LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 02-23-2005, 03:04 PM   #1
jc materi
LQ Newbie
 
Registered: Aug 2004
Location: Saskatoon, SK, Canada
Distribution: fedora 4
Posts: 25

Rep: Reputation: 15
DNS secondary zone transfer problems


I am trying to set up a DNS secondary. The problem is, there is no zone transfer happening. I would appreciate any help at all. I have been working on this for several days now and I'm getting nowhere. I'm using BIND v9.2.3 on Fedora2.

Here is the log sequence on the primary machine (arcturus)
-----------------------------------------------------------------------------------------------------------
Feb 23 13:23:23 arcturus named[6107]: zone 42.xx.yy.in-addr.arpa/IN: loaded serial 2005022202
Feb 23 13:23:23 arcturus named[6107]: zone 43.xx.yy.in-addr.arpa/IN: loaded serial 2005022302
Feb 23 13:23:23 arcturus named[6107]: zone mydomain.com/IN: loaded serial 2005022302
Feb 23 13:23:23 arcturus named[6107]: zone myotherdomain.com/IN: loaded serial 2005022302
Feb 23 13:23:23 arcturus named[6107]: running
Feb 23 13:23:23 arcturus named[6107]: zone mydomain.com/IN: sending notifies (serial 2005022302)
Feb 23 13:23:23 arcturus named[6107]: zone myotherdomain.com/IN: sending notifies (serial 2005022302)
Feb 23 13:23:23 arcturus named[6107]: zone 42.xx.yy.in-addr.arpa/IN: sending notifies (serial 2005022202)
Feb 23 13:23:23 arcturus named[6107]: zone 43.xx.yy.in-addr.arpa/IN: sending notifies (serial 2005022302)
---------------------------------------------------------------------------------------------------------



Here is the log sequence on the secondary machine
---------------------------------------------------------------------------------------------------------
Feb 23 14:41:25 localhost named[12805]: received notify for zone 'mydomain.com': not authoritative
Feb 23 14:41:26 localhost named[12805]: received notify for zone 'myotherdomain.com': not authoritative
Feb 23 14:41:26 localhost named[12805]: received notify for zone '42.xx.yy.in-addr.arpa': not authoritative
Feb 23 14:41:26 localhost named[12805]: received notify for zone '43.xx.yy.in-addr.arpa': not authoritative
---------------------------------------------------------------------------------------------------------



The problem seems to be that no zone transfer is occuring because the secondary does not regard the primary as authoritative. However, when I do a dig request to the primary machine from the secondary, the aa flag is up indicating "authoritative answer".
------------------------------------------------------------------------------------------------------
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8157
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 6

------------------------------------------------------------------------------------------------------

?????????????????????????
 
Old 02-23-2005, 06:18 PM   #2
odious1
Member
 
Registered: Jun 2003
Location: Virginia, USA
Distribution: Slackware
Posts: 252

Rep: Reputation: 30
Could you post your configuration file. The answer I am sure lies there.

Tom
 
Old 02-23-2005, 08:57 PM   #3
jc materi
LQ Newbie
 
Registered: Aug 2004
Location: Saskatoon, SK, Canada
Distribution: fedora 4
Posts: 25

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by odious1
Could you post your configuration file. The answer I am sure lies there.

Tom
config file on secondary:
-----------------------------------------------------------------
// generated by named-bootconf.pl

acl "stuff" {
{yy.xx.42.158; yy.xx.42.235; };
};


options {
directory "/var/named";
/*
//* If there is a firewall between you and nameservers you want
//* to talk to, you might need to uncomment the query-source
//* directive below. Previous versions of BIND always asked
//* questions using port 53, but BIND 8.1 uses an unprivileged
//* port by default.
//*/
query-source address * port 53;
allow-query { stuff; };
allow-recursion { stuff; };

};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "mydomain.com" IN {
type slave;
file "slaves/mydomain.db";
allow-query { any; };
masters { yy.xx.42.235; };
};

zone "myotherdomain.com" IN {
type slave;
file "slaves/myotherdomain.db";
allow-query { any; };
masters { yy.xx.42.235; };
};

zone "42.xx.yy.in-addr.arpa" {
type slave;
file "slaves/db.yy.xx.42";
allow-query { any; };
masters { yy.xx.42.235; };
};

include "/etc/rndc.key";
--------------------------------------------------

Primary config file
--------------------------------------------------
// generated by named-bootconf.pl


// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"VEIPNlYh7R1W";
};

controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};

acl "stuff" {
{yy.xx.42.158; yy.xx.42.235; };
};

options {
pid-file "/var/run/named/named.pid";
directory "/var/named";
version "9.2.3rc2";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-query { stuff; };
allow-recursion { stuff; };
};
//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};

zone "mydomain.com" {
type master;
file "mydomain.db";
// some security
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "myotherdomain.com" {
type master;
file "myotherdomain.db";
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "42.xx.yy.in-addr.arpa" {
type master;
file "db.yy.xx.42";
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "43.xx.yy.in-addr.arpa" {
type master;
file "db.yy.xx.43";
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};

Last edited by jc materi; 02-23-2005 at 08:59 PM.
 
Old 02-24-2005, 05:05 AM   #4
linuxxed
Member
 
Registered: Feb 2004
Posts: 273

Rep: Reputation: 30
When you say no transfers are taking place - do you mean no files are being created inside the slaves directory?

In your slave, should the line not be


zone "mydomain.com" {

instead of

zone "mydomain.com" IN {


Clear all your transferred files inside slaves directory. Stop both name servers and start. See if you can see anything in the logs. try increasing the debug level as well.
 
Old 04-04-2007, 05:32 AM   #5
moander
LQ Newbie
 
Registered: Apr 2007
Posts: 1

Rep: Reputation: 0
Same problem

I have the same problem. My slave says not authorative when it receives a notify from the master. This has nothing to do with write permissions or the IN class in named.conf.

This seems to work fine on bind version 9.2.1 but not on 9.2.4.

Another problem I have with 9.2.3 is that wildcard zones does not work properly.

my.test A 10.0.0.2
*.test A 10.0.0.1

I can resolve whatever.test but not my.test. If I run the same zonefile on v 9.2.1 it works fine.

Morten
 
Old 04-04-2007, 01:19 PM   #6
fur
Member
 
Registered: Dec 2003
Distribution: Debian, FreeBSD
Posts: 310

Rep: Reputation: 35
Quote:
Originally Posted by moander
I have the same problem. My slave says not authorative when it receives a notify from the master. This has nothing to do with write permissions or the IN class in named.conf.

This seems to work fine on bind version 9.2.1 but not on 9.2.4.

Another problem I have with 9.2.3 is that wildcard zones does not work properly.

my.test A 10.0.0.2
*.test A 10.0.0.1

I can resolve whatever.test but not my.test. If I run the same zonefile on v 9.2.1 it works fine.

Morten

As far as the wildcard, I just tested this, and it works for me.

Code:
dog.testing.com.        IN    A     172.16.0.2
*.testing.com.        IN    A     172.16.0.50
Code:
# named -v
BIND 9.2.4


# nslookup cat.testing.com
Server:         192.168.0.50
Address:        192.168.0.50#53

Name:   cat.testing.com
Address: 172.16.0.50



# nslookup mouse.testing.com
Server:         192.168.0.50
Address:        192.168.0.50#53

Name:   mouse.testing.com
Address: 172.16.0.50




# nslookup dog.testing.com
Server:         192.168.0.50
Address:        192.168.0.50#53

Name:   dog.testing.com
Address: 172.16.0.2


As far as the zone transfer to the slave, I'm guessing its just a config issue. This thread is so old I wont even bother going over the original post.

Can you post your configs?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with iptables and DNS/named Zone settings majiclab Linux - Networking 2 10-24-2004 06:27 AM
DNS Windows To Linux Zone Transfer? rootking Linux - Networking 2 09-13-2004 02:29 AM
Public DNS Server - Zone Transfer - granitecanyon.com j33px0r Linux - Networking 2 04-14-2004 10:26 AM
transfer DNS data to secondary name servers? Grum Linux - General 0 05-15-2002 04:36 AM
DNS - Manual zone transfer roboli Linux - Networking 0 02-27-2002 09:42 AM


All times are GMT -5. The time now is 02:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration