BIND9 slave DNS problem HELP!!!

mlu · 05-01-2005, 09:52 PM

I'm using fedora core 3. i wanted to make local dns servers. in FC3 BIND9 is comming, so i went in to some FC3 ebooks and made a master dns server, here is the thing what i did,

1. i installed the bind pakeges

2. then i went to /etc/resolv.conf & did the following

nameserver 127.0.0.1
nameserver 192.168.2.140
domain tcs.org
search tcs.org

i put the second nameserver cause i wanted to have a slave DNS also.

3. i made a forward lookup zone in the name of "db.tcs.org"

$TTL 2D
@ IN SOA tcs.org. root.tcs.org. (
01 ;serial
3H ;refresh
1H ;retry
1W ;expire
2D) ;minimum

; dns server name
IN NS ns1.tcs.org.
IN NS ns2.tcs.org.

; mail server name
IN MX 10 mail.tcs.org.

; address records

localhost IN A 127.0.0.1
tcs.org. IN A 192.168.2.130
ns1 IN A 192.168.2.130
ns2 IN A 192.168.2.140
www IN A 192.168.2.130
mail IN A 192.168.2.130
ftp IN A 192.168.2.130

; private client records

srv1 IN A 192.168.2.110
srv2 IN A 192.168.2.120
srv3 IN A 192.168.2.130
srv4 IN A 192.168.2.140

;EOF

4. then copy the "db.tcs.org" to /var/named/chroot/var/named & made a link to "db.tcs.org" in /var/named

5. changed the ownersip of "db.tcs.org" from root to named

#chown named db.tcs.org
#chgrp named db.tcs.org

6. edited the /etc/named.conf file

zone "tcs.org" IN {
type master;
file "db.tcs.org";
allow-update { any; };
};

7. started the named service

once i did up to that i made a DNS client and checked the DNS resolution also with the "dig" command it was success.

NOW HERE IS MY PROBLEM

then i wanted to make a slave DNS, so i did this

1. i installed the bind pakeges

2. edited the /etc/resov.conf

nameserver 127.0.0.1
nameserver 192.168.2.130
domain tcs.org
search tcs.org

192.168.2.130 is my master DNS

3. edited the /etc/named.conf

zone "tcs.org" IN {
type slave;
file "db.tcs.org";
masters { 192.168.2.130; };
allow-query { any; };
};

4. start the named service

previously when i did the same thing with BIND8 comming in Redhat 9 it successfully copied the forward lookup zone file "db.tcs.org" from master to slave, and everything was ok, but with BIND9 the forward lookup zone file "db.tcs.org" did not get copied to slave. so when i "dig" in it fails. but in the slave in the /etc/resov.conf if i change the nameservers

nameserver 192.168.2.130
nameserver 127.0.0.1

it works, i think it's getting the resolution from the master.

so what can i do about this

1. is it to do something with SELINUX
2. am i configuring the master DNS incorrectly in BIND9 so the zone file does not get copied to slave
3. or am i configuring the slave incorrectly

PLS HELP ME

ps- i'm using
bind-9.2.4-2.i386.rpm

scowles · 05-02-2005, 05:03 AM

A couple of things to check:

1) Check firewall rules. Zone transfers are tcp/53.
2) Your zone definition on the master does not include "allow-transfer" statement
3) Add "notify yes" to zone on master

If all else fails:

1) Increase the logging levels on the master and see why the zone transfer is failing.
2) Run tcpdump on master and/or slave. The slave should first issue a SOA query to the master (checking the serial number) prior to issuing the zone transfer.

mlu · 05-05-2005, 06:31 AM

no luck man