Slave DNS not receiving tranferred zones...

14 posts / 0 new
Last post
#1 Fri, 08/14/2009 - 05:39
CoronelN

Slave DNS not receiving tranferred zones...

Hello guys, i'm back with my silly questions...

The problem i'm having now is that i followed the tutorial for creating automatically the zones in the slave server:

everything seems to work, when i add the Cluster slave in the master it reports and creates empty zone files in the slave... so far nice.

but when i look at the slave server the zones are empty and it reports: "last transferred: NEVER" :(

I tried deleting the slave and creating again the same result, i changed the IP on the module config of the master and nothing... i am at loss...

when i click on the icon of the slave form the master (Webmin-->Webmin Servers Index) i connect and see the slave webmin...

My system is running Debian X64

thanks for the eventual answers... cheers Nathan

Sat, 08/15/2009 - 06:21
CoronelN

Sorry i'm bumping this... But i have not found yet any solution on my own and can really use some advise....

Sat, 08/15/2009 - 08:21
ronald
ronald's picture

You want to check the permissions first...on the slave (although I have the same on the master)

all the way up to /var/named/chroot/var/named you want root:named

the folder in named is slaves, the folder slaves and all files in there should be named:named

files 0644, folders 0750

Sat, 08/15/2009 - 08:36 (Reply to #3)
CoronelN

Ronald, thanks for the feedback.

However i dont have a /var/named folder...

and i dont really get what you mean with: " the folder in named is slaves... "

I have looked at different posts here, about the ports... I added to /etc/iptables.up.rules the lines:

-A INPUT -p tcp --dport 953 -j ACCEPT -A INPUT -p tcp -m udp --dport 53 -j ACCEPT

I also Chowned rdnc.key from bind:bind to root:bind...

I added in the slave to the file: /etc/bind/named.conf.options the line: listen-on port 53 { 127.0.0.1; <master.bind.ip>; };

also tried with the <slave.bind.ip>

After your post i tried chowing /etc/bind to bind:bind deleted all the empty slave zones and in the master deleted the cluster server and re-added it...

Honestly i dont know what to do any more....

in the /var/log/syslog

i have entries like this now: Aug 15 13:32:53 clanvenez named[29655]: zone venez-rever.com/IN: has 0 SOA records Aug 15 13:32:53 clanvenez named[29655]: zone venez-rever.com/IN: has no NS records Aug 15 13:32:53 clanvenez named[29655]: zone venez-rever.com/IN: saved '/var/cache/bind/venez-rever.com.hosts' as '/var/cache/bind/db-M0sdC5Np'

and the slave zones are still empty...

banging my head against to screen now... i plead for your advice...

thanks

N

Sat, 08/15/2009 - 19:51
ronald
ronald's picture

ah yes, you are running Debian. They do things a bit differently. In Centos the path to BIND (where it is running) is /var/named or when running BIND under chroot /var/named/chroot/var/named. You don't need to chown /etc/bind because that is not where the zone files are created, that is where the configs are.

Slaves zones are created in a "/slaves" directory which can be found in the "/named" directory in the above described path (on Centos). When chrooted it is /var/named/chroot/var/named/slaves. So in Debian it is apparently under a different path which I am not familiar with. You have to check that on your box.

Unlikely it is a firewall issue as the files are created and thus data has to come from your master server, yes? When I had this problem when first starting a slave nameserver, I solved it in the end by chowning the directories and files correctly as I described earlier.

Also make sure fastrpc is switched on, check on Webmin Servers Index and click edit on your slave. You need to open ports 10000 to 10010 ! Under webmins module BIND check the paths of your BIND on both systems.
I would also run BIND under chroot.

After making changes you need to restart the service to become effective.

edit: /var/cache/bind/db-M0sdC5Np this means it has no write permission. db-M0sdC5Np should be the name of the domain but it is scrambled. You can test by making the folder 777

Sun, 08/16/2009 - 05:37 (Reply to #5)
CoronelN

Ronald,

In the master the zones are in the /etc/bind/ along with the named.conf and the others...

i did a find / -name named. and no folder returned... just the named.conf the named.conf.options and the named.conf.local

I did chown all the files in there as per your post... still no avail...

Fast rpc is on

added to etc/iptables.up.rules in the slave

-A INPUT -s <my.master.ip> -p tcp --dport 953 -j ACCEPT -A INPUT -s <my.master.ip> -p tcp -m udp --dport 53 -j ACCEPT -A INPUT -s <my.master.ip> -p tcp -m udp --dport 10000:10010 -j ACCEPT

tried 777 the /etc/bind folder... chowned bind:bind and root:root

i also ntpdated both serves...

i dont know what else to do...

it should be working but no... it doesnt...

