I have moved my dns server in a different machine and installed Bind9 and dns utils.

The old server had Bind version 8 and I copied all configs and moved it to the new DNS server.

However reloading the configs of the new dns server returned an error:
* Reloading domain name service...bind rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.
[fail]

I have also check permissions and seems to be ok.

Please advise.

Cheers!
DB

Have you tried to make a new key?

Yes I did this:
rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2

and inputted the new key in named.conf but still an error.

Thanks!
DB

so your new key is in /etc and and in the conf hum.... Anything in the logs when you restart?

New key is in rndc.conf and named.conf ?

I dont see any in /var/log/messages.

Any other logs that I should be aware about?

Thanks.

This will depend on how syslog is setup. On my system it is named logs to messages.
Anything else you can post maybe named.conf

Ok I got this going, didnt know that I have to restart the entire server in order to work properly (didnt say in the instructions). But i finally got the new dns server running in our network.

Now I have two primaries svr-dns1 (old dns) and svr-dns1.1 (new dns). I am planning to totally retire svr-dns1 and replace it with svr-dns1.1 but here's the problem.

While testing the svr-dns1.1 with a couple of client machines and pointed them to the new dns, the machines werent able to go out of the internet. After further research it turned out that I can ping IP addresses internal and external but not by names.

So accessing linuxquestions.org by name - no go but accessing it by it's ip address - yes. Same thing by accessing internal hosts im unable to access them by names.

Can someone give me an idea or point me to the right direction on how to resolve this?

Thanks!
DB

These are linux clients? You should put in the DNS IP's given by your ISP and put them in /etc/resolv.conf

Actually these are a mix of linux and windows machines.

Yes I confirmed resolv.conf and all pertinent ips are set in there.

Also I noticed that when I assign a static IP in one of the machines using this new DNS server, they wont go out the internet by name (i.e.linuxquestions.org) or any websites nor i cannot ping them by name - but I can successfully ping/access by IP.

So basically it works only via IP address.

Any advise on what else to look for?

Cheers!

I assigned an IP address (10.10.1.33) the same subnet this test machine is on - this went just fine can resolve hosts by names but only can resolve names within its subnet.

However crossing on to another subnet and pinging machines wont resolve by name.

Any ideas?

This may be a "hosts" file doing it's work. As for the new name server not working I'm not sure why. Is there a firewall blocking the new server from making queries (port 53) possibly. You can have named log better and watch that as you test.

I dont know, but basically this new DNS server is not serving up multiple subnets.

Bind doesnt work across subnets having this DNS server statically inputted in a client machine.

It resolves names within its subnet but not outside its range.

Basically, what is happening is that BIND is preventing your server from acting as a caching name server for any host that tries to connect to it. You need to implicitly define which subnets can recursively query the server. In order to do this, you will need to edit named.conf and add pertinent networks to the allow-query {} and allow-recursion {} sections.

http://www.zytrax.com/books/dns/ch7/queries.html has more details.

Thanks for the post, I guess this is where I'm confused about...
As stated on my previous posts, I just basically replicated all old configs from the old DNS server and copied them over into this new DNS server.

Eventually this new server will take over the primary function and the old primary will then be retired.

Can you please tell me on which part I'm missing in my named.conf file.

options {
directory "/etc/bind";
dump-file "/etc/bind/data/cache_dump.db";
statistics-file "/etc/bind/data/named_stats.txt";
allow-transfer { 10.10.1.4; };
/*
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "csaa.com" IN {
type master;
file "pri.csaa.com";
allow-update { none; };
};

zone "nv.csaa.com" IN {
type master;
file "pri.nv.csaa.com";
allow-update { none; };
};

zone "sf.csaa.com" IN {
type master;
file "pri.sf.csaa.com";
allow-update { none; };
};

zone "ca.csaa.com" IN {
type master;
file "pri.ca.csaa.com";
allow-update { none; };
};

zone "vpn.csaa.com" IN {
type master;
file "pri.vpn.csaa.com";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

zone "1.11.10.in-addr.arpa" IN {
type master;
file "pri.1.10.10.in-addr.arpa";
allow-update { none; };
};

zone "12.10.10.in-addr.arpa" IN {
type master;
file "pri.12.10.10.in-addr.arpa";
allow-update { none; };
};

zone "10.10.10.in-addr.arpa" IN {
type master;
file "pri.10.10.10.in-addr.arpa";
allow-update { none; };
};

zone "13.10.10.in-addr.arpa" IN {
type master;
file "pri.13.10.10.in-addr.arpa";
allow-update { none; };
};

zone "11.10.10.in-addr.arpa" IN {
type master;
file "pri.11.10.10.in-addr.arpa";
allow-update { none; };
};

zone "8.10.10.in-addr.arpa" IN {
type master;
file "pri.8.10.10.in-addr.arpa";
allow-update { none; };
};

zone "6.10.10.in-addr.arpa" IN {
type master;
file "pri.6.10.10.in-addr.arpa";
allow-update { none; };
};

zone "7.10.10.in-addr.arpa" IN {
type master;
file "pri.7.10.10.in-addr.arpa";
allow-update { none; };
};

include "/etc/bind/rndc.key";

Cheers,
DB