LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
Search this Thread
Old 07-14-2009, 01:03 PM   #1
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Rep: Reputation: 30
Question DNS not replicating


I have two DNS servers using named service.

The primary server is sitting in a different location and with a different subnet. The slave server is on another location with a different subnet.

This all worked well before replicating to each other but not until this week.

For some reason the slave server wont update it's records any more coming from the primary which is causing some entries unable to resolve in the location where the slave server is housed in.

I have restarted the service on both servers but still would not replicate.

I made sure that permissions were also correct comparing both servers side by side.

Any other possible ways to resolve this issue?

Please advise.

Thanks,
DB
 
Old 07-14-2009, 01:49 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
Not a networking question, moved to Linux - Server.
 
Old 07-14-2009, 04:30 PM   #3
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie View Post
Not a networking question, moved to Linux - Server.
Ok, sorry. Thanks!
 
Old 07-14-2009, 04:37 PM   #4
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 64
Please, test if it is possible to complete a "Zone Transfer" operation from primary server to secondary one: On the secondary server run:
Code:
dig @ip-address-primary-server your-domain-here AXFR
The output must be a list of every record in the primary server. The list must have the "SOA" record, the "NS" record for both primary and secondary, and optionally several "A" and "CNAME" records for the hosts in your name server.

PS: Check if the NS record has the right address specially for the secondary server.

Last edited by marozsas; 07-14-2009 at 04:40 PM. Reason: add a important check about the IP address of NS
 
Old 07-15-2009, 01:23 PM   #5
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by marozsas View Post
Please, test if it is possible to complete a "Zone Transfer" operation from primary server to secondary one: On the secondary server run:
Code:
dig @ip-address-primary-server your-domain-here AXFR
The output must be a list of every record in the primary server. The list must have the "SOA" record, the "NS" record for both primary and secondary, and optionally several "A" and "CNAME" records for the hosts in your name server.

PS: Check if the NS record has the right address specially for the secondary server.
I have done the above command and compared the details side by side on both. Seems to have SOA & NS records and has most of them inputted with the exception of one record.

This particular record seems to not replicate for some reason. This is a server called csaaqa22.csaa.com 10.10.1.23 A record but this is not showing in the slv dns server.

Any idea why this is happening?

Thanks!
 
Old 07-15-2009, 01:38 PM   #6
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
I saw this in the log:
client 10.10.1.134#53: updating zone 'csaa.com/IN': update failed: not authoritative for update zone (NOTAUTH)

Also it looks like it is loading an old version of the file into the slv dns server instead of the new version I just edited (20090715):
Jul 15 10:59:19 dnssrv01.csaa.com named[19050]: zone csaa.com/IN: loaded version 20090710

Do you think this might be the issue?

Last edited by deibertine; 07-15-2009 at 01:43 PM. Reason: added notes
 
Old 07-15-2009, 02:39 PM   #7
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 64
Quote:
Originally Posted by deibertine View Post
I saw this in the log:
client 10.10.1.134#53: updating zone 'csaa.com/IN': update failed: not authoritative for update zone (NOTAUTH)
Looks like you put in your dns server a entry that does not belongs to your domain/network. You can't mix different networks in a single zone/domain. This make sense in this particular case ?

Quote:
Originally Posted by deibertine View Post
Also it looks like it is loading an old version of the file into the slv dns server instead of the new version I just edited (20090715):
Jul 15 10:59:19 dnssrv01.csaa.com named[19050]: zone csaa.com/IN: loaded version 20090710
Do you think this might be the issue?
Are you sure that in the slave (to be politically correct it is secondary) you put the ip of the primary server after the 'at' symbol ?
And what is the output when you ask the same to the secondary server on the secondary server ?
Code:
secondary# dig @primary-ip-address your.domain AXFR
Regarding to the serial number, they must be the same when both servers are synchronized. In fact, the serial number is used to decide if a full synchronization is needed in first place. Don't force/change it by hand on the secondary !

Also, you can test/use another tool to help you to debug your setup.
It is "rndc". This programs "talks" directly to the name server and it can be used to force a synchronization. Look how a a typical successful synchronization process looks like from the secondary (serverb):
Code:
[root@serverb ~]# rndc -V refresh mydomain.com.br 
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
refresh
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
connect
create message
render message
schedule recv
send message
parse message
create message
render message
schedule recv
send message
parse message
zone refresh queued
[root@serverb ~]#
of course, the output "zone refresh queued" indicates a successful synchronization.