Mon, 08/17/2009 - 02:35
CoronelN

this is the error i am getting now from: /var/log/syslog

Aug 17 07:31:40 clanvenez named[10691]: zone pcclick.es/IN: Transfer started. Aug 17 07:31:40 clanvenez named[10691]: transfer of 'pcclick.es/IN' from 88.191.224.143#53: connected using 88.191.221.72#60799 Aug 17 07:31:40 clanvenez named[10691]: transfer of 'pcclick.es/IN' from 88.191.224.143#53: failed while receiving responses: REFUSED Aug 17 07:31:40 clanvenez named[10691]: transfer of 'pcclick.es/IN' from 88.191.224.143#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)

Mon, 08/17/2009 - 06:24
CoronelN

Ok i found the problem...

On the master.... Allow tranfers from: my slave IP

Also notify slaves: Slave IP

and it works now...

however when i check intodns my domains it reports that the slave did not respond... ? :S

"Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not responded are: 88.191.221.72"

but the sites are online and can be seen....

please a little advice there?

Mon, 08/17/2009 - 08:48
CoronelN

More discoveries...

Wordpress multi user and its zone *.yourdomainhere.com will not allow the transfer to be done unless you ignore the name checks.

Any Error in 1 zone in the master will halt zone transfers to the slave... (yes it will not transfer some... just dont transfeR)

A good indication is to stop and start the BIND on on the master... if if it starts... all zones are all right and will most likely transfer...

Still have problems with the ns1.clanvenez.com according to intodns.com but the sites are working now...

Mon, 08/17/2009 - 10:29
ronald
ronald's picture

ah so it was a permission problem, just didn't think you hadn't activated the allow transfer...

Your DNS looks almost good except for clanvenez.com and paintballaparis.com.

NS records got from your nameservers listed at the parent NS are:

paintballaparis.com ['88.191.224.143'] [TTL=38400] ns1.clanvenez.com ['88.191.221.72'] [TTL=38400] clanvenez.com ['88.191.221.72'] [TTL=38400]

Should be ns2.paintballaparis.com ['88.191.224.143'] [TTL=38400] ns1.clanvenez.com ['88.191.221.72'] [TTL=38400]

You have to make sure they are both registered as nameserver at the registrar and not listed as A records or NS records.

Thu, 04/15/2010 - 04:29
daniel

I have configured the secondary Bind server according to the guideline. The zone is transfered but with no content. This is the log from the slave server I am sure it is a problem of rights but I am not sure where to look. Can somebody help me? Thanks

Apr 15 12:20:57 mail named[13463]: client 93.114.41.12#55990: received notify for zone 'pipioz.eu': not authoritative Apr 15 12:20:58 mail named[13463]: received SIGHUP signal to reload zones Apr 15 12:20:58 mail named[13463]: loading configuration from '/etc/bind/named.conf' Apr 15 12:20:58 mail named[13463]: using default UDP/IPv4 port range: [1024, 65535] Apr 15 12:20:58 mail named[13463]: using default UDP/IPv6 port range: [1024, 65535] Apr 15 12:20:58 mail named[13463]: /etc/bind/named.conf:14: couldn't add command channel 127.0.0.1#953: address in use Apr 15 12:20:58 mail named[13463]: reloading configuration succeeded Apr 15 12:20:58 mail named[13463]: zone pipioz.eu/IN: has 0 SOA records Apr 15 12:20:58 mail named[13463]: zone pipioz.eu/IN: has no NS records Apr 15 12:20:58 mail named[13463]: zone pipioz.eu/IN: saved '/var/lib/bind/pipioz.eu.hosts' as '/var/lib/bind/db-32EjHDlm' Apr 15 12:20:58 mail named[13463]: reloading zones succeeded

Thu, 04/15/2010 - 12:21
ronald
ronald's picture

can you make the folder bind at /var/lib/bind have permission 0755 and try again?

Wed, 02/05/2014 - 13:20
albatuni

hi, i've this problem and find the problem, it's because bind stop in my slave server

maybe it's funny but is true :D

Sun, 01/11/2015 - 09:29
JamesSimpson

I have tried all the above and i'm still getting the received notify for zone 'example.com': not authoritative

Topic locked