Hello ,

I have configured master and slave Bind servers. Everything works fine . But whenever I add a new zone entry at master server it is not getting updated at slave server in logs I see this error
client 192.168.1.1#43428: view external: received notify for zone 'yourdomainname.com': not authoritative

At master server I do not see any error or warning message.

This error clearly indicates that named.conf file does not have zone entry in it or domain name is wrong. While checking the named.conf file I see that the zone entry has not been updated at slave server.
If I update it manually and reload named on slave then zone files (db files) are getting created without any issue and any modification at master server for the zone records are also getting updated.

My concern is why zone record is not getting appended at slave server in named.conf file.

Is there anything I am missing in the configuration.


I am pasting the steps which I have followed to configure my master and slave server

================================================================
Configure Bind as master and slave server
Install Bind on your server
yum install bind
OR
sudu apt-get install bind9
Generate RNDC Key using the command
rndc-confgen -a -k rndc-key
it will stored in /etc/rndc-key file
Master Server IP 192.168.0.1
Slave Server IP 192.168.1.1
Master Server Configuration
========================
options
{
query-source port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-transfer { 192.168.1.1; }; # this ip address is for ns2 server so ns1 will transfer all zones to ns2
allow-notify { trusted; };
allow-recursion { trusted; };
};
//### added rndc-key into named.conf ###
key "rndc-key" {
algorithm hmac-md5;
secret "ceGhT/EC/dmxTPChlxmBMw==";
};
acl "trusted" {
192.168.1.1; // IP address of the slave name server
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1;192.168.1.1; } keys { "rndc-key"; };
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
allow-query-cache { any; };
// Disable lookups for any cached data and root hints
zone "yourdomainname.com" in {
allow-transfer { 192.168.1.1; };
type master;
file "/var/named/yourdomainname.com.db";
};
};
Slave Server Configuration
==================
options
{
// Those options should be used carefully because they disable port
// randomization
//query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-transfer { 192.168.0.1; }; # this ip address is ns1 ip address
transfer-format many-answers;
notify no;
//allow-recursion { trusted; };
recursion no;
};
key "rndc-key" {
algorithm hmac-md5;
secret "ceGhT/EC/dmxTPChlxmBMw==";
};
acl "trusted" {
192.168.0.1;192.168.1.1;127.0.0.1; // IP address of the name servers
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1;192.168.0.1; } keys { "rndc-key"; };
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
allow-query-cache { any; };
// Disable lookups for any cached data and root hints
// all views must contain the root hints zone:
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "yourdomainname.com" in {
type slave;
file "/var/named/yourdomainname.com.db";
masters {192.168.0.1;};
allow-transfer { 192.168.0.1;};
};
};
================================================================

Hi,

You don't need the "allow-transfer" directives in the secondary named.conf, as well as the "transfer-format". Looks like the slave gets a notify from itself (192.168.1.1).
Also check the spelling of the domain name, in the slave.

Regards

I have removed allow-trasnfer and transfer-format from the slave named.conf file still getting the same error .

Regarding you said check the domain name spelling that is what my problem is where do I check in master server or slave ?
1) Why do I check it on slave server? If I am updating it at master server so zone record should get updated at slave , zone record and zone entry in named.conf file why do I need to update it at slave server manully everytime.

2)I have added the correct domain name at master server there is no chance of mistake, however if the spelling is wrong or whatever at master server and I am adding a new zone record and db file at master it should get synced/updated at slave .

I've told you to check the domain name in slave for a typo or something, because it gets a notify for that domain and it complains it's not authoritative for.
You didn't post the master zone file, so I can only assume that you have both NS records stating you nameservers along with their A records.

Thank you for your reply . I am sorry but it seems that you have not understand the actual issue which I am facing.

If you read my first post then I have already mentioned that I understand why this error is getting reported at slave server log file.


I said =>

I am adding a new zone entry in named.conf at master server and creating a zone record file at master server not at the slave server first of all.
Once I have done it I am reloading/restarting the named at master server, and have not touched slave server at all so far . Now what I want is zone entry should get appended in named.conf file at slave server and zone record file should get created at slave server. Hope I am making myself clear this time.

Neither the zone entry in slave server getting appended nor zone record file is getting created at slave server.

If I edit the slave server named.conf file manually and add the zone entry for new domain in named.conf (at slave server) and reload the named then zone record file is getting created and after this any changes made in master server in the zone record of the new domain are also getting updated at slave server.

There is no question of spelling mistake or zone record mismatch at slave server. What I want is when I add new domain zone entry in the named.conf file at master server and create a zone record file at master server (till this process I am not touching the slave server at all) and reload/restart the named then zone entry should get appended at slave and zone file must get created at slave server.

However this not happening till I add the zone entry in the named.conf file at slave server manually .

Here is the zone file of the domain
; Zone file for domain2.com
$TTL 86400
domain2.com. IN SOA ns1.domain1.com. admin (
2011021900 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

domain2.com. IN NS ns1.domain1.com. #ns1 is pointing to master server 192.168.0.1
domain2.com. IN NS ns2.domain1.com. #ns2 is pointing to slave server 192.168.1.1

domain2.com. IN A 192.168.3.200
www IN CNAME domain2.com.
mail IN A 192.168.3.200
domain2.com. IN MX 10 mail.domain2.com.


zone entry in named.conf file at master server
zone "domain2.com" in {
allow-transfer { 192.168.1.1; };
type master;
file "/var/named/domain2.com.db";
};


Thank you

You're expecting this slave to pick up the entire zone config and update it's own configuration? That's, unless i'm missing something, an awful thing to want to happen. It would present all sorts of security issues, and also could not adequately provide enough information for the slave anyway. Where would the zone file go, for starters?

You can't have a model where you allow a remote system to tell you that it is important and you should do whatever it says. What if it's lying?

Thanks for reply. Got it . Means it can not be updated at slave while reloading/restarting named at master . I need to update zone entry at slave server named.conf file manually . I will check if I can automate the job using some script .

Thanks.

When adding new zones, I've always edited both master and slave's named.conf. Then add the zone file on the master. Then reload named.conf on both servers and the zone file will be transfered automatically.