BIND Slave server never gets zone transfer from master. HELP!!
 

Hi. This is sort of complicated and I have no idea why it isn't working - please read all the way through! BIND gurus -- HELP HELP HELP!!!

I have a BIND 9.3.1 server running on a Mandriva 2006.0 box. Until yesterday this server was a secondary for about 40 domains - the primary server for these domains was a (yuck) WIndows NT box running the elderly version of MS's DNS.

It worked fine; zone transfers from the NT box to the Mandriva box occurred normally as per schedule.

Yesterday the NT box died a horrible hard-disk death. I have converted the zones on the Mandriva (BIND) box to be master zones, and have made the appropriate changes at the registrar to point to the Mandriva box as primary.

I have another box on a different network which I have set up (I thought, correctly!) to act as the new secondary. This new secondary is running Ubuntu 6.06.1 LTS, and is using Bind 9.3.2.

Here's the problem: When I set up a slave zone on the Ubuntu box and point to the Mandriva box as master, the zone never gets transferred. I am using Webmin 1.290 on both Linux boxes to manage BIND. Also, I am storing the hosts files for BIND in files named "/var/named/domain.com.hosts" as opposed to under /etc. /var/named is 40775, owned by root.bind. I can manually copy files from the master DNS server to the slave DNS server, and the slave will work fine. However if I use Webmin's "FORCE UPDATE" button on the slave, it eventually leaves messages in the Bind log (I have that set to /var/log/bind_info) like this:

30-Aug-2006 10:41:23.408 general: info: zone testdomain.com/IN: Transfer started.
30-Aug-2006 10:44:32.418 xfer-in: error: transfer of 'testdomain.com/IN' from 66.105.94.248#53: failed to connect: timed out
30-Aug-2006 10:44:32.418 xfer-in: info: transfer of 'testdomain.com/IN' from 66.105.94.248#53: end of transfer

I temporariy have IPTABLES on both machines set up to allow unblocked traffic (both UDP and TCP) on ports 53 and 953.

The files on the slave in /var/named are 664.

I don't think that I have anything set re: dnssec - and I don't see anything in the log on the master server that indicates a security or auth failure.

I have the book "DNS and BIND" by O'Reilly, third edition, and I have read the whole thing three times.

Can somebody PLEASE give me a nice step-by-step guide to setting up the relationships necessary to make the slave transfer zones from the master?

HELP HELP HELP!!!

Maybe create rndc keys

maybe this will help you http://www.howtoforge.com/debian_bin...r_slave_system

Hmm. It must be a permissions issue. Eventually the slave server log contains messages like this:

....could not set file modification time of '/var/named/testdomain.com.hosts': permission denied

I don't get it. The file is owned by bind:bind. On Ubuntu, the daemon 'named' is running as user 'bind' (confirmed by looking at "top" and also "running processes" in Webmin.) The permissions on the file are 664 (read/write by owner, read/write by group, read by others.) The permissions on the entire directory /var/named are 755 (read/write/execute by owner, read/execute by group, read/execute by others) , and that directory is also owned by bind:bind. I have emulated the perms from the (working) setup on the Mandriva machine (except that on that machine the user and group are 'named' not "bind".)

What have I done wrong here?