LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   repolication between primary DNS and secondary DNS issue (https://www.linuxquestions.org/questions/linux-server-73/repolication-between-primary-dns-and-secondary-dns-issue-946776/)

Gil@LQ 05-25-2012 03:54 AM
repolication between primary DNS and secondary DNS issue
 
hi,

i configured bind on rhel6 running fine, later configured secondary dns on another system on rhel6, after i resarting named on secondary dns , zone files were transferred automatically and it was great. but when ever i add new entry on primary dns , they are not getting replicated until i do it manually on secondary dns as below

rndc reload mydomain.com

or else i simply i delete forward and reverse zone file in /var/named/slaves/

and restart named service then both zone files will be reloaded with updated records,

I changed ; refresh option to 1 Min, on slave dns, so that it checks for update for every one min.

Do i need to increase ; serial count every time i edit zone files, or it will be increased automatically ???

i also manally increase ; serial after editing zone files but not being updated automatically...

please help me.

bathory 05-25-2012 05:41 AM
Quote:
Do i need to increase ; serial count every time i edit zone files, or it will be increased automatically ???
Of course you have to increase serial after editing a zone file in master and reload bind


Quote:
i also manally increase ; serial after editing zone files but not being updated automatically...
Check the logs to see if the master sends notifies to slave(s).
Maybe posting named.conf could help also.

Regards

Gil@LQ 05-25-2012 02:19 PM
hi bathory,

how r u doing? hope you remeber, its me, subbarao ganeshna, i had jermy change my username recently. I have personal reason.... any ways nice to see your reply thanks for that. i dont go to office for next two days so i cant send you named.conf. I think there was no error, cheked with named-check i'll send you any way. thanks for first answer. i'll increas it every time from now. comming to second line,
Quote:
Check the logs to see if the master sends notifies to slave(s).
do i need to edit ;refresh settings for master also ?

when i was googling i came across one thing that , if we set rndc and edit some thing in /etc/rndc.conf... we dont have to restart named every time master dns gets updated what's it ?

thank you.

bathory 05-25-2012 03:55 PM
Hi.

Quote:
I think there was no error, cheked with named-check i'll send you any way.
I didn't say there is an error in your config. You maybe have a "notify no" in master's named.conf, so it doesn't sent notifies to slave(s)


Quote:
do i need to edit ;refresh settings for master also ?
Don't get what you mean. Notifies are sent automatically by default when a zone is changed in master.
Anyway, the procedure when editing a zone file in master is the following:
Do your edits in the zone file
Increase the serial
Restart bind (or just reload the zone using rndc)

Quote:
if we set rndc and edit some thing in /etc/rndc.conf... we dont have to restart named every time master dns gets updated what's it ?
That what I've said above. If rndc is configured correctly, you can use:
Code:
rndc reload zone
to reload the zone and send notifies.

Regards

Gil@LQ 05-26-2012 09:30 AM
hi bathory,

thanks for clarifying me

Quote:
Do your edits in the zone file
Increase the serial
Restart bind (or just reload the zone using rndc)
Today i tried at home configuring masters and slave. it worked fine, i think i just one thing changed that is

in zone file, i added NS record for slave in master dns server. which i didnt in my office, only added A record for slave.

I just one want to let you know that when i thry rndc reload zone command is failing on master zone, if i userndc reolad it says commnad successful reloaded jones, but dns is not resolving for newly added record. It works only after restarting named serice. Any ways thank you. Im sorry i didnt get you.

Quote:
I didn't say there is an error in your config. You maybe have a "notify no" in master's named.conf, so it doesn't sent notifies to slave(s)
here are my files

Quote:
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { 192.168.85.9; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "85.168.192.in-addr.arpa" IN {
type master;
file "rev.zone";
allow-update { 192.168.85.9; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
slave dns

Quote:
zone "gil.net" IN {
type slave;
file "slaves/for";
masters {192.168.85.8;};
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "85.168.192.in-addr.arpa" IN {
type slave;
file "slaves/rev";
masters {192.168.85.8;};
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
Forward ZONE file. files

MASTERS

Quote:
$TTL 1D
@ IN SOA server1.gil.net. root.server1.gil.net. (
1004 ; serial
1M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS server1.gil.net.
IN NS server2.gil.net.
server1 IN A 192.168.85.8
server2 IN A 192.168.85.9
subbu IN A 192.168.85.112
~

Forward zone SLAVES

Quote:
$ORIGIN .
$TTL 86400 ; 1 day
gil.net IN SOA server1.gil.net. root.server1.gil.net. (
1004 ; serial
60 ; refresh (1 minute)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS server1.gil.net.
NS server2.gil.net.
$ORIGIN gil.net.
server1 A 192.168.85.8
server2 A 192.168.85.9
subbu A 192.168.85.112
I set refresh interval to IM in masters the same replicated to slave, is it correct or should i add 1M in slave, because if i edit slave zone file, it's getting changed after every update from masters. thats why set refresh interval in primary zone file. ami correct.

