Hi all,

I have two DNS server (primary and secondary) which uses bind9. The problem am having currently is that, my primary dns server is able to resolve both private and remote domains while the secondary server is able to resolve only the local domains but not able to resolve the remote domains.

Primary server test:

local domain:

$ host zorinco.com 192.168.2.30
Using domain server:
Name: 192.168.2.30
Address: 192.168.2.30#53
Aliases:

zorinco.com has address 64.81.168.12
zorinco.com mail is handled by 10 mail.zorinco.com.

remote domain test:

$ host yahoo.com 192.168.2.30
Using domain server:
Name: 192.168.2.30
Address: 192.168.2.30#53
Aliases:

yahoo.com has address 72.30.38.140
yahoo.com has address 98.138.253.109
yahoo.com has address 98.139.183.24
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.




Secondary server test

local domain test:

$ host zorinco.com 192.168.2.20
Using domain server:
Name: 192.168.2.20
Address: 192.168.2.20#53
Aliases:

zorinco.com has address 64.81.168.12
zorinco.com mail is handled by 10 mail.zorinco.com.


remote domain test:
$ host yahoo.com 192.168.2.20
Using domain server:
Name: 192.168.2.20
Address: 192.168.2.20#53
Aliases:




As you can see the "Aliases" section of the secondary server test for remote domain test, there is no answer.

Please what could be the possible cause? This means if my primary server failed, the secondary server can not act on it's behalf.


Thank you.

You should have a working root.db file. And assuming your settings/configurations are correct, there can be a firewall issue that is blocking outbound connection to port 53 from your secondary server. You may check from the server whether you can telnet to outside world on port 53, for exampale, to ip 4.2.2.2.

Thanks!

I can telnet to 4.2.2.2 via port 53 from the slave server. And also Though I don't have root.db file, I have named.ca which contain the below data:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.5 <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30911
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 23

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 518400 IN NS g.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS l.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:3

And so on .......


Will that affect some thing? If yes, how do I add the root.db and also, I check the primary server too and it is not having the root.db file but able to resolve remote domains.

Do you have an entry like this below in your zone file? You need this for the root servers to work and for your external domain name resolution.

zone "." in{
type hint;
file "named.ca";
};

This is a very good site for bind related issues:

http://www.zytrax.com/books/dns/ch7/


And here are two troubleshooting links for bind9 and may be you can find more relevant ones for your OS.

http://linux.overshoot.tv/wiki/serve...shooting_bind9

https://help.ubuntu.com/8.04/serverg...eshooting.html

First, you should enable logging for the bind service and check syslog or relevant log files for issues. That can be a good starting point.