bind slave not get DNS update
We have a BIND DNS master and Windows DNS slave running for a while. I recently
configured a second DNS slave running on Linux/Centos. When I stop/start the
second DNS slave. It gets all zone files correctly. However, it does not get
update when I make a zone file modification and increased the sn on the master.
The odd thing is, I don't see any xfer-out log in the master(I do see the
xfer-out log for the windows DNS slave, though). Googling around and search
BIND maillist archive does not get much clue either... any hint is greatly
appreciated..
BIND MASTER(bind-9.3.1-20.FC4):
options {# this section
sets the default options
directory "/var/named"; # directory where the zone
files will reside
listen-on {
A.A.A.A; # public IP
address of the local interface to listen
192.168.100.204; # private IP address
of the local interface to listen
192.168.101.204;
};
auth-nxdomain no; # conform to RFC1035
notify yes;# enable AA
notifies
allow-notify { none; };
allow-query { any; }; # allow anyone to issue
queries
recursion no; # disallow
recursive queries unless over-ridden below
version "0"; # obscures
version reporting - can't hurt
zone-statistics yes;
statistics-file
"/var/named/statistics/named_stats.txt";
};
logging{
channel simple_log {
file "log/bind.log" versions 3 size 50m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};
view "office" {
match-clients { office_networks; }; # match hosts in acl
"office_networks" above
recursion yes; # allow recursive queries
notify-source * port 53;
allow-transfer { B.B.B.0/24; C.C.C.0/24};
also-notify {
B.B.B.B;# public IP of first
DNS slave(windows DNS)
C.C.C.C;# public IP of second
DNS slave(Linux BIND DNS)
};
zone "mydomain.com" in {
type master;
file "office/mydomain.com.zone";
};
};
BIND SLAVE(bind-9.3.6-4.P1.el5_5.3):
options
{
// Those options should be used carefully because they disable port
// randomization
// query-sourceport 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-notify
{
A.A.A.A; # # public IP of master
};
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory
(/var/named).
* By default, SELinux policy does not allow named to modify the
/var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
// severity dynamic;
severity info;
};
};
view "office"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
zone " mydomain.com" {
type slave;
file "slaves/ mydomain.com.zone";
masters {
/* put master nameserver IPs here */
A.A.A.A;
} ;
};
};
Thanks,
Steve
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: bind slave not get DNS update
Do u mean rndc? I do have it running:
tcp0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 8341/named
Steve
From: Paul Ooi Cong Jen [mailto:paul...@takizo.com]
Sent: Tuesday, January 04, 2011 5:11 PM
To: Steve Zeng
Cc: bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
Hi Steve,
Do you have rndc key running on your bind?
--
Paul Ooi
On 05-Jan-2011, at 8:43 AM, Steve Zeng wrote:
We have a BIND DNS master and Windows DNS slave running for a while. I recently
configured a second DNS slave running on Linux/Centos. When I stop/start the
second DNS slave. It gets all zone files correctly. However, it does not get
update when I make a zone file modification and increased the sn on the master.
The odd thing is, I don't see any xfer-out log in the master(I do see the
xfer-out log for the windows DNS slave, though). Googling around and search
BIND maillist archive does not get much clue either. any hint is greatly
appreciated..
BIND MASTER(bind-9.3.1-20.FC4):
options { # this section
sets the default options
directory "/var/named"; # directory where the zone
files will reside
listen-on {
A.A.A.A; # public IP
address of the local interface to listen
192.168.100.204; # private IP address
of the local interface to listen
192.168.101.204;
};
auth-nxdomain no; # conform to RFC1035
notify yes; # enable AA
notifies
allow-notify { none; };
allow-query { any; }; # allow anyone to issue
queries
recursion no; # disallow
recursive queries unless over-ridden below
version "0"; # obscures
version reporting - can't hurt
zone-statistics yes;
statistics-file
"/var/named/statistics/named_stats.txt";
};
logging{
channel simple_log {
file "log/bind.log" versions 3 size 50m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};
view "office" {
match-clients { office_networks; }; # match hosts in acl
"office_networks" above
recursion yes; # allow recursive queries
notify-source * port 53;
allow-transfer { B.B.B.0/24; C.C.C.0/24};
also-notify {
B.B.B.B; # public IP of first
DNS slave(windows DNS)
C.C.C.C; # public IP of second
DNS slave(Linux BIND DNS)
};
zone "mydomain.com" in {
type master;
file "office/mydomain.com.zone";
};
};
BIND SLAVE(bind-9.3.6-4.P1.el5_5.3):
options
{
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-notify
{
A.A.A.A; # # public IP of master
};
};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory
(/var/named).