One thing that is i didnt find any notify yes entry in /etc/named.rfc1912.zones file. it working fine without it any ways please check my config files and suggest me what else i should to make sure primary records get replicated to slave dns.

thank you very much for your time bathory...

---------- Post added 05-26-12 at 10:31 AM ----------

hi bathory,

thanks for clarifying me

Quote:
Do your edits in the zone file
Increase the serial
Restart bind (or just reload the zone using rndc)
Today i tried at home configuring masters and slave. it worked fine, i think i just one thing changed that is

in zone file, i added NS record for slave in master dns server. which i didnt in my office, only added A record for slave.

I just one want to let you know that when i thry rndc reload zone command is failing on master zone, if i userndc reolad it says commnad successful reloaded jones, but dns is not resolving for newly added record. It works only after restarting named serice. Any ways thank you. Im sorry i didnt get you.

Quote:
I didn't say there is an error in your config. You maybe have a "notify no" in master's named.conf, so it doesn't sent notifies to slave(s)
here are my files

Quote:
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { 192.168.85.9; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "85.168.192.in-addr.arpa" IN {
type master;
file "rev.zone";
allow-update { 192.168.85.9; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
slave dns

Quote:
zone "gil.net" IN {
type slave;
file "slaves/for";
masters {192.168.85.8;};
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "85.168.192.in-addr.arpa" IN {
type slave;
file "slaves/rev";
masters {192.168.85.8;};
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
Forward ZONE file. files

MASTERS

Quote:
$TTL 1D
@ IN SOA server1.gil.net. root.server1.gil.net. (
1004 ; serial
1M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS server1.gil.net.
IN NS server2.gil.net.
server1 IN A 192.168.85.8
server2 IN A 192.168.85.9
subbu IN A 192.168.85.112
~

Forward zone SLAVES

Quote:
$ORIGIN .
$TTL 86400 ; 1 day
gil.net IN SOA server1.gil.net. root.server1.gil.net. (
1004 ; serial
60 ; refresh (1 minute)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10800 ; minimum (3 hours)
)
NS server1.gil.net.
NS server2.gil.net.
$ORIGIN gil.net.
server1 A 192.168.85.8
server2 A 192.168.85.9
subbu A 192.168.85.112
I set refresh interval to IM in masters the same replicated to slave, is it correct or should i add 1M in slave, because if i edit slave zone file, it's getting changed after every update from masters. thats why set refresh interval in primary zone file. ami correct.

One thing that is i didnt find any notify yes entry in /etc/named.rfc1912.zones file. it working fine without it any ways please check my config files and suggest me what else i should to make sure primary records get replicated to slave dns.

thank you very much for your time bathory...

bathory 05-26-2012 11:52 AM
Hi,

Quote:
Today i tried at home configuring masters and slave. it worked fine, i think i just one thing changed that is

in zone file, i added NS record for slave in master dns server. which i didnt in my office, only added A record for slave.
That explains everything. Master sends notifies by default to the nameservers listed in the zone NS records, unless there is a "also-notify ..." statement that adds additional servers that need to be notified. And of course you need to list all the NS RRs in a zone file.


Quote:
I just one want to let you know that when i thry rndc reload zone command is failing on master zone, if i userndc reolad it says commnad successful reloaded jones, but dns is not resolving for newly added record. It works only after restarting named serice.
You should replace zone with the actual zone name, e.g.
Code:
rndc reload example.com
You can also use just "rndc reload", where rndc scans all zone files and reload only those changed


Quote:
I set refresh interval to IM in masters the same replicated to slave, is it correct or should i add 1M in slave, because if i edit slave zone file, it's getting changed after every update from masters. thats why set refresh interval in primary zone file. ami correct.
It's fine for testing, but in normal operation you should increase it (1d is good)


Quote:
One thing that is i didnt find any notify yes entry in /etc/named.rfc1912.zones file.
This is normal, as the default is "notify yes"

Regards

Gil@LQ 05-26-2012 01:59 PM
hi,

thanks for your help. now im clear that

1. NS record is must for slave dns on master dns to know master that there is anohter dns server and i should send notification...

