Can’t tell anything from a log snippet and incomplete config. Use named -px to
provide more complete but sanitized configuration file and look what is
happening when the zone is loaded on primary. You sent a log that confirms what
you are saying - the primary is not serving the zone, but you need to look
closely when named starts why the zone isn’t loaded.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 10. 2023, at 19:26, William D. Colburn <wcolb...@nrao.edu> wrote:
>
>
> One of my zones doesn't work anymore. It is an external view for
> aoc.nrao.edu. The master, zia.aoc.nrao.edu can't server it, and the two
> slaves are showing an old zone from September 20th.
>
> I see this in the logs. Is this a helpful clue? I don't see anything else
> in the logs that looks helpful, but there are a lot of logs...
>
> 05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879
> (aoc.nrao.edu): view external: query: aoc.nrao.edu IN SOA +E(0)K (146.88.1.4)
> 05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879
> (aoc.nrao.edu): view external: query failed (zone not loaded) for
> aoc.nrao.edu/IN/SOA at query.c:5565
>
> The server is running bind 9.16.43.
>
> The start of the zone looks correct to me.
>
> $ORIGIN .
> $TTL 86400
> aoc.nrao.edu IN SOA zia.aoc.nrao.edu. tech.nrao.edu. (
> 2023100503 ; serial
> 10800 ; refresh (3 hours)
> 3600 ; retry (1 hour)
> 3600000 ; expire (5 weeks 6 days 16 hours)
> 3600 ; minimum (1 hour)
> )
> NS cv3.cv.nrao.edu.
> NS zia.aoc.nrao.edu.
> NS sadira.gb.nrao.edu.
> A 146.88.1.4
> MX 9 revere-vml.aoc.nrao.edu.
> MX 30 cv3.cv.nrao.edu.
> MX 30 io.gb.nrao.edu.
> $TTL 300
> TXT "v=spf1 mx ~all"
> $TTL 86400
> $ORIGIN aoc.nrao.edu.
> zia A 146.88.1.4
> MX 10 dropbox
> MX 15 revere-vml
> dns CNAME zia
> info CNAME zia
> [...]
>
> The .conf looks somewhat like this:
>
> # Domain aoc.nrao.edu INTERNAL
> zone "aoc.nrao.edu" {
> type master;
> file "internal/master/aoc.nrao.edu";
> allow-query {
> any;
> };
> allow-transfer {
> trusted;
> nrao-public-ns;
> nrao-stealth-ns;
> };
> also-notify { # An ACL doesnt work here! GRRR!
> [various things]
> };
> allow-update {
> 146.88.1.4; # Making sure of nsupdate on zia
> 127.0.0.1;
> };
> };
>
>
> I did a restore from the backups a few weeks ago, and I didn't see anything
> weird there either.
>
>
>
> --Schlake
> Sysadmin IV, NRAO
> Work: 575-835-7281 (BACK IN THE OFFICE!)
> Cell: 575-517-5668 (out of work hours)
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