* By default, SELinux policy does not allow named to modify the
/var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
// severity dynamic;
severity info;
};
};
view "office"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritative" internal zones, and would probably
// also be included in the &
RE: bind slave not get DNS update
I don't have NS record for both of the slaves (windows DNS slave and Linux DNS
slave). I use "also-notify" and it works for Windows DNS slave. But not for
BIND/Linux.
also-notify {
B.B.B.B;# public IP of first
DNS slave(windows DNS)
C.C.C.C;# public IP of second
DNS slave(Linux BIND DNS)
};
Thanks,
Steve
-Original Message-
From: bind-users-bounces+stevez=airg@lists.isc.org
[mailto:bind-users-bounces+stevez=airg@lists.isc.org] On Behalf Of Robert
Spangler
Sent: Tuesday, January 04, 2011 5:29 PM
To: bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
On Tuesday 04 January 2011 19:43, Steve Zeng wrote:
> We have a BIND DNS master and Windows DNS slave running for a while. I
> recently configured a second DNS slave running on Linux/Centos. When I
> stop/start the second DNS slave. It gets all zone files correctly. However,
> it does not get update when I make a zone file modification and increased
> the sn on the master. The odd thing is, I don't see any xfer-out log in the
> master(I do see the xfer-out log for the windows DNS slave, though).
> Googling around and search BIND maillist archive does not get much clue
> either... any hint is greatly appreciated..
Is there an NS record in the zone files for the newly added DNS server? If
not then you are going to have to add either a Notify statement in the master
config for the new server or add it as an NS record to the zone file. This
is how the Master knows who to inform of changes.
--
Regards
Robert
Linux
The adventure of a life time.
Linux User #296285
Get Counted
http://counter.li.org/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: bind slave not get DNS update
Rndc transfer (initialized at the slave side) works fine...
Steve
-Original Message-
From: Paul Ooi Cong Jen [mailto:paul...@takizo.com]
Sent: Tuesday, January 04, 2011 6:01 PM
To: Steve Zeng
Cc: Robert Spangler; bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
Steve,
If you run rndc transfer from Linux bind, what do you see?
--
Paul Ooi
On 05-Jan-2011, at 9:50 AM, Steve Zeng wrote:
> I don't have NS record for both of the slaves (windows DNS slave and Linux
> DNS slave). I use "also-notify" and it works for Windows DNS slave. But not
> for BIND/Linux.
>
>also-notify {
>B.B.B.B;# public IP of first
> DNS slave(windows DNS)
>C.C.C.C;# public IP of second
> DNS slave(Linux BIND DNS)
>};
>
> Thanks,
>
> Steve
>
> -Original Message-
> From: bind-users-bounces+stevez=airg@lists.isc.org
> [mailto:bind-users-bounces+stevez=airg@lists.isc.org] On Behalf Of Robert
> Spangler
> Sent: Tuesday, January 04, 2011 5:29 PM
> To: bind-users@lists.isc.org
> Subject: Re: bind slave not get DNS update
>
> On Tuesday 04 January 2011 19:43, Steve Zeng wrote:
>
>> We have a BIND DNS master and Windows DNS slave running for a while. I
>> recently configured a second DNS slave running on Linux/Centos. When I
>> stop/start the second DNS slave. It gets all zone files correctly. However,
>> it does not get update when I make a zone file modification and increased
>> the sn on the master. The odd thing is, I don't see any xfer-out log in the
>> master(I do see the xfer-out log for the windows DNS slave, though).
>> Googling around and search BIND maillist archive does not get much clue
>> either... any hint is greatly appreciated..
>
> Is there an NS record in the zone files for the newly added DNS server? If
> not then you are going to have to add either a Notify statement in the master
> config for the new server or add it as an NS record to the zone file. This
> is how the Master knows who to inform of changes.
>
>
> --
>
> Regards
> Robert
>
> Linux
> The adventure of a life time.
