LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Nameserver Non-Authoritative after Views Implementation
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-14-2013, 01:59 PM   #1
buee
Member
 
Registered: May 2009
Posts: 81

Rep: Reputation: 16
Nameserver Non-Authoritative after Views Implementation

First, let me say that I'm relatively new to setting up BIND, I get the concept, but this is the first time ever setting up authoritative servers.

My end game is this, to be able to host the namespace for multiple domains. I've gotten this to work. However, now I've moved on to part two of my headache and that's serving internal subdomains to internal users while leaving the public stuff on (hopefully) a separate zone. For example, I want:

Code:
cameras.test.com -> 192.168.1.15
management.test.com -> 192.168.1.26
web.test.com -> 42.245.212.55
email.test.com -> 42.245.212.60
From what I've read, I need to set up views. Specify an "internal" view for the private domains and an "external" view for the public domains.

The problem I'm having is that I have the views setup, dropped items where I believe they're supposed to go, and then all of the sudden, transfers to the slave stop. On the slave, I get:

Code:
May 14 13:45:34 ns2 named[3270]: client 192.168.1.188#22604: view internal: received notify for zone 'test.com': TSIG 'transfer': not authoritative
No matter what I do, that's what comes up. All I did, from a confirmed working system, is add views and place zones in those views.

Unfortunately, I had to do all this with Webmin as my company has a firm policy that no one person can be the keeper of procedures so it has to be relatively user friendly.

Here's my named.conf.local:

Code:
view "internal" {
        match-clients {
                192.168.1.0/24;
                };
        recursion yes;
        also-notify {
                192.168.1.199;
                };
        zone "0.in-addr.arpa" {
                type master;
                file "/etc/bind/db.0";
                };
        zone "127.in-addr.arpa" {
                type master;
                file "/etc/bind/db.127";
                };
        zone "255.in-addr.arpa" {
                type master;
                file "/etc/bind/db.255";
                };
        zone "localhost" {
                type master;
                file "/etc/bind/db.local";
                };
        zone "." {
                type hint;
                file "/etc/bind/db.root.internal";
                };
        zone "test.com" {
                type master;
                file "/var/lib/bind/test.com.internal.hosts";
                also-notify {
                        192.168.1.199;
                        };
                };
        };
view "external" {
        recursion no;
        allow-transfer { 192.168.1.199; };
        also-notify {
                192.168.1.199;
                };
        zone "publicdomain.org" {
                type master;
                file "/var/lib/bind/publicdomain.org.hosts";
                also-notify {
                        192.168.1.199;
                        };
                notify yes;
                };
        zone "212.245.42.in-addr.arpa" {
                type master;
                file "/var/lib/bind/42.245.212.rev";
                also-notify {
                        192.168.1.199;
                        };
                };
        zone "." {
                type hint;
                file "/etc/bind/db.root";
                };
        };
And here's the test.com zone file:
Code:
$ttl 38400
test.com.       IN      SOA     ns1.test.com admin.lrcommunication.com. (
                        1368556740
                        10800
                        3600
                        604800
                        38400 )
test.com.       IN      NS      ns1.test.
transfer.test.com.      IN      A       192.168.1.4
I'm probably very wrong in this, but doesn't the SOA in the zone file indicate that it's authoritative? So I call upon the BIND gutus for help.
Last edited by buee; 05-14-2013 at 03:49 PM.
 
Old 05-14-2013, 04:29 PM   #2
siremaxus
Member
 
Registered: May 2013
Posts: 75

Rep: Reputation: Disabled
Hi,

Here is your problem, SOA refers to "ns1.test.com" but the NS option says: "ns1.test.", besides you have not registered the IP for the ns host.
those two lines should be:
Code:
$ttl 38400
test.com.       IN      SOA     ns1.test.com. admin.lrcommunication.com. (
                        1368556740
                        10800
                        3600
                        604800
                        38400 )
test.com.       IN      NS      ns1.test.com.
ns      IN      A       192.168.1.4
also, note the dots after ns1.test.com at the SOA line and the NS line.

Quote:
Originally Posted by buee View Post
And here's the test.com zone file:
Code:
$ttl 38400
test.com.       IN      SOA     ns1.test.com admin.lrcommunication.com. (
                        1368556740
                        10800
                        3600
                        604800
                        38400 )
test.com.       IN      NS      ns1.test.
transfer.test.com.      IN      A       192.168.1.4
I'm probably very wrong in this, but doesn't the SOA in the zone file indicate that it's authoritative? So I call upon the BIND gutus for help.
Good Luck

Sire Maxus
 
Old 05-15-2013, 10:23 AM   #3
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Ok, I was trying to keep info off the internet, but that's clearly not going to work. Let's try the domain that's actually in production where I do have the hosts set up in my registrar. lrcomm.org. For the record, the test.com domain is now working fine. I completely removed all references to the domain and re-added them and transfers are working ok, that was my little test and I obviously do not own the domain, hence the lack of host records that you could see. I did the same thing with the lrcomm.org domain and was not as lucky. I also went through and did side by side comparisons of every config file for both zones, the confirmed working test.com vs. the lrcomm.org and could not find a difference. It's also worth noting that my reverse zone for the 199 network is also throwing the same error that the server that the slave received its notify from is not authoritative.

