LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNS secondary zone transfer problems (https://www.linuxquestions.org/questions/linux-networking-3/dns-secondary-zone-transfer-problems-293972/)

jc materi 02-23-2005 03:04 PM

DNS secondary zone transfer problems
 
I am trying to set up a DNS secondary. The problem is, there is no zone transfer happening. I would appreciate any help at all. I have been working on this for several days now and I'm getting nowhere. I'm using BIND v9.2.3 on Fedora2.

Here is the log sequence on the primary machine (arcturus)
-----------------------------------------------------------------------------------------------------------
Feb 23 13:23:23 arcturus named[6107]: zone 42.xx.yy.in-addr.arpa/IN: loaded serial 2005022202
Feb 23 13:23:23 arcturus named[6107]: zone 43.xx.yy.in-addr.arpa/IN: loaded serial 2005022302
Feb 23 13:23:23 arcturus named[6107]: zone mydomain.com/IN: loaded serial 2005022302
Feb 23 13:23:23 arcturus named[6107]: zone myotherdomain.com/IN: loaded serial 2005022302
Feb 23 13:23:23 arcturus named[6107]: running
Feb 23 13:23:23 arcturus named[6107]: zone mydomain.com/IN: sending notifies (serial 2005022302)
Feb 23 13:23:23 arcturus named[6107]: zone myotherdomain.com/IN: sending notifies (serial 2005022302)
Feb 23 13:23:23 arcturus named[6107]: zone 42.xx.yy.in-addr.arpa/IN: sending notifies (serial 2005022202)
Feb 23 13:23:23 arcturus named[6107]: zone 43.xx.yy.in-addr.arpa/IN: sending notifies (serial 2005022302)
---------------------------------------------------------------------------------------------------------



Here is the log sequence on the secondary machine
---------------------------------------------------------------------------------------------------------
Feb 23 14:41:25 localhost named[12805]: received notify for zone 'mydomain.com': not authoritative
Feb 23 14:41:26 localhost named[12805]: received notify for zone 'myotherdomain.com': not authoritative
Feb 23 14:41:26 localhost named[12805]: received notify for zone '42.xx.yy.in-addr.arpa': not authoritative
Feb 23 14:41:26 localhost named[12805]: received notify for zone '43.xx.yy.in-addr.arpa': not authoritative
---------------------------------------------------------------------------------------------------------



The problem seems to be that no zone transfer is occuring because the secondary does not regard the primary as authoritative. However, when I do a dig request to the primary machine from the secondary, the aa flag is up indicating "authoritative answer".
------------------------------------------------------------------------------------------------------
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8157
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 6

------------------------------------------------------------------------------------------------------

?????????????????????????

odious1 02-23-2005 06:18 PM

Could you post your configuration file. The answer I am sure lies there.

Tom

jc materi 02-23-2005 08:57 PM

Quote:

Originally posted by odious1
Could you post your configuration file. The answer I am sure lies there.

Tom

config file on secondary:
-----------------------------------------------------------------
// generated by named-bootconf.pl

acl "stuff" {
{yy.xx.42.158; yy.xx.42.235; };
};


options {
directory "/var/named";
/*
//* If there is a firewall between you and nameservers you want
//* to talk to, you might need to uncomment the query-source
//* directive below. Previous versions of BIND always asked
//* questions using port 53, but BIND 8.1 uses an unprivileged
//* port by default.
//*/
query-source address * port 53;
allow-query { stuff; };
allow-recursion { stuff; };

};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "mydomain.com" IN {
type slave;
file "slaves/mydomain.db";
allow-query { any; };
masters { yy.xx.42.235; };
};

zone "myotherdomain.com" IN {
type slave;
file "slaves/myotherdomain.db";
allow-query { any; };
masters { yy.xx.42.235; };
};

zone "42.xx.yy.in-addr.arpa" {
type slave;
file "slaves/db.yy.xx.42";
allow-query { any; };
masters { yy.xx.42.235; };
};

include "/etc/rndc.key";
--------------------------------------------------

Primary config file
--------------------------------------------------
// generated by named-bootconf.pl


// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"VEIPNlYh7R1W";
};

controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};

acl "stuff" {
{yy.xx.42.158; yy.xx.42.235; };
};

options {
pid-file "/var/run/named/named.pid";
directory "/var/named";
version "9.2.3rc2";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-query { stuff; };
allow-recursion { stuff; };
};
//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};

zone "mydomain.com" {
type master;
file "mydomain.db";
// some security
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "myotherdomain.com" {
type master;
file "myotherdomain.db";
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "42.xx.yy.in-addr.arpa" {
type master;
file "db.yy.xx.42";
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "43.xx.yy.in-addr.arpa" {
type master;
file "db.yy.xx.43";
allow-query { any; };
allow-transfer { yy.xx.42.158; };
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};

linuxxed 02-24-2005 05:05 AM

When you say no transfers are taking place - do you mean no files are being created inside the slaves directory?

In your slave, should the line not be


zone "mydomain.com" {

instead of

zone "mydomain.com" IN {


Clear all your transferred files inside slaves directory. Stop both name servers and start. See if you can see anything in the logs. try increasing the debug level as well.

moander 04-04-2007 05:32 AM

Same problem
 
I have the same problem. My slave says not authorative when it receives a notify from the master. This has nothing to do with write permissions or the IN class in named.conf.

This seems to work fine on bind version 9.2.1 but not on 9.2.4.

Another problem I have with 9.2.3 is that wildcard zones does not work properly.

my.test A 10.0.0.2
*.test A 10.0.0.1

I can resolve whatever.test but not my.test. If I run the same zonefile on v 9.2.1 it works fine.

Morten

fur 04-04-2007 01:19 PM

Quote:

Originally Posted by moander
I have the same problem. My slave says not authorative when it receives a notify from the master. This has nothing to do with write permissions or the IN class in named.conf.

This seems to work fine on bind version 9.2.1 but not on 9.2.4.

Another problem I have with 9.2.3 is that wildcard zones does not work properly.

my.test A 10.0.0.2
*.test A 10.0.0.1

I can resolve whatever.test but not my.test. If I run the same zonefile on v 9.2.1 it works fine.

Morten


As far as the wildcard, I just tested this, and it works for me.

Code:

dog.testing.com.        IN    A    172.16.0.2
*.testing.com.        IN    A    172.16.0.50

Code:

# named -v
BIND 9.2.4


# nslookup cat.testing.com
Server:        192.168.0.50
Address:        192.168.0.50#53

Name:  cat.testing.com
Address: 172.16.0.50



# nslookup mouse.testing.com
Server:        192.168.0.50
Address:        192.168.0.50#53

Name:  mouse.testing.com
Address: 172.16.0.50




# nslookup dog.testing.com
Server:        192.168.0.50
Address:        192.168.0.50#53

Name:  dog.testing.com
Address: 172.16.0.2



As far as the zone transfer to the slave, I'm guessing its just a config issue. This thread is so old I wont even bother going over the original post.

Can you post your configs?


All times are GMT -5. The time now is 04:55 AM.