Trouble with Slave-Updates

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sun Aug 15 17:48:44 UTC 2004 

"André Höpner" <andre at hoepner.net> wrote:
> Have tried to set the slave logfiles to debug, but there was no errors
> reported then "zone is expired...".

>>>> Aug 12 13:09:55.890 general: zone n9k.de/IN: expired

> if i set it back to info no entries were logged. some people mean that
> this can be a firewall-problem so that slave could not update. but why
> it works on a notify?

> will try to post original-data. maybe something is wrong with our zonefiles
> or nameserverconfig.

> 1st nameserver: ns.ibased-one.de (62.53.168.195)
> 2nd nameserver: ns.ibased.net (217.160.210.76)
> domain: n9k.de

> ### primary config ###
> --- named.conf ---
> # internals:
> acl internals { 127.0.0.1/32; 62.53.168.195/32; };

> # externals:
> acl externals { 217.160.210.76/32; };

> server 217.160.210.76 {
>      bogus no;
>      transfer-format many-answers;
> };

> options {
>     directory "/var/named";

>     forwarders { 193.189.224.2; 62.146.22.2; 194.25.2.129; 194.246.96.59; };
>     listen-on port 53 { 127.0.0.1; 62.53.168.195; };
>     listen-on-v6 { none; };

>     query-source address * port 53;
>     transfer-source * port 53;
>     notify-source * port 53;

>     allow-transfer { internals; externals; };

>     notify yes;
>     auth-nxdomain no;
> };

> logging {

>     category "default" { "default_syslog"; "default_debug"; };
>     category "xfer-out" { "default_syslog"; };
>     category "notify" { "default_syslog"; };

>     # category panic { default_syslog; };
>     # category packet { default_syslog; };
>     # category eventlib { default_syslog; };

>     channel "default_syslog" {
>         #syslog daemon;
>         file "/var/log/named.log" versions 5 size 5m;
>         print-time yes;
>         print-category yes;
>         severity info;
>     };

> };

> zone "localhost" in {
>         type master;
>         file "localhost.zone";
> };

> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "127.0.0.zone";
> };

> zone "." in {
>         type hint;
>         file "root.hint";
> };

> zone "n9k.de" {
>         type master;
>         allow-query { any; };
>         file "zones/n9k.de";
> };


> --- n9k.de ---
> $TTL 1D
> ;
> ; Zonefile for n9k.de
> ;
> @       IN      SOA     ns.ibased-one.de.       hostmaster.ibased.de. (
>                         2002042207
>                         8H
>                         2H
>                         1W
>                         1D )

>                 NS      ns.ibased-one.de.               ; 1. nameserver
>                 NS      ns.ibased.net.                  ; 2. nameserver

>                 MX      10 mail.ibased-one.de.          ; erster mailserver

> n9k.de.         A       62.53.168.195

> www             A       62.53.168.195
> ftp             A       62.53.168.195


> ### secondary config ###
> --- named.conf ---
> ... like above, but other ips...

> zone "n9k.de" in {
>   type slave;
>   masters { 62.53.168.195; };
>   file "slave_cache/n9k.de";
> };


> ###### end ######


> "Barry Margolin" <barmar at alum.mit.edu> schrieb im Newsbeitrag 
> news:cfgvep$2pbm$1 at sf1.isc.org...
>> In article <cfg9vp$17si$1 at sf1.isc.org>,
>> "André Höpner" <andre at hoepner.net> wrote:
>>
>>> Hello bind-users,
>>>
>>> we have two nameservers for about 120 domains. both ar running
>>> bind 9.23. one is primary and one is secondary.
>>> after starting both servers all is running fine.
>>>
>>> after a few days, when mot of the zones expires, the secondary
>>> does the log-entry about expiration, but it seems, that he does not
>>> update the zones after that. some time later the secondary gives
>>> no answer about the expired zones.
>>
>> According to the SOA record you posted, your slave should be refreshing
>> every 8 hours.  The zones should only expire if this fails consistently
>> every hour for a week.
>>
>>>
>>> i must stop and start the primary server. that sends notifies and
>>> only after recieving this notifies the secondary updates the zones.
>>
>> That's very strange.  If there's something preventing the slaves from
>> refreshing, I would expect it to happen even after restarting the master.
>>
>> Are there any log messages on the slave when it tries to refresh the
>> zones?
>>
>> -- 
>> Barry Margolin, barmar at alum.mit.edu
>> Arlington, MA
>> *** PLEASE post questions in newsgroups, not directly to me ***
>> 


First, the "comment" in the zonefiles " ; 1. nameserver" is invalid.

Secondly, using query-source for queries and zone-transfers might
interfere. That is removing :
>     query-source address * port 53;
>     transfer-source * port 53;
>     notify-source * port 53;

and fix your firewall instead.


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list