Last edited by marozsas; 07-15-2009 at 02:50 PM. Reason: forgot to mention that "zone refresh queued" means a successful synchronization
 
Old 07-15-2009, 10:11 PM   #8
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by marozsas View Post
Looks like you put in your dns server a entry that does not belongs to your domain/network. You can't mix different networks in a single zone/domain. This make sense in this particular case ?


Are you sure that in the slave (to be politically correct it is secondary) you put the ip of the primary server after the 'at' symbol ?
And what is the output when you ask the same to the secondary server on the secondary server ?
Code:
secondary# dig @primary-ip-address your.domain AXFR
Regarding to the serial number, they must be the same when both servers are synchronized. In fact, the serial number is used to decide if a full synchronization is needed in first place. Don't force/change it by hand on the secondary !

Also, you can test/use another tool to help you to debug your setup.
It is "rndc". This programs "talks" directly to the name server and it can be used to force a synchronization. Look how a a typical successful synchronization process looks like from the secondary (serverb):
Code:
[root@serverb ~]# rndc -V refresh mydomain.com.br 
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
refresh
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
connect
create message
render message
schedule recv
send message
parse message
create message
render message
schedule recv
send message
parse message
zone refresh queued
[root@serverb ~]#
of course, the output "zone refresh queued" indicates a successful synchronization.
I also got "zone refresh queued" - the above ip was my mistake which I corrected.

Still sync wont work between servers.

I also did an rndc reload and refresh.

Should that take effect right away, or do I have to wait for it to sync successfully?
 
Old 07-15-2009, 11:17 PM   #9
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
What happens if I rename the slv records in the secondary dns server into ***.com.old on all of them.
Will it reload new files from the primary if it didnt find files in there?
 
Old 07-16-2009, 08:29 AM   #10
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 64
We need to be sure that are a "network path" between two servers, regarding to DNS.
This is why the command "dig @primary-ip-address your.domain AXFR" issued on the secondary is so important. make sure to use the right ip address of the primary server and check the serial.

With the serial you got from the primary server check it against the serial it is on the secondary (either using a similar command - dig @secondary-ip-address your.domain AXFR - or by inspecting the file.db on /var/named...)

It is important to repeat the test, this time on the primary to check the connectivity in both directions.

Without the test I can't say much more....

And answering your question, yes, it SHOULD take effect right away (at least in a few seconds), unless there are some problem, which probably is the case.

Last edited by marozsas; 07-16-2009 at 08:30 AM.
 
Old 07-16-2009, 08:42 AM   #11
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 64
Quote:
Originally Posted by deibertine View Post
What happens if I rename the slv records in the secondary dns server into ***.com.old on all of them.
Will it reload new files from the primary if it didnt find files in there?
You mean deleting/renaming "/var/named/slaves/your-domain.db" ? I guess yes, it might work.

Just make sure "/etc/named.conf" has an entry like this:
Code:
zone "your-domain." IN {
	type slave;
	file "slaves/you-domain.db";
	masters {ip-of-master; };
};

Last edited by marozsas; 07-16-2009 at 08:51 AM. Reason: missing closing bracket
 
Old 07-17-2009, 02:52 PM   #12
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
I think I have resolved this issue!

Turned out to be a file/dir permissions issue.

I issued a chmod on named dir to 775, cleaned up old records that my former colleague did in which did the trick for me.

Now it is loading the new serial for the records.

Thanks to all who posted!
 
  


Reply

Tags
dns, named


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Replicating SVN? your_shadow03 Linux - Newbie 11 12-18-2008 11:49 PM
Replicating a Linux system Joce78 Linux - General 15 09-13-2008 07:39 AM
DNS not replicating rbblue Linux - Networking 1 05-01-2008 05:43 PM
Self Replicating Machine - runs on gnuLinux Simon Bridge Linux - News 3 04-09-2008 07:20 AM
Replicating files between servers. cpgeorge Linux - Networking 6 12-10-2004 11:07 AM


All times are GMT -5. The time now is 11:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration