Slave zones not updating on one of three servers in cluster

Hi,

I have 3 x Virtualmin Pro servers in a cluster. As far as i can tell they are identically configured, but if I set up a test domain on each server, it works fine on 2 of the 3, but slaves are not updated on the third.

With the 3rd set as master, when I do a test transfer on either slave I get: -

Testing transfer of slave zone from 127.0.1.1 xxx.xxx.xxx.xxx .. .. from 127.0.1.1 : Failed : ;; Connection to 127.0.1.1#53(127.0.1.1) for domain.com failed: connection refused. .. from xxx.xxx.xxx.xxx : Failed : ; <<>> DiG 9.8.1-P1 <<>> IN AXFR domain.com @xxx.xxx.xxx.xxx ;; global options: +cmd ; Transfer failed.

...but if I use either of the other two as master both test transfers and real transfers happen as expected.

I've been poking at this on and off for days now, and I'm afraid I'm going around in circles - I'm sure I've done something daft or am missing something obvious - I simply can't see how the new server is configured differently to the first two!

Thanks in advance,

PhilK

Status: 
Active

Comments

Check on the slave system and the master system for any firewall that would be be blocking port 53, which is the port used for DNS.

There is no firewall enabled on any of the three systems - under "Networking -> Linux Firewall -> Actiavted at Boot" the option is set to "No".

The two "good" servers each work fine as a master, and as a slave to the other's master, and the problem only occurs when the "bad" system is master, so I think I am looking for an issue on that third system. The thing is, it's a relatively recently install of Ubuntu 14.04.4 in pretty much a vanilla "out of the box" state - nothing exotic at all. DNS works for the world at large when I set it as master, just not these transfers.

I'm not sure if this is significant / how this happened, but: -

  • If I look on a slave for a working domain, under Servers -> Bind -> [domain] -> Zone Options, under "Master Servers" and "Allow Transfers from", I see the IPs of the other two servers in the cluster (IOW, the master and the other slave).

  • If I look on a slave for a non-working domain, I see 127.0.1.1 and the IP of the other slave in both slots, IOW it seems to be only seeing localhost and the other slave. Localhost would not have the data, and the other slave would not have it /yet/, if i am reading this right.

  • if I replace 127.0.1.1 with the address of the master on each slaves, the test transfer passes for the master, but not the other slave (yet).

I'm going to leave this a spell and see if these zones now propagate to their slaves.

If that works, I will repeat this exercise with a completely clean domain that none of these servers has ever seen before, and see if that exhibits the same behaviour.

As far as I can see, the "bad" master has not been passing its own IP as master to the slaves, but rather a localhost IP - am I reading that correctly?

Ok,that could explain it. Make sure that on the master system, the entry in /etc/hosts for the system's hostname has the external IP, not 127.0.0.1

Hi Jamie,

That was it - ta!

FWIW, this is a DigitalOcean droplet, and this is not the first time that I've encountered an aspect of their config that does not play nicely with Virtualmin (the selection of Ubuntu mirrors complicates upgrades, for example).

Thanks for the pointer!

--

PhilK