Hi Steve,
Do you have rndc key running on your bind?
--
Paul Ooi
On 05-Jan-2011, at 8:43 AM, Steve Zeng wrote:
> We have a BIND DNS master and Windows DNS slave running for a while. I
> recently configured a second DNS slave running on Linux/Centos. When I
> stop/start the second DNS slave. It gets all zone files correctly. However,
> it does not get update when I make a zone file modification and increased the
> sn on the master. The odd thing is, I don’t see any xfer-out log in the
> master(I do see the xfer-out log for the windows DNS slave, though). Googling
> around and search BIND maillist archive does not get much clue either… any
> hint is greatly appreciated..
>
> BIND MASTER(bind-9.3.1-20.FC4):
> ============================
> options { # this
> section sets the default options
> directory "/var/named"; # directory where the zone
> files will reside
> listen-on {
> A.A.A.A; # public IP
> address of the local interface to listen
> 192.168.100.204; # private IP address
> of the local interface to listen
> 192.168.101.204;
> };
> auth-nxdomain no; # conform to RFC1035
> notify yes; # enable AA
> notifies
> allow-notify { none; };
> allow-query { any; }; # allow anyone to issue
> queries
> recursion no; # disallow
> recursive queries unless over-ridden below
> version "0"; # obscures
> version reporting - can't hurt
> zone-statistics yes;
> statistics-file
> "/var/named/statistics/named_stats.txt";
> };
>
> logging{
> channel simple_log {
> file "log/bind.log" versions 3 size 50m;
> severity info;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> category default{
> simple_log;
> };
> };
>
> view "office" {
> match-clients { office_networks; }; # match hosts in acl
> "office_networks" above
> recursion yes; # allow recursive queries
> notify-source * port 53;
> allow-transfer { B.B.B.0/24; C.C.C.0/24};
> also-notify {
> B.B.B.B; # public IP of first
> DNS slave(windows DNS)
> C.C.C.C; # public IP of second
> DNS slave(Linux BIND DNS)
> };
> zone "mydomain.com" in {
> type master;
> file "office/mydomain.com.zone";
> };
> };
>
> BIND SLAVE(bind-9.3.6-4.P1.el5_5.3):
> ================================
> options
> {
> // Those options should be used carefully because they disable port
> // randomization
> // query-source port 53;
> // query-source-v6 port 53;
>
> // Put files that named is allowed to write in the data/ directory:
> directory "/var/named"; // the default
> dump-file "data/cache_dump.db";
> statistics-file "data/named_stats.txt";
> memstatistics-file "data/named_mem_stats.txt";
> allow-notify
> {
> A.A.A.A; # # public IP of master
> };
> };
>
> logging
> {
> /* If you want to enable debugging, eg. using the 'rndc trace' command,
> * named will try to write the 'named.run' file in the $directory
> (/var/named).
> * By default, SELinux policy does not allow named to modify the
> /var/named directory,
> * so put the default debug log file in data/ :
> */
> channel default_debug {
> file "data/named.run";
> // severity dynamic;
> severity info;
> };
> };
>
> view "office"
> {
> /* This view will contain zones you want to serve only to "internal" clients
> that connect via your directly attached LAN interfaces - "localnets" .
> */
> match-clients { localnets; };
> recursion yes;
>
> // all views must contain the root hints zone:
> include "/etc/named.root.hints";
>
> include "/etc/named.rfc1912.zones";
> // you should not serve your rfc1912 names to non-localhost clients.
>
> // These are your "authoritative" internal zones, and would probably
> // also be included in the "localhost_resolver" view above :
> zone " mydomain.com" {
> type slave;
> file "slaves/ mydomain.com.zone";
> masters {
> /* put master nameserver IPs here */
> A.A.A.A;
> } ;
> };
> };
>
>
> Thanks,
>
> Steve
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