>
> Linux User #296285
> Get Counted
> http://counter.li.org/
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: bind slave not get DNS update
Tcpdump on master(A.A.A.A) shows the following:
23:59:54.788272 IP A.A.A.A.domain > C.C.C.C.domain: 26512 notify [b2&3=0x2400]
[1a] SOA? mydomain.com. (72)
23:59:54.788898 IP C.C.C.C.domain > A.A.A.A.domain: 26512 notify Refused-
0/0/0 (26)
So it looks like master did sent notify out but refused by BIND slave
also-notify {
B.B.B.B;# public IP of first DNS
slave(windows DNS)
C.C.C.C;# public IP of second DNS
slave(Linux BIND DNS)
};
Steve
-Original Message-
From: bind-users-bounces+stevez=airg@lists.isc.org
[mailto:bind-users-bounces+stevez=airg@lists.isc.org] On Behalf Of Niall
O'Reilly
Sent: Wednesday, January 05, 2011 3:33 PM
To: bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
On 05/01/11 01:50, Steve Zeng wrote:
> I don't have NS record for both of the slaves (windows DNS slave and
> Linux DNS slave). I use "also-notify" and it works for Windows DNS
> slave. But not for BIND/Linux.
On 05/01/11 19:56, Steve Zeng wrote:
> Rndc transfer (initialized at the slave side) works fine...
Good. Manual intervention works.
I suggest you try to determine the following from your logs
on both master and (Linux) slave.
Whether the master is sending the NOTIFY.
Whether the slave is receiving the NOTIFY.
Whether the slave is acting on the NOTIFY.
That should make it clear what's not happening without
manual intervention.
Best regards,
Niall O'Reilly
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: bind slave not get DNS update
On slave, it sees the public IPs. tcpdump shows:
01:38:51.035945 IP A.A.A.A.domain > C.C.C.C.domain: 7545 notify [b2&3=0x2400]
[1a] SOA? airg.com. (72)
01:38:51.036174 IP C.C.C.C.domain > A.A.A.A.domain: 7545 notify Refused- 0/0/0
(26)
Steve
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Wednesday, January 05, 2011 5:36 PM
To: Steve Zeng
Cc: bind-users@lists.isc.org
Subject: Re: bind slave not get DNS update
In message <8b5c6f575422414aa91b46c454126b6c02666af...@exchmvs.exchange.airg>,
Steve Zeng writes:
> Tcpdump on master(A.A.A.A) shows the following:
And what source address does the slave see?
> 23:59:54.788272 IP A.A.A.A.domain > C.C.C.C.domain: 26512 notify [b2&3=0x240
> 0] [1a] SOA? mydomain.com. (72)
> 23:59:54.788898 IP C.C.C.C.domain > A.A.A.A.domain: 26512 notify Refused- 0/
> 0/0 (26)
>
> So it looks like master did sent notify out but refused by BIND slave
> also-notify {
>B.B.B.B;# public IP of first DNS slave(win
> dows DNS)
>C.C.C.C;# public IP of second DNS slave(Li
> nux BIND DNS)
> };
>
> Steve
>
> -Original Message-
> From: bind-users-bounces+stevez=airg@lists.isc.org [mailto:bind-users-bou
> nces+stevez=airg@lists.isc.org] On Behalf Of Niall O'Reilly
> Sent: Wednesday, January 05, 2011 3:33 PM
> To: bind-users@lists.isc.org
> Subject: Re: bind slave not get DNS update
>
> On 05/01/11 01:50, Steve Zeng wrote:
> > I don't have NS record for both of the slaves (windows DNS slave and
> > Linux DNS slave). I use "also-notify" and it works for Windows DNS
> > slave. But not for BIND/Linux.
>
> On 05/01/11 19:56, Steve Zeng wrote:
> > Rndc transfer (initialized at the slave side) works fine...
>
> Good. Manual intervention works.
>
> I suggest you try to determine the following from your logs
> on both master and (Linux) slave.
>
> Whether the master is sending the NOTIFY.
> Whether the slave is receiving the NOTIFY.
> Whether the slave is acting on the NOTIFY.
>
> That should make it clear what's not happening without
> manual intervention.
>
>
> Best regards,
> Niall O'Reilly
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
