BIND9 Master Slave Sync problem on Etch 4 servers

dholgado · 09-19-2008, 11:16 AM

I have set up a master and slave DNS servers and am unable to work out why I cannot get them to synchronize. The master ns-a works correctly as a DNS server but the slave ns-b is unable to sync. I have also used WEBMIN 1.430 in the configuration but am now lost as how to solve the problem.

The following are the logs from each following startup:

Sep 19 17:51:09 ns-a named[4624]: starting BIND 9.3.4-P1.1 -c /etc/bind/named.conf
Sep 19 17:51:09 ns-a named[4624]: found 1 CPU, using 1 worker thread
Sep 19 17:51:09 ns-a named[4624]: loading configuration from '/etc/bind/named.conf'
Sep 19 17:51:09 ns-a named[4624]: listening on IPv6 interfaces, port 53
Sep 19 17:51:09 ns-a named[4624]: binding TCP socket: address in use
Sep 19 17:51:09 ns-a named[4624]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 19 17:51:09 ns-a named[4624]: binding TCP socket: address in use
Sep 19 17:51:09 ns-a named[4624]: listening on IPv4 interface eth0, 192.168.1.2#53
Sep 19 17:51:09 ns-a named[4624]: binding TCP socket: address in use
Sep 19 17:51:09 ns-a named[4624]: command channel listening on 192.168.1.2#953
Sep 19 17:51:09 ns-a named[4624]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2008091905
Sep 19 17:51:09 ns-a named[4624]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: zone integra.lan/IN: loaded serial 2008091908
Sep 19 17:51:09 ns-a named[4624]: zone localhost/IN: loaded serial 1
Sep 19 17:51:09 ns-a named[4624]: running
Sep 19 17:51:09 ns-a named[4624]: zone integra.lan/IN: sending notifies (serial 2008091908)
Sep 19 17:51:09 ns-a named[4624]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 2008091905)
Sep 19 17:51:09 ns-a named[1960]: client 192.168.1.3#4651: request has invalid signature: TSIG integrakey: tsig verify failure (BADKEY)
Sep 19 17:51:10 ns-a named[1960]: client 192.168.1.3#2755: request has invalid signature: TSIG integrakey: tsig verify failure (BADKEY)

Sep 19 17:57:09 ns-b named[4206]: starting BIND 9.3.4-P1.1 -c /etc/bind/named.conf
Sep 19 17:57:09 ns-b named[4206]: found 1 CPU, using 1 worker thread
Sep 19 17:57:09 ns-b named[4206]: loading configuration from '/etc/bind/named.conf'
Sep 19 17:57:09 ns-b named[4206]: listening on IPv6 interfaces, port 53
Sep 19 17:57:09 ns-b named[4206]: binding TCP socket: address in use
Sep 19 17:57:09 ns-b named[4206]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 19 17:57:09 ns-b named[4206]: binding TCP socket: address in use
Sep 19 17:57:09 ns-b named[4206]: listening on IPv4 interface eth0, 192.168.1.3#53
Sep 19 17:57:09 ns-b named[4206]: binding TCP socket: address in use
Sep 19 17:57:09 ns-b named[4206]: command channel listening on 192.168.1.3#953
Sep 19 17:57:09 ns-b named[4206]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records
Sep 19 17:57:09 ns-b named[4206]: zone 1.168.192.in-addr.arpa/IN: has no NS records
Sep 19 17:57:09 ns-b named[4206]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: zone integra.lan/IN: has 0 SOA records
Sep 19 17:57:09 ns-b named[4206]: zone integra.lan/IN: has no NS records
Sep 19 17:57:09 ns-b named[4206]: zone localhost/IN: loaded serial 1
Sep 19 17:57:09 ns-b named[4206]: running
Sep 19 17:57:09 ns-b named[4206]: zone integra.lan/IN: Transfer started.
Sep 19 17:57:09 ns-b named[4206]: transfer of 'integra.lan/IN' from 192.168.1.2#53: connected using 192.168.1.3#4216
Sep 19 17:57:09 ns-b named[4206]: transfer of 'integra.lan/IN' from 192.168.1.2#53: failed while receiving responses: NOTAUTH
Sep 19 17:57:09 ns-b named[4206]: transfer of 'integra.lan/IN' from 192.168.1.2#53: end of transfer
Sep 19 17:57:10 ns-b named[4206]: zone 1.168.192.in-addr.arpa/IN: Transfer started.
Sep 19 17:57:10 ns-b named[4206]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.2#53: connected using 192.168.1.3#4351
Sep 19 17:57:10 ns-b named[4206]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.2#53: failed while receiving responses: NOTAUTH
Sep 19 17:57:10 ns-b named[4206]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.2#53: end of transfer

The following is the named.conf for ns-a

// This is the primary configuration file for the BIND DNS server named.

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/integra.key";

controls {
inet 192.168.1.2 port 953 allow { 192.168.1.3; 127.0.0.1; } keys { integrakey; };
};

server 192.168.1.3 {
keys {
integrakey;
};
};

and named.conf from ns-b

// This is the primary configuration file for the BIND DNS server named.

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/integra.key";

controls {
inet 192.168.1.3 port 953 allow { 192.168.1.2; 127.0.0.1; } keys { integrakey; };
};

server 192.168.1.2 {
keys {
integrakey;
};
};

The key file integra.key is the same on both master and slave:

key integrakey {
algorithm hmac-md5;
secret "lMPtoMy5ve4gvMr3wfFGSg==";
};

The ns-a named.conf.local is

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "integra.lan" {
type master;
file "/etc/bind/zones/master/integra.lan.hosts";
allow-transfer { key integrakey; };
notify yes;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/master/192.168.1.rev";
allow-transfer { key integrakey; };
notify yes;
};

The ns-b named.conf.local is

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "integra.lan" {
type slave;
masters {
192.168.1.2;
};
allow-notify {
192.168.1.2;
};
file "/etc/bind/zones/slave/integra.lan.hosts";
};
zone "1.168.192.in-addr.arpa" {
type slave;
masters {
192.168.1.2;
};
allow-notify {
192.168.1.2;
};
file "/etc/bind/zones/slave/192.168.1.rev";
};

The ns-a named.conf.options is

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
dnssec-enable yes;
forwarders {
212.0.97.81;
212.0.97.82;
};
};

The ns-b named.conf.options is

options {
directory "/var/cache/bind";

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
dnssec-enable yes;
};

I would appreciate and help that anyone may be able to offer or suggest.
Thank you very much in advance

Mr. C. · 09-20-2008, 09:12 PM

See if this thread helps:

http://www.linuxquestions.org/questi...ht=bind+update