

The primary server is sitting in a different location and with a different subnet. The slave server is on another location with a different subnet.

This all worked well before replicating to each other but not until this week.

For some reason the slave server wont update it's records any more coming from the primary which is causing some entries unable to resolve in the location where the slave server is housed in.

I have restarted the service on both servers but still would not replicate.

I made sure that permissions were also correct comparing both servers side by side.

Any other possible ways to resolve this issue?

Please advise.

Thanks,
DB

acid_kewpie 07-14-2009 12:49 PM

Not a networking question, moved to Linux - Server.

deibertine 07-14-2009 03:30 PM

Quote:

Originally Posted by acid_kewpie (Post 3607488)
Not a networking question, moved to Linux - Server.

Ok, sorry. Thanks! :)

marozsas 07-14-2009 03:37 PM

Please, test if it is possible to complete a "Zone Transfer" operation from primary server to secondary one: On the secondary server run:
Code:

dig @ip-address-primary-server your-domain-here AXFR
The output must be a list of every record in the primary server. The list must have the "SOA" record, the "NS" record for both primary and secondary, and optionally several "A" and "CNAME" records for the hosts in your name server.

PS: Check if the NS record has the right address specially for the secondary server.

deibertine 07-15-2009 12:23 PM

Quote:

Originally Posted by marozsas (Post 3607655)
Please, test if it is possible to complete a "Zone Transfer" operation from primary server to secondary one: On the secondary server run:
Code:

dig @ip-address-primary-server your-domain-here AXFR
The output must be a list of every record in the primary server. The list must have the "SOA" record, the "NS" record for both primary and secondary, and optionally several "A" and "CNAME" records for the hosts in your name server.

PS: Check if the NS record has the right address specially for the secondary server.

I have done the above command and compared the details side by side on both. Seems to have SOA & NS records and has most of them inputted with the exception of one record.

This particular record seems to not replicate for some reason. This is a server called csaaqa22.csaa.com 10.10.1.23 A record but this is not showing in the slv dns server.

Any idea why this is happening?

Thanks!

deibertine 07-15-2009 12:38 PM

I saw this in the log:
client 10.10.1.134#53: updating zone 'csaa.com/IN': update failed: not authoritative for update zone (NOTAUTH)

Also it looks like it is loading an old version of the file into the slv dns server instead of the new version I just edited (20090715):
Jul 15 10:59:19 dnssrv01.csaa.com named[19050]: zone csaa.com/IN: loaded version 20090710

Do you think this might be the issue?

marozsas 07-15-2009 01:39 PM

Quote:

Originally Posted by deibertine (Post 3608441)
I saw this in the log:
client 10.10.1.134#53: updating zone 'csaa.com/IN': update failed: not authoritative for update zone (NOTAUTH)

Looks like you put in your dns server a entry that does not belongs to your domain/network. You can't mix different networks in a single zone/domain. This make sense in this particular case ?

Quote:

Originally Posted by deibertine (Post 3608441)
Also it looks like it is loading an old version of the file into the slv dns server instead of the new version I just edited (20090715):
Jul 15 10:59:19 dnssrv01.csaa.com named[19050]: zone csaa.com/IN: loaded version 20090710
Do you think this might be the issue?

Are you sure that in the slave (to be politically correct it is secondary) you put the ip of the primary server after the 'at' symbol ?
And what is the output when you ask the same to the secondary server on the secondary server ?
Code:

secondary# dig @primary-ip-address your.domain AXFR
Regarding to the serial number, they must be the same when both servers are synchronized. In fact, the serial number is used to decide if a full synchronization is needed in first place. Don't force/change it by hand on the secondary !

Also, you can test/use another tool to help you to debug your setup.
It is "rndc". This programs "talks" directly to the name server and it can be used to force a synchronization. Look how a a typical successful synchronization process looks like from the secondary (serverb):
Code:

[root@serverb ~]# rndc -V refresh mydomain.com.br
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
refresh
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
connect
create message
render message
schedule recv
send message
parse message
create message
render message
schedule recv
send message
parse message
zone refresh queued
[root@serverb ~]#

of course, the output "zone refresh queued" indicates a successful synchronization.

deibertine 07-15-2009 09:11 PM

Quote:

Originally Posted by marozsas (Post 3608541)
Looks like you put in your dns server a entry that does not belongs to your domain/network. You can't mix different networks in a single zone/domain. This make sense in this particular case ?


Are you sure that in the slave (to be politically correct it is secondary) you put the ip of the primary server after the 'at' symbol ?
And what is the output when you ask the same to the secondary server on the secondary server ?
Code:

secondary# dig @primary-ip-address your.domain AXFR
Regarding to the serial number, they must be the same when both servers are synchronized. In fact, the serial number is used to decide if a full synchronization is needed in first place. Don't force/change it by hand on the secondary !

Also, you can test/use another tool to help you to debug your setup.
It is "rndc". This programs "talks" directly to the name server and it can be used to force a synchronization. Look how a a typical successful synchronization process looks like from the secondary (serverb):
Code:

[root@serverb ~]# rndc -V refresh mydomain.com.br
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
refresh
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
connect
create message
render message
schedule recv
send message
parse message
create message
render message
schedule recv
send message
parse message
zone refresh queued
[root@serverb ~]#

of course, the output "zone refresh queued" indicates a successful synchronization.

I also got "zone refresh queued" - the above ip was my mistake which I corrected.

Still sync wont work between servers.

I also did an rndc reload and refresh.

Should that take effect right away, or do I have to wait for it to sync successfully?

deibertine 07-15-2009 10:17 PM

What happens if I rename the slv records in the secondary dns server into ***.com.old on all of them.
Will it reload new files from the primary if it didnt find files in there?

marozsas 07-16-2009 07:29 AM

We need to be sure that are a "network path" between two servers, regarding to DNS.
This is why the command "dig @primary-ip-address your.domain AXFR" issued on the secondary is so important. make sure to use the right ip address of the primary server and check the serial.

With the serial you got from the primary server check it against the serial it is on the secondary (either using a similar command - dig @secondary-ip-address your.domain AXFR - or by inspecting the file.db on /var/named...)

It is important to repeat the test, this time on the primary to check the connectivity in both directions.

Without the test I can't say much more....

And answering your question, yes, it SHOULD take effect right away (at least in a few seconds), unless there are some problem, which probably is the case. :(

marozsas 07-16-2009 07:42 AM

Quote:

Originally Posted by deibertine (Post 3609010)
What happens if I rename the slv records in the secondary dns server into ***.com.old on all of them.
Will it reload new files from the primary if it didnt find files in there?

You mean deleting/renaming "/var/named/slaves/your-domain.db" ? I guess yes, it might work.

Just make sure "/etc/named.conf" has an entry like this:
Code:

zone "your-domain." IN {
        type slave;
        file "slaves/you-domain.db";
        masters {ip-of-master; };
};


deibertine 07-17-2009 01:52 PM

I think I have resolved this issue!

Turned out to be a file/dir permissions issue.

I issued a chmod on named dir to 775, cleaned up old records that my former colleague did in which did the trick for me.

Now it is loading the new serial for the records.

Thanks to all who posted! :)


All times are GMT -5. The time now is 07:50 AM.