bind not getting out of my LAN?
If I try to check my dns from inside my LAN (on either ns1 or ns2), everything
seems fine:
# dig webmail.covisp.net | grep -A1 ";; ANSWER" | tail -1
webmail.covisp.net. 86400 IN CNAME www.covisp.net.
# dig www.covisp.net | grep -A1 ";; ANSWER" | tail -1
www.covisp.net. 86400 IN A 75.148.117.90
# dig @ns1.covisp.net mail.covisp.net | grep -A1 ";; ANSWER" | tail -1
mail.covisp.net.86400 IN A 75.148.117.91
But If I try to use an external server:
# dig @8.8.8.8 mail.covisp.net
; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 mail.covisp.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10140
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.covisp.net. IN A
;; Query time: 4085 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 18 08:36:34 2013
;; MSG SIZE rcvd: 33
# dig @75.75.75.75 mail.covisp.net
; <<>> DiG 9.8.3-P1 <<>> @75.75.75.75 mail.covisp.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Here's the top of my named.conf:
options {
directory "/etc/namedb";
pid-file"/var/run/named/pid";
listen-on { 75.148.117.93; 75.148.117.91; 127.0.0.1; };
statistics-file "/var/stats/named.stats";
dnssec-enable yes;
dnssec-validation yes;
};
key "rndc-key" { algorithm hmac-md5; secret "keykeykey="; };
controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; }; };
managed-keys {
"." initial-key 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
};
zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; };
zone "." { type hint; file "slave/root-nameservers"; };
--
The older you get the more you need the people you knew when you were
young.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: bind not getting out of my LAN?
On 18.08.13 08:44, LuKreme wrote: If I try to check my dns from inside my LAN (on either ns1 or ns2), everything seems fine: But If I try to use an external server: # dig @8.8.8.8 mail.covisp.net ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10140 # dig @75.75.75.75 mail.covisp.net ;; connection timed out; no servers could be reached no answers come from your namesevrers, 75.148.117.92 nor 75.148.117.93. no servers can resolve yopur domain if your nameservers do not respond. they do not seem to be reachable from internet. Are they behind firewall that blocks DNS? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind not getting out of my LAN?
On 18 Aug 2013, at 08:59 , Matus UHLAR - fantomas wrote: > no answers come from your namesevrers, 75.148.117.92 nor 75.148.117.93. > > no servers can resolve yopur domain if your nameservers do not respond. > > they do not seem to be reachable from internet. Are they behind firewall > that blocks DNS? As it turned out, the NSP stopped routing for .92 and .93 (but not for .90 or .91). Had to go reset their hardware and then everything worked, so nothing to do with bind. -- Growing up leads to growing old, and then to dying/And dying to me don't sound like all that much fun. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind99 and a slave named server
On 17 Aug 2013, at 09:02 , Alan Clegg wrote: > On Aug 17, 2013, at 5:12 AM, LuKreme wrote: >> On Aug 16, 2013, at 23:28, Noel Butler wrote: >>> I'm still trying to work out what the hell bind99 is >> <:).png> >> Sorry, that is how ports refers to bind 9.9 > > Thanks for that, but any word on the actual error messages? Since I converted the slave to a second master I don't have any errors. What I was looking for was a writeup on setting a master and slave up specifically under bind 9.9, since it seem different. Since it is all working, what I am looking for now is "how to convert you master bind server to a slave". I am finding a few on going the other way (slave to master) but almost all of them are for older versions of bind9. -- 'You make us want what we can't have and what you give us is worth nothing and what you take is everything and all there is left for us is the cold hillside, and emptiness, and the laughter of the elves.' ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind99 and a slave named server
On 2013-08-18 10:39, LuKreme wrote: Since it is all working, what I am looking for now is "how to convert you master bind server to a slave". Change the zones from master to slave in your named.conf? There really isn't much more to it than that, assuming you have a new authoritative master is already configured and serving the zones. Watch the logs for any errors indicating that your former-master-now-slave has newer versions of zones than the new-master, as this might indicate errors, but outside of that, the fact that a server used to be a master makes very little difference. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind99 and a slave named server
On 18/08/13 22:06, Dave Warren wrote: > On 2013-08-18 10:39, LuKreme wrote: >> Since it is all working, what I am looking for now is "how to convert >> you master bind server to a slave". > > Change the zones from master to slave in your named.conf? There really > isn't much more to it than that, assuming you have a new authoritative > master is already configured and serving the zones. > > Watch the logs for any errors indicating that your > former-master-now-slave has newer versions of zones than the > new-master, as this might indicate errors, but outside of that, the > fact that a server used to be a master makes very little difference. Also look at permissions etc. The new master needs to be told that the master-turned-to-slave is allowed to axfr and the new slave must know who to look for as the master. You need to consider whether you will be happy with the new binary file format at the slave or you need to specify the text format. -- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!" ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind99 and a slave named server
On 18 Aug 2013, at 14:06 , Dave Warren wrote: > Change the zones from master to slave in your named.conf? There really isn't > much more to it than that, assuming you have a new authoritative master is > already configured and serving the zones. Oh, there's a bit more to it than that. There's allow transfer or something and notify and text or binary (I want text). Keep in mind, the reason I am running two masters right now is that the slave was not working. -- "There's nothin' wrong with bein' a son of a bitch." -- Gaspode the Wonder Dog ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind99 and a slave named server
On 2013-08-18 16:36, LuKreme wrote: On 18 Aug 2013, at 14:06 , Dave Warren wrote: Change the zones from master to slave in your named.conf? There really isn't much more to it than that, assuming you have a new authoritative master is already configured and serving the zones. Oh, there's a bit more to it than that. There's allow transfer or something and notify and text or binary (I want text). Sure, I'm presuming you're already technically capable to run a master/slave configuration. These aren't special steps for moving from a master to a slave configuration, just part of "setting up a slave" like any other slave server. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind99 and a slave named server
On Sun, 2013-08-18 at 17:36 -0600, LuKreme wrote: > On 18 Aug 2013, at 14:06 , Dave Warren wrote: > > > Change the zones from master to slave in your named.conf? There really > > isn't much more to it than that, assuming you have a new authoritative > > master is already configured and serving the zones. > > Oh, there's a bit more to it than that. There's allow transfer or something > and notify and text or binary (I want text). > > Keep in mind, the reason I am running two masters right now is that the slave > was not working. > As has been said already, there is really very little to it, and unless you sent it to Alan off-list, you still have _NOT_ provided the error logs after being asked by more than one person. There is NOTHING we can do until such time as you provide this information, until then, we, and you, are wasting our time, because we are not about to get into guessing games. Furthermore, unless I missed it, you also have not provided any config examples that you are using, I dunno about where you are, but here today it is 4 octas overcast, so ESP is having a very bad day trying to work. signature.asc Description: This is a digitally signed message part ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