2. "notify yes;" is default even it's not mentioned in /etc/named.rfc1912.zones. isnt it ?

is it neccesary to add "notify yes;"

Quote:
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { 192.168.85.9; };
notify yes;
};


i'll change refresh interval to One day...

Thank you very much .

lithos 05-26-2012 03:01 PM
Quote:
Originally Posted by Gil@LQ (Post 4688301)
hi,

thanks for your help. now im clear that

1. NS record is must for slave dns on master dns to know master that there is anohter dns server and i should send notification...
2. "notify yes;" is default even it's not mentioned in /etc/named.rfc1912.zones. isnt it ?
is it neccesary to add "notify yes;"

Code:
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { 192.168.85.9; };
notify yes;
};
i'll change refresh interval to One day...
Thank you very much .
Hi,

It doesn't hurt if you add "notify yes", for testing TTL 1M is OK, when you're sure it's working, again change serial number and increase to 1D,
and maybe you could add "allow-transfer" to the zone
Quote:
allow-transfer { address_match_list }; Specifies an ACL on who can receive a zone transfer from this server. The default is any.
Example:
Code:
zone "toddgarrison.org" IN {
 type master;
 file "toddgarrison.org.signed";
 allow-update { none; };
 allow-query { any; };
 allow-transfer { 1.2.3.254; };
notify yes;
};
list your Secondary DNS IP to allow transfer of zone record.

What catched my eye is your allow-update line
which I don't use and I'm afraid if you're using it on your Master DNS server it might be a problem. I would remove it !

Gil@LQ 05-27-2012 05:19 AM
hi lithos,

so you say zone file configuration for Master & Slaves should look like this ???

MASTER DNS

Quote:
zone "gil.net" IN {
type master;
file "for.zone";
allow-update { none; };
allow-transfer { <slave dns IP>; };
notify yes;
};

SLAVE DNS
Quote:
zone "gil.net" IN {
type slave;
file "slaves/for.zone";
allow-update { <Master DNS IP>; };
masters { <Master DNS IP> ;};
};
is it fine, just give me final zone configuration.

though i mentioned allow update in MASTER DNS server, my dns servers are working fine.

one thing is if i added allow-update (masternds IP); in slave dns file, and use named-checkconf command get error.

Quote:
[root@server2 ~]# named-checkconf /etc/named.rfc1912.zones
/etc/named.rfc1912.zones:17: option 'allow-update' is not allowed in 'slave' zone 'gil.net'
/etc/named.rfc1912.zones:36: option 'allow-update' is not allowed in 'slave' zone '85.168.192.in-addr.arpa'
i removed the line and working fine. just give me final thing for master and dns...


thank you.

lithos 05-27-2012 09:02 AM
Hi Gil@LQ,

Yes,

your zones are correct, just delete the line "allow-update" and you're ok.

Here are my configurations:

Master zone:
Code:
zone "example.com" in {
notify yes;
type master;
file "master/db.example.com";
allow-transfer { secondary_dns_ip; };
allow-query { any; };
};
secondary zone:
Code:
zone "example.com" in {
type slave;
file "slave/db.example.com";
masters { master_DNS-IP; };
allow-query { any; };
};
and the domain config:
db.example.com
Code:
; Start of Authority (SOA) records.
$ORIGIN example.com.
$TTL 6H
@      IN              SOA  ns.primarydns.com. info.primarydns.com.  (
                                          2011010101  ; Serial
                                          4H      ; Refresh
                                          1H        ; Retry
                                          1W      ; Expire
                                          6H )    ; TTL

; Name Server (NS) records.
                            IN              NS  ns.primarydns.com.
                            IN              NS  ns.secondarydns.com.

; Mail Exchange (MX) records.
example.com.    IN          MX  10 mail.example.com.


; Address (A) records.
example.com.              IN      A      19.18.13.22
mail                    IN      A      19.18.13.22
www                    IN      A      19.18.13.22

; Aliases in Canonical Name (CNAME) records.
Marked TTL 6H values must be the same!

Gil@LQ 05-27-2012 02:28 PM
Thanks you lithos for your time and clarifying me.

thank you very much.


All times are GMT -5. The time now is 10:07 PM.