LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Unable to synchronize BIND 9 Master Slave Servers (https://www.linuxquestions.org/questions/linux-server-73/unable-to-synchronize-bind-9-master-slave-servers-671084/)

dholgado 09-19-2008 11:29 AM
Unable to synchronize BIND 9 Master Slave Servers
 
BIND9 Master Slave Sync problem on Etch 4 servers
I have set up a master and slave DNS servers and am unable to work out why I cannot get them to synchronize. The master ns-a works correctly as a DNS server but the slave ns-b is unable to sync. I have also used WEBMIN 1.430 in the configuration but am now lost as how to solve the problem.

The following are the logs from each following startup:

Sep 19 17:51:09 ns-a named[4624]: starting BIND 9.3.4-P1.1 -c /etc/bind/named.conf
Sep 19 17:51:09 ns-a named[4624]: found 1 CPU, using 1 worker thread
Sep 19 17:51:09 ns-a named[4624]: loading configuration from '/etc/bind/named.conf'
Sep 19 17:51:09 ns-a named[4624]: listening on IPv6 interfaces, port 53
Sep 19 17:51:09 ns-a named[4624]: binding TCP socket: address in use
Sep 19 17:51:09 ns-a named[4624]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 19 17:51:09 ns-a named[4624]: binding TCP socket: address in use
Sep 19 17:51:09 ns-a named[4624]: listening on IPv4 interface eth0, 192.168.1.2#53
Sep 19 17:51:09 ns-a named[4624]: binding TCP socket: address in use
Sep 19 17:51:09 ns-a named[4624]: command channel listening on 192.168.1.2#953
Sep 19 17:51:09 ns-a named[4624]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2008091905
Sep 19 17:51:09 ns-a named[4624]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: zone integra.lan/IN: loaded serial 2008091908
Sep 19 17:51:09 ns-a named[4624]: zone localhost/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: running
Sep 19 17:51:09 ns-a named[4624]: zone integra.lan/IN: sending notifies (serial 2008091908)
Sep 19 17:51:09 ns-a named[4624]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2008091905)
Sep 19 17:51:09 ns-a named[1960]: client 192.168.1.3#4651: request has invalid signature: TSIG integrakey: tsig verify failure (BADKEY)
Sep 19 17:51:10 ns-a named[1960]: client 192.168.1.3#2755: request has invalid signature: TSIG integrakey: tsig verify failure (BADKEY)


Sep 19 17:57:09 ns-b named[4206]: starting BIND 9.3.4-P1.1 -c /etc/bind/named.conf
Sep 19 17:57:09 ns-b named[4206]: found 1 CPU, using 1 worker thread
Sep 19 17:57:09 ns-b named[4206]: loading configuration from '/etc/bind/named.conf'
Sep 19 17:57:09 ns-b named[4206]: listening on IPv6 interfaces, port 53
Sep 19 17:57:09 ns-b named[4206]: binding TCP socket: address in use
Sep 19 17:57:09 ns-b named[4206]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 19 17:57:09 ns-b named[4206]: binding TCP socket: address in use
Sep 19 17:57:09 ns-b named[4206]: listening on IPv4 interface eth0, 192.168.1.3#53
Sep 19 17:57:09 ns-b named[4206]: binding TCP socket: address in use
Sep 19 17:57:09 ns-b named[4206]: command channel listening on 192.168.1.3#953
Sep 19 17:57:09 ns-b named[4206]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records
Sep 19 17:57:09 ns-b named[4206]: zone 1.168.192.in-addr.arpa/IN: has no NS records
Sep 19 17:57:09 ns-b named[4206]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: zone integra.lan/IN: has 0 SOA records
Sep 19 17:57:09 ns-b named[4206]: zone integra.lan/IN: has no NS records
Sep 19 17:57:09 ns-b named[4206]: zone localhost/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: running
Sep 19 17:57:09 ns-b named[4206]: zone integra.lan/IN: Transfer started.
Sep 19 17:57:09 ns-b named[4206]: transfer of 'integra.lan/IN' from 192.168.1.2#53: connected using 192.168.1.3#4216
Sep 19 17:57:09 ns-b named[4206]: transfer of 'integra.lan/IN' from 192.168.1.2#53: failed while receiving responses: NOTAUTH
Sep 19 17:57:09 ns-b named[4206]: transfer of 'integra.lan/IN' from 192.168.1.2#53: end of transfer
Sep 19 17:57:10 ns-b named[4206]: zone 1.168.192.in-addr.arpa/IN: Transfer started.
Sep 19 17:57:10 ns-b named[4206]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.2#53: connected using 192.168.1.3#4351
Sep 19 17:57:10 ns-b named[4206]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.2#53: failed while receiving responses: NOTAUTH
Sep 19 17:57:10 ns-b named[4206]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.2#53: end of transfer

The following is the named.conf for ns-a

// This is the primary configuration file for the BIND DNS server named.

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/integra.key";

controls {
inet 192.168.1.2 port 953 allow { 192.168.1.3; 127.0.0.1; } keys { integrakey; };
};

server 192.168.1.3 {
keys {
integrakey;
};
};

and named.conf from ns-b

// This is the primary configuration file for the BIND DNS server named.

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/integra.key";

controls {
inet 192.168.1.3 port 953 allow { 192.168.1.2; 127.0.0.1; } keys { integrakey; };
};

server 192.168.1.2 {
keys {
integrakey;
};
};

The key file integra.key is the same on both master and slave:

key integrakey {
algorithm hmac-md5;
secret "lMPtoMy5ve4gvMr3wfFGSg==";
};

The ns-a named.conf.local is

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "integra.lan" {
type master;
file "/etc/bind/zones/master/integra.lan.hosts";
allow-transfer { key integrakey; };
notify yes;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/master/192.168.1.rev";
allow-transfer { key integrakey; };
notify yes;
};

The ns-b named.conf.local is

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "integra.lan" {
type slave;
masters {
192.168.1.2;
};
allow-notify {
192.168.1.2;
};
file "/etc/bind/zones/slave/integra.lan.hosts";
};
zone "1.168.192.in-addr.arpa" {
type slave;
masters {
192.168.1.2;
};
allow-notify {
192.168.1.2;
};
file "/etc/bind/zones/slave/192.168.1.rev";
};


The ns-a named.conf.options is

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
dnssec-enable yes;
forwarders {
212.0.97.81;
212.0.97.82;
};
};

The ns-b named.conf.options is


options {
directory "/var/cache/bind";

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
dnssec-enable yes;
};

I would appreciate and help that anyone may be able to offer or suggest.
Thank you very much in advance

unSpawn 09-19-2008 12:10 PM
Please post your thread once and in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread should be closed because it is a duplicate.


All times are GMT -5. The time now is 11:33 AM.