Can't get zone to xfer to secondary server
Chris Buxton
cbuxton at menandmice.com
Thu Aug 16 20:42:17 UTC 2007
The problem is shown in the error messages at the end.
When trying to get a zone transfer, the slave first requests an SOA
record from the master. It expects an SOA record in response to the
query, but in this case, it's getting a CNAME record. Which indicates
that either the master server is not running BIND (nor any other
server that enforces the CNAME and other data rule), or else the
master server actually has a zone named "com" on it (which it
probably shouldn't) and has a CNAME record named familiesla.com
inside that zone.
Check the configuration of the master. We on the list can't, from the
outside, because the master is on a private address. However, if we
were able to, the shell command would look like this:
dig familiesla.com soa +norec @172.20.11.237
Chris Buxton
Men & Mice
On Aug 16, 2007, at 1:34 PM, Ryan McCain wrote:
> I'm attempting to install a secondary DNS server using BIND 9.3.2
> on SLES 10. It should host multiple zones 2 of which are
> 'dss.state.la.us' and 'familiesla.com'.
>
> The primary DNS server is a Windows server and I have given the
> secondary server permission to do zone xfers for both of these
> domains, however, only 'dss.state.la.us' comes down. The zone file
> for 'familiesla.com' is never created. I'm not sure why.
>
> Here is the log:
>
> Aug 16 15:09:47 dss-cs99la14 named[8126]: found 1 CPU, using 1
> worker thread
> Aug 16 15:09:47 dss-cs99la14 named[8126]: loading configuration
> from '/etc/named.conf'
> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv6
> interfaces, port 53
> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
> interface lo, 127.0.0.1#53
> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
> interface eth0, 10.120.9.246#53
> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
> on 127.0.0.1#953
> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
> on ::1#953
> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone 0.0.127.in-addr.arpa/
> IN: loaded serial 42
> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone localhost/IN: loaded
> serial 42
> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:42:
> gc._msdcs.dss.state.la.us: bad owner name (check-names)
> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:43:
> gc._msdcs.dss.state.la.us: bad owner name (check-names)
> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
> 128: btr_cluster.dss.state.la.us: bad owner name (check-names)
> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
> 1003: ipat_ocs.dss.state.la.us: bad owner name (check-names)
> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
> 1076: ocs_nt_3.dss.state.la.us: bad owner name (check-names)
> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone dss.state.la.us/IN:
> loaded serial 11146
> Aug 16 15:09:47 dss-cs99la14 named[8126]: running
> Aug 16 15:09:48 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> 0.0.0.0#0)
> Aug 16 15:11:01 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> 0.0.0.0#0)
> Aug 16 15:12:20 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> 0.0.0.0#0)
> Aug 16 15:15:25 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> 0.0.0.0#0)
>
>
> ... That didn't tell me too much as to why the familiesla.com zone
> isn't being added to the secondary DNS server.
>
> Any ideas?
>
> Thanks, Ryan
>
>
>
>
More information about the bind-users
mailing list