Can't get zone to xfer to secondary server

Ryan McCain Ryan.McCain at dss.state.la.us
Thu Aug 16 22:20:01 UTC 2007 

Chris,

Thanks for the response. 

Here is the output from the dig command:

; <<>> DiG 9.3.4 <<>> familiesla.com soa +norec @172.20.11.237
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20783
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;familiesla.com.                        IN      SOA

;; ANSWER SECTION:
familiesla.com.         3600    IN      CNAME   www.dss.state.la.us.

;; Query time: 0 msec
;; SERVER: 172.20.11.237#53(172.20.11.237)
;; WHEN: Thu Aug 16 17:15:15 2007
;; MSG SIZE  rcvd: 65

The DNS server is whatever Windows version is on Windows 2000.  Also, there is no domain called .com.  I will check with the Windows side of the house on this.  Any other suggestions based on the output above?  

Thx..

>>> On Thu, Aug 16, 2007 at  3:42 PM, in message
<CEA4C10F-BCE5-4E0C-8AC6-0B8151D3A9F6 at menandmice.com>, Chris Buxton
<cbuxton at menandmice.com> wrote: 
> The problem is shown in the error messages at the end.
> 
> When trying to get a zone transfer, the slave first requests an SOA  
> record from the master. It expects an SOA record in response to the  
> query, but in this case, it's getting a CNAME record. Which indicates  
> that either the master server is not running BIND (nor any other  
> server that enforces the CNAME and other data rule), or else the  
> master server actually has a zone named "com" on it (which it  
> probably shouldn't) and has a CNAME record named familiesla.com  
> inside that zone.
> 
> Check the configuration of the master. We on the list can't, from the  
> outside, because the master is on a private address. However, if we  
> were able to, the shell command would look like this:
> 
> dig familiesla.com soa +norec @172.20.11.237
> 
> Chris Buxton
> Men & Mice
> 
> On Aug 16, 2007, at 1:34 PM, Ryan McCain wrote:
> 
>> I'm attempting to install a secondary DNS server using BIND 9.3.2  
>> on SLES 10.  It should host multiple zones 2 of which are  
>> 'dss.state.la.us' and 'familiesla.com'.
>>
>> The primary DNS server is a Windows server and I have given the  
>> secondary server permission to do zone xfers for both of these  
>> domains, however, only 'dss.state.la.us' comes down. The zone file  
>> for 'familiesla.com' is never created.  I'm not sure why.
>>
>> Here is the log:
>>
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: found 1 CPU, using 1  
>> worker thread
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: loading configuration  
>> from '/etc/named.conf'
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv6  
>> interfaces, port 53
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4  
>> interface lo, 127.0.0.1#53
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4  
>> interface eth0, 10.120.9.246#53
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening  
>> on 127.0.0.1#953
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening  
>> on ::1#953
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone 0.0.127.in-addr.arpa/ 
>> IN: loaded serial 42
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone localhost/IN: loaded  
>> serial 42
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:42:  
>> gc._msdcs.dss.state.la.us: bad owner name (check-names)
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:43:  
>> gc._msdcs.dss.state.la.us: bad owner name (check-names)
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us: 
>> 128: btr_cluster.dss.state.la.us: bad owner name (check-names)
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us: 
>> 1003: ipat_ocs.dss.state.la.us: bad owner name (check-names)
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us: 
>> 1076: ocs_nt_3.dss.state.la.us: bad owner name (check-names)
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone dss.state.la.us/IN:  
>> loaded serial 11146
>> Aug 16 15:09:47 dss-cs99la14 named[8126]: running
>> Aug 16 15:09:48 dss-cs99la14 named[8126]: zone familiesla.com/IN:  
>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source  
>> 0.0.0.0#0)
>> Aug 16 15:11:01 dss-cs99la14 named[8126]: zone familiesla.com/IN:  
>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source  
>> 0.0.0.0#0)
>> Aug 16 15:12:20 dss-cs99la14 named[8126]: zone familiesla.com/IN:  
>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source  
>> 0.0.0.0#0)
>> Aug 16 15:15:25 dss-cs99la14 named[8126]: zone familiesla.com/IN:  
>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source  
>> 0.0.0.0#0)
>>
>>
>> ... That didn't tell me too much as to why the familiesla.com zone  
>> isn't being added to the secondary DNS server.
>>
>> Any ideas?
>>
>> Thanks, Ryan
>>
>>
>>
>>

More information about the bind-users mailing list