help! Can't get two nameservers to run!

Mathias Körber mathias at koerber.org
Thu Sep 7 02:13:05 UTC 2000


Not much help here but a few points:

What OS are you running? An ineffective kill -9 usually
means some driver problem in that OS.

> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Tom Jennings
> Sent: Thursday, September 07, 2000 10:00 AM
> To: bind-users at isc.org
> Subject: help! Can't get two nameservers to run!
>=20
>=20
>=20
> OK I admit I'm getting a little panicky... I'm desperately trying
> to run two copies of named, to work around the known subdomain
> leakage problem in 8.2.2. v9 solves it, but is too buggy to put in
> production just yet.
>=20
> My nameserver box has two ethernet cards. I want to run:
>=20
> * An outside nameserver, primary for one zone, listens on ethernet1
> only, allows all queries and few axfrs. Recursion and glue is off.
> I want it to have no knowledge of anything but it's one domain,
> DOMAIN.COM. This is our public nameserver.
>=20
> * An inside nameserver, primary for a bunch of sub-domains and
> secondary for a bunch of domains. It listens on ethernet0 and
> 127.0.0.1, allows query inside (10/8, etc), a few axfrs. Recursion
> is on, glue off.
>=20
> I start the nameservers inside, then outside, and get the errors
> below.
>=20
> ? queries to ethernet1 are resolved by the inside nameserver, the
> outside nameserver seems inert. (eg. I kill -9 the outside server
> and it still answers queries?)=20

sounds like the other nameserver is answering those for you?
Have you tried turning on query logging (to two different directories)
and seeing which NS logs which queries?

>=20
> ? The second copy of bind generates this error:
> named[4342]: ctl_server: bind: Address already in use
> but says its listening on the appropriate interface, but it acts
> like the "inside" server, loaded first, is bound to that address.
>=20
> I know also this means ndc's pipe to named is AFU (by the second
> invokation I suppose) but the O'Reilly book says nothing about
> setting up ndc, and I'm fine with manually signalling the thing.
>=20
> I don't see any reason to chroot each copy; is there one?
> [tomj at ns1 DNS]# ps -ax | egrep named
>  4300 ?        S      0:00 /usr/sbin/named /etc/named.conf.inside
>  4343 ?        S      0:00 /usr/sbin/named /etc/named.conf.outside
>=20
>=20
>=20
>=20
> LOG
>=20
>=20
> Starting "inside" server first:
>=20
> Sep  6 18:53:24 ns1 named[4299]: starting.  named 8.2.2-P5 Mon F =
[deleted]
> ... loading zones...
> Sep  6 18:53:24 ns1 named[4299]: listening on [127.0.0.1].53 (lo)
> Sep  6 18:53:24 ns1 named[4299]: listening on [10.4.0.13].53 (eth0)
> Sep  6 18:53:24 ns1 named[4299]: Forwarding source address is=20
> [0.0.0.0].2239
> Sep  6 18:53:24 ns1 named[4300]: Ready to answer queries.
>=20
> Starting "outside" server:
> Sep  6 18:54:26 ns1 named[4342]: starting.  named 8.2.2-P5 Mon=20
> Feb [deleted]
> ...loading zones...
> Sep  6 18:54:26 ns1 named[4342]: ctl_server: bind: Address already in =
use
> Sep  6 18:54:26 ns1 named[4342]: listening on [10.4.0.14].53 (eth1)
> Sep  6 18:54:26 ns1 named[4342]: Forwarding source address is=20
> [0.0.0.0].2240
> Sep  6 18:54:26 ns1 named[4343]: Ready to answer queries.
>=20
>=20
>=20
>=20
>=20
> CONFIGS: heavily clipped here; ACLs not shown (they work)
>=20
> inside:
>=20
> options {
>         fetch-glue no;                          // be less wasteful,
>         recursion yes;                          // be helpful,
>=20
>         pid-file  "/home/DOMAIN/DNS/run/named-inside.pid";=20
>         listen-on { 127.0.0.1; 10.4.0.13; };    // eg. =
ns1.net.DOMAIN.com,
>=20
>         directory "/home/DOMAIN/DNS";
> };
>=20
> zone "DOMAIN.com" {
>         type master;
>         file "DOMAIN.com";
>         allow-query { any; };
> 	allow-transfer { list of inside hosts; };
> 	also-notify { list of inside hosts; };
> };

I'd also specifically set the query-source address on each to its
IP address, so that replies are bound to go to the correct server..

>=20
>=20
>=20
> Outside:
>=20
> options {
>         fetch-glue no;                          // do no favors,
>         recursion no;                           // and only this one =
zone,
>         pid-file  "/home/DOMAIN/DNS/run/named.pid.outside";=20
>         listen-on { 10.4.0.14; };               // the second=20
> ethernet only!
> };
>=20
> zone "DOMAIN.com" {
>         type master;
> 	allow-transfer { list of outside hosts; };
> 	also-notify { list of outside hosts; };
>         file "DOMAIN.com";
> };
>=20
>=20
>=20
> ---
> INFORMATION GLADLY GIVEN BUT SAFETY REQUIRES AVOIDING UNNECESSARY=20
> CONVERSATION
>=20
>=20
>=20




More information about the bind-users mailing list