The ns1.lrcomm.org is internally at 192.168.168.188 (public 199.36.211.10) and ns2 is 192.168.168.199 (public 199.36.211.11), TCP & UDP ports 53 are forwarded properly as you can see by `dig lrcomm.org` or `dig @199.36.211.10 lrcomm.org`. Heck, try `dig @199.36.211.10 test.com`. But obviously, if you try to dig against the .11 address, nothing returns because the zones won't transfer.

Here's the fully disclosed named.conf.local from the master:

Code:
view "internal" {
        recursion yes;
        also-notify {
                192.168.168.199;
                };
        zone "0.in-addr.arpa" {
                type master;
                file "/etc/bind/db.0";
                };
        zone "127.in-addr.arpa" {
                type master;
                file "/etc/bind/db.127";
                };
        zone "255.in-addr.arpa" {
                type master;
                file "/etc/bind/db.255";
                };
        zone "localhost" {
                type master;
                file "/etc/bind/db.local";
                };
        zone "." {
                type hint;
                file "/etc/bind/db.root.internal";
                };
        zone "test.com" {
                type master;
                file "/var/lib/bind/test.com.internal.hosts";
                also-notify {
                        192.168.168.199;
                        };
                notify yes;
                };
        match-clients {
                192.168.168.0/24;
                };
        };
view "external" {
        recursion no;
        also-notify {
                192.168.168.199;
                };
        zone "211.36.199.in-addr.arpa" {
                type master;
                file "/var/lib/bind/199.36.211.rev";
                also-notify {
                        192.168.168.199;
                        };
                };
        zone "." {
                type hint;
                file "/etc/bind/db.root";
                };
        zone "lrcomm.org" {
                type master;
                file "/var/lib/bind/lrcomm.org.external.hosts";
                };
        match-clients { "any"; };
        };
And the slave's named.conf.local:
Code:
view "internal" {
        recursion yes;
        allow-notify {
                192.168.168.188;
                };
        zone "127.in-addr.arpa" {
                type master;
                file "/etc/bind/db.127";
                };
        zone "localhost" {
                type master;
                file "/etc/bind/db.local";
                };
        zone "0.in-addr.arpa" {
                type master;
                file "/etc/bind/db.0";
                };
        zone "255.in-addr.arpa" {
                type master;
                file "/etc/bind/db.255";
                };
        zone "." {
                type hint;
                file "/etc/bind/db.root.internal";
                };
        zone "test.com" {
                type slave;
                masters {
                        192.168.168.188;
                        };
                file "/var/lib/bind/test.com.internal.hosts";
                };
        match-clients {
                192.168.168.0/24;
                };
        };

view "external" {
        recursion no;
        allow-notify {
                192.168.168.188;
                };
        zone "211.36.199.in-addr.arpa" {
                type slave;
                masters {
                        192.168.168.188;
                        };
                file "/var/lib/bind/199.36.211.rev";
                };
        zone "." {
                type hint;
                file "/etc/bind/db.root";
                };
        zone "lrcomm.org" {
                type slave;
                masters {
                        192.168.168.188;
                        };
                file "/var/lib/bind/lrcomm.org.external.hosts";
                };
        };
And the zone file for lrcomm.org:
Code:
root@ns1:/etc/bind# cat /var/lib/bind/lrcomm.org.internal.hosts
$ttl 38400
lrcomm.org.     IN      SOA     ns1.lrcomm.org. admin.lrcommunication.com. (
                        1368566773
                        10800
                        3600
                        604800
                        38400 )
lrcomm.org.     IN      NS      ns1.lrcomm.org.
ns1.lrcomm.org. IN      A       199.36.211.10
test.lrcomm.org.        IN      A       199.36.211.5
ns2.lrcomm.org. IN      A       199.36.211.11
matt.lrcomm.org.        IN      A       192.168.168.5
lrcomm.org.     IN      NS      ns2.lrcomm.org.
I've tried swapping master IP addresses in the slave for private, public, even domain name, and it doesn't seem to matter.
Last edited by buee; 05-15-2013 at 12:55 PM.
 
Old 05-15-2013, 02:20 PM   #4
siremaxus
Member
 
Registered: May 2013
Posts: 75

Rep: Reputation: Disabled
Hello,

If you need to transfer zones, you have to add this line to the master zone :
allow-transfer { 199.36.211.11; };

So the zone looks like this
Code:
zone "lrcomm.org" {
                type master;
                file "/var/lib/bind/lrcomm.org.external.hosts";
                allow-transfer { 199.36.211.11; };
                };
check if that solves your problem,

Good Luck

Sire Maxus
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant make views in latest Bind 9.8.2 all zones must be in views [FAILED] rajshardel Linux - Newbie 3 08-05-2012 03:57 AM
No Nameserver found - Nameserver (DNS) failure EPS Linux - Networking 10 01-14-2012 08:11 AM
LXer: Drupal 6: Attachment Views, Page Views, and Theming LXer Syndicated Linux News 0 02-25-2010 11:40 PM
[SOLVED] bind caching nameserver: views/firewalling (RHEL5/CentOS5) deadeyes Linux - Server 4 10-15-2009 09:52 AM
authoritative namserver as resolving nameserver? doublefailure Linux - Networking 1 10-02-2003 03:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:37 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration