BIND Slave server never gets zone transfer from master. HELP!!
Hi. This is sort of complicated and I have no idea why it isn't working - please read all the way through! BIND gurus -- HELP HELP HELP!!!
I have a BIND 9.3.1 server running on a Mandriva 2006.0 box. Until yesterday this server was a secondary for about 40 domains - the primary server for these domains was a (yuck) WIndows NT box running the elderly version of MS's DNS. It worked fine; zone transfers from the NT box to the Mandriva box occurred normally as per schedule. Yesterday the NT box died a horrible hard-disk death. I have converted the zones on the Mandriva (BIND) box to be master zones, and have made the appropriate changes at the registrar to point to the Mandriva box as primary. I have another box on a different network which I have set up (I thought, correctly!) to act as the new secondary. This new secondary is running Ubuntu 6.06.1 LTS, and is using Bind 9.3.2. Here's the problem: When I set up a slave zone on the Ubuntu box and point to the Mandriva box as master, the zone never gets transferred. I am using Webmin 1.290 on both Linux boxes to manage BIND. Also, I am storing the hosts files for BIND in files named "/var/named/domain.com.hosts" as opposed to under /etc. /var/named is 40775, owned by root.bind. I can manually copy files from the master DNS server to the slave DNS server, and the slave will work fine. However if I use Webmin's "FORCE UPDATE" button on the slave, it eventually leaves messages in the Bind log (I have that set to /var/log/bind_info) like this: 30-Aug-2006 10:41:23.408 general: info: zone testdomain.com/IN: Transfer started. 30-Aug-2006 10:44:32.418 xfer-in: error: transfer of 'testdomain.com/IN' from 66.105.94.248#53: failed to connect: timed out 30-Aug-2006 10:44:32.418 xfer-in: info: transfer of 'testdomain.com/IN' from 66.105.94.248#53: end of transfer I temporariy have IPTABLES on both machines set up to allow unblocked traffic (both UDP and TCP) on ports 53 and 953. The files on the slave in /var/named are 664. I don't think that I have anything set re: dnssec - and I don't see anything in the log on the master server that indicates a security or auth failure. I have the book "DNS and BIND" by O'Reilly, third edition, and I have read the whole thing three times. Can somebody PLEASE give me a nice step-by-step guide to setting up the relationships necessary to make the slave transfer zones from the master? HELP HELP HELP!!! |
Maybe create rndc keys
maybe this will help you http://www.howtoforge.com/debian_bin...r_slave_system |
Hmm. It must be a permissions issue. Eventually the slave server log contains messages like this:
....could not set file modification time of '/var/named/testdomain.com.hosts': permission denied I don't get it. The file is owned by bind:bind. On Ubuntu, the daemon 'named' is running as user 'bind' (confirmed by looking at "top" and also "running processes" in Webmin.) The permissions on the file are 664 (read/write by owner, read/write by group, read by others.) The permissions on the entire directory /var/named are 755 (read/write/execute by owner, read/execute by group, read/execute by others) , and that directory is also owned by bind:bind. I have emulated the perms from the (working) setup on the Mandriva machine (except that on that machine the user and group are 'named' not "bind".) What have I done wrong here? |
All times are GMT -5. The time now is 05:52 PM. |