LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-15-2016, 03:05 AM   #1
hcape
LQ Newbie
 
Registered: Nov 2016
Posts: 2

Rep: Reputation: Disabled
Bind9 zone transfer not working on Centos 7 to another name server - really stuck


Hello

We have had two BIND8 servers in our network, both serving on two views, one internal, and one public ("exetrnal"). Both servers have two IP's, one is used for exchanging internal data and other external. And it just keeps running (I myself didn't configure them).

But now we want to have another server outside our network to increase the fault-tolerance. It would be enough to have the external names working.

I installed it on an server in a datacenter. It seems to be working OK - except that I can't get zone transfer to succeed.

So this is small schematic of the current situation:

Master
192.168.1.102 < -- internal DNS -- > 192.168.1.103
192.168.1.112 < -- external DNS -- > 192.168.1.113
A.B.C.D (public ip) A.B.C.E (public IP)

New DNS
F.G.H.I (public IP) This should get the same zones as from 192.168.1.113 from A.B.C.D

What have I done so far? A lot, but nothing seems to get things any better.

The new DNS has the following structure:
options {
listen-on port 53 { any;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-notify {A.B.C.D;};
recursion no;
transfer-source A.B.C.D;

dnssec-enable yes;
dnssec-validation yes;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
notify yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "example-domain.net" IN {
type slave;
file "slaves/example-domain.external";
masters { A.B.C.D; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

On the A.B.C.D I have made anew view (after not getting it to work, though that didn't work either - but I prefer to play with something that shouldn't be asked by anyone else).

There the relevant parts from the named.conf are:

view "dcf" {

match-clients { F.G.H.I; };
allow-query { F.G.H.I; };
allow-transfer { F.G.H.I;};
notify-source A.B.C.D;
recursion no;

zone "example-domain.net" {
type master;
file "example-domain.external";
allow-transfer { F.G.H.I;};
also-notify { F.G.H.I;};
};
}

There are some "funny" side-effects. For example, if I run service named restart on master, I get notify from J.K.L.M which might be from the ISP farm (of the master). If I allow notify and transfer from that (yes, I am desperate), it doesn't work ("refused notify from non-master") which I sort of accept.

I haven't seen any notifies from the A.B.C.D, though I have

Variables A,B,.. are integers between 0 and 255.
I have disabled selinux.

Can anybody help me at all? I just can't figure it out anymore myself. HEEEEEELP!!!

hank
 
Old 11-15-2016, 11:49 AM   #2
ronatartifact
Member
 
Registered: Oct 2003
Location: Montreal, Canada
Distribution: CentOS
Posts: 38

Rep: Reputation: 5
Notify yes

I did not see an option notify yes;

zone "example.com" {
type master;
file "/var/lib/bind/db.example.com";
notify yes;
// ...
};

I found this at
http://www.microhowto.info/howto/con...ns_server.html

This has some suggestions about troubleshooting as well
 
1 members found this post helpful.
Old 11-16-2016, 08:56 PM   #3
abarclay
LQ Newbie
 
Registered: Aug 2003
Posts: 26

Rep: Reputation: 6
Remove the transfer-source directive and try again
 
1 members found this post helpful.
Old 11-18-2016, 12:23 AM   #4
hcape
LQ Newbie
 
Registered: Nov 2016
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by abarclay View Post
Remove the transfer-source directive and try again
Sorry for the delay. We found out that there was something wrong with the name server connectivity on the provider's side (some routing was wrong) and had to wait for them to correct it.

Now I got some time for this project and after dropping this directive it finally started to work. It probably was OK earlier, but the connectivity problem surely made it not succeed. I made a lot of Google harvesting on directives to remedy the problem and this was one too many.

I am bashing myself for not checking outt even elementary functionality is in place before trying to circumvent it with "clever" binding... :/

Thank you a lot.

hank

Last edited by hcape; 11-18-2016 at 12:24 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I find file zone in the slave zone to the do a transfer of zone from Windows Server 2012 as master dns and CentOS as slave DNS. To learn Linux - Newbie 1 09-02-2016 10:36 AM
[SOLVED] transfer the zone from bind9 to windows server 2008 R2 technicien14 Linux - Server 3 12-04-2015 04:09 PM
zone transfer deferred due to quota in slave server (centos) SarahGurung Linux - Server 1 01-30-2014 05:51 AM
bind9 zone transfer weirdness gdanko Linux - Server 5 07-13-2010 06:06 PM
Bind9 Zone Transfer Issues lomax0990 Linux - Server 6 10-23-2009 02:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration