DNS Config Issues
I have moved my dns server in a different machine and installed Bind9 and dns utils.
The old server had Bind version 8 and I copied all configs and moved it to the new DNS server. However reloading the configs of the new dns server returned an error: * Reloading domain name service...bind rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not syncronized, or * the key is invalid. [fail] I have also check permissions and seems to be ok. Please advise. Cheers! DB |
Have you tried to make a new key?
|
Quote:
rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2 and inputted the new key in named.conf but still an error. Thanks! DB |
so your new key is in /etc and and in the conf hum.... Anything in the logs when you restart?
|
New key is in rndc.conf and named.conf ?
|
Quote:
Any other logs that I should be aware about? Thanks. |
This will depend on how syslog is setup. On my system it is named logs to messages.
Anything else you can post maybe named.conf |
Quote:
Now I have two primaries svr-dns1 (old dns) and svr-dns1.1 (new dns). I am planning to totally retire svr-dns1 and replace it with svr-dns1.1 but here's the problem. While testing the svr-dns1.1 with a couple of client machines and pointed them to the new dns, the machines werent able to go out of the internet. After further research it turned out that I can ping IP addresses internal and external but not by names. So accessing linuxquestions.org by name - no go but accessing it by it's ip address - yes. Same thing by accessing internal hosts im unable to access them by names. Can someone give me an idea or point me to the right direction on how to resolve this? Thanks! :( DB |
These are linux clients? You should put in the DNS IP's given by your ISP and put them in /etc/resolv.conf
|
Quote:
Yes I confirmed resolv.conf and all pertinent ips are set in there. Also I noticed that when I assign a static IP in one of the machines using this new DNS server, they wont go out the internet by name (i.e.linuxquestions.org) or any websites nor i cannot ping them by name - but I can successfully ping/access by IP. So basically it works only via IP address. Any advise on what else to look for? Cheers! |
I assigned an IP address (10.10.1.33) the same subnet this test machine is on - this went just fine can resolve hosts by names but only can resolve names within its subnet.
However crossing on to another subnet and pinging machines wont resolve by name. Any ideas? |
Quote:
|
Quote:
Bind doesnt work across subnets having this DNS server statically inputted in a client machine. It resolves names within its subnet but not outside its range. |
Quote:
http://www.zytrax.com/books/dns/ch7/queries.html has more details. |
Quote:
As stated on my previous posts, I just basically replicated all old configs from the old DNS server and copied them over into this new DNS server. Eventually this new server will take over the primary function and the old primary will then be retired. Can you please tell me on which part I'm missing in my named.conf file. options { directory "/etc/bind"; dump-file "/etc/bind/data/cache_dump.db"; statistics-file "/etc/bind/data/named_stats.txt"; allow-transfer { 10.10.1.4; }; /* */ // query-source address * port 53; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "csaa.com" IN { type master; file "pri.csaa.com"; allow-update { none; }; }; zone "nv.csaa.com" IN { type master; file "pri.nv.csaa.com"; allow-update { none; }; }; zone "sf.csaa.com" IN { type master; file "pri.sf.csaa.com"; allow-update { none; }; }; zone "ca.csaa.com" IN { type master; file "pri.ca.csaa.com"; allow-update { none; }; }; zone "vpn.csaa.com" IN { type master; file "pri.vpn.csaa.com"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "1.11.10.in-addr.arpa" IN { type master; file "pri.1.10.10.in-addr.arpa"; allow-update { none; }; }; zone "12.10.10.in-addr.arpa" IN { type master; file "pri.12.10.10.in-addr.arpa"; allow-update { none; }; }; zone "10.10.10.in-addr.arpa" IN { type master; file "pri.10.10.10.in-addr.arpa"; allow-update { none; }; }; zone "13.10.10.in-addr.arpa" IN { type master; file "pri.13.10.10.in-addr.arpa"; allow-update { none; }; }; zone "11.10.10.in-addr.arpa" IN { type master; file "pri.11.10.10.in-addr.arpa"; allow-update { none; }; }; zone "8.10.10.in-addr.arpa" IN { type master; file "pri.8.10.10.in-addr.arpa"; allow-update { none; }; }; zone "6.10.10.in-addr.arpa" IN { type master; file "pri.6.10.10.in-addr.arpa"; allow-update { none; }; }; zone "7.10.10.in-addr.arpa" IN { type master; file "pri.7.10.10.in-addr.arpa"; allow-update { none; }; }; include "/etc/bind/rndc.key"; Cheers, DB |
Add the following before the "options {"
Code:
acl "trusted" { Code:
allow-query { any; }; |
All times are GMT -5. The time now is 07:47 PM. |