[SOLVED] DNS master/slave relationship not functioning as expected

simon@tpmcomm.com · 01-17-2014, 03:00 PM

Hello,

We have here what appears to be a master/slave set up.

The master is inside our network. It is also a slave to another master inside our network. It is a master to external domains.

ns1.domain.com and ns2.domain.com appear to resolve correctly from outside. I can do nslookups and get responses direct from both ns1 and ns2 outside. However, when I stop bind service on ns1, email stops functioning and domains stop resolving, both inside our network and out.

zone updates appear to work fine. I can still query ns2 when ns1 is down successfully.

section of named.conf on master

view "External_Hosts" {
match-clients {
any;
};
recursion no;
zone "domain.com" {
type master;
file "/var/named/domain.com.External_Hosts.hosts";
notify yes;
};
zone "domain2.com" {
type master;
file "/var/named/domain2.com.External_Hosts.hosts";
};
};
server 50.57.222.x {
};

===========
section of named.conf on slave

zone "tpmcomm.com" IN {
type slave;
masters { 68.179.104.x; };
file "slaves/domain.com.hosts";
allow-transfer { any; };
allow-query { any; };

============

I'm unsure of how to proceed. I don't have error logs; and I haven't had a chance to recreate the problem to gather them (it has to be done outside of business hours)

It appears to me that zone changes propagate, ns1 and ns2 records are correctly set up, and both ns1 and ns2 resolve lookups when queried directly. Why is it that I lose DNS functionality when ns1 goes down? Feedback appreciated,

bathory · 01-17-2014, 03:35 PM

Quote:

However, when I stop bind service on ns1, email stops functioning and domains stop resolving, both inside our network and out.

zone updates appear to work fine. I can still query ns2 when ns1 is down successfully.

Check /etc/resolv.conf of the failing hosts and make sure it contains the IP of the second nameserver.

Regards

simon@tpmcomm.com · 01-17-2014, 03:46 PM

well eg. with gmail, nobody can send/recv email. The domain records have ns1 and ns2 set correctly. but when ns1 is down, no one can send email; even people outside. Those people should be able to use gmail, regardless of the status of our master dns server.

bathory · 01-18-2014, 02:44 AM

Quote:

Originally Posted by simon@tpmcomm.com

well eg. with gmail, nobody can send/recv email. The domain records have ns1 and ns2 set correctly. but when ns1 is down, no one can send email; even people outside. Those people should be able to use gmail, regardless of the status of our master dns server.

Regarding sending mail, check the clients dns settings to see if they are using ns2 along with ns1. For linux clients this is done in /etc/resolv.conf.
For receiving mail from outside, check you domain dns here,. Also make sure there is no firewall in ns2 blocking port 53 udp/tcp

simon@tpmcomm.com · 01-20-2014, 12:11 PM

Hello,

your link to intodns.com helped me to identify that the Glue records from the parent zone were different from the records in my name servers. I found that there was an option to set dns records in my domain registrar; so I updated the name server entries originally, but did not update the ip address they resolved to (according to domain registrar records). I've done this now, and although I haven't had a chance to test, it would explain my issues and I'm reasonably confident my issues are resolved. Additionally the SOA MNAME in my DNS server was not set to the name of the primary name server.

Thanks so much for your help,