Can't get zone to xfer to secondary server

Ryan McCain Ryan.McCain at dss.state.la.us
Fri Aug 17 16:08:51 UTC 2007


You were right. We changed that and it worked like a charm.

Thanks to everyone who responded.

Now, Im going to try and get the reverse records down.



>>> On Thu, Aug 16, 2007 at  5:55 PM, in message
<1187304928.46c4d5e036094 at www.redscarf.com>, Dawn <dawn at zapata.org> wrote: 
> That's the problem right there. You can't have your domain CNAME to a 
> different
> FQDN. Remove that record and replace it with an A record and transfer magic
> will happen. Yeah, it blows that if the www record changes, you'll have to
> manually change the other record...but that blow factor is lower than not
> having a functional slave.
> 
> Quoting Ryan McCain <Ryan.McCain at dss.state.la.us>:
> 
>> Chris,
>>
>> Thanks for the response.
>>
>> Here is the output from the dig command:
>>
>> ; <<>> DiG 9.3.4 <<>> familiesla.com soa +norec @172.20.11.237
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20783
>> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;familiesla.com.                        IN      SOA
>>
>> ;; ANSWER SECTION:
>> familiesla.com.         3600    IN      CNAME   www.dss.state.la.us.
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 172.20.11.237#53(172.20.11.237)
>> ;; WHEN: Thu Aug 16 17:15:15 2007
>> ;; MSG SIZE  rcvd: 65
>>
>> The DNS server is whatever Windows version is on Windows 2000.  Also, there
>> is no domain called .com.  I will check with the Windows side of the house 
> on
>> this.  Any other suggestions based on the output above?
>>
>> Thx..
>>
>> >>> On Thu, Aug 16, 2007 at  3:42 PM, in message
>> <CEA4C10F-BCE5-4E0C-8AC6-0B8151D3A9F6 at menandmice.com>, Chris Buxton
>> <cbuxton at menandmice.com> wrote:
>> > The problem is shown in the error messages at the end.
>> >
>> > When trying to get a zone transfer, the slave first requests an SOA
>> > record from the master. It expects an SOA record in response to the
>> > query, but in this case, it's getting a CNAME record. Which indicates
>> > that either the master server is not running BIND (nor any other
>> > server that enforces the CNAME and other data rule), or else the
>> > master server actually has a zone named "com" on it (which it
>> > probably shouldn't) and has a CNAME record named familiesla.com
>> > inside that zone.
>> >
>> > Check the configuration of the master. We on the list can't, from the
>> > outside, because the master is on a private address. However, if we
>> > were able to, the shell command would look like this:
>> >
>> > dig familiesla.com soa +norec @172.20.11.237
>> >
>> > Chris Buxton
>> > Men & Mice
>> >
>> > On Aug 16, 2007, at 1:34 PM, Ryan McCain wrote:
>> >
>> >> I'm attempting to install a secondary DNS server using BIND 9.3.2
>> >> on SLES 10.  It should host multiple zones 2 of which are
>> >> 'dss.state.la.us' and 'familiesla.com'.
>> >>
>> >> The primary DNS server is a Windows server and I have given the
>> >> secondary server permission to do zone xfers for both of these
>> >> domains, however, only 'dss.state.la.us' comes down. The zone file
>> >> for 'familiesla.com' is never created.  I'm not sure why.
>> >>
>> >> Here is the log:
>> >>
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: found 1 CPU, using 1
>> >> worker thread
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: loading configuration
>> >> from '/etc/named.conf'
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv6
>> >> interfaces, port 53
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
>> >> interface lo, 127.0.0.1#53
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
>> >> interface eth0, 10.120.9.246#53
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
>> >> on 127.0.0.1#953
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
>> >> on ::1#953
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone 0.0.127.in-addr.arpa/
>> >> IN: loaded serial 42
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone localhost/IN: loaded
>> >> serial 42
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:42:
>> >> gc._msdcs.dss.state.la.us: bad owner name (check-names)
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:43:
>> >> gc._msdcs.dss.state.la.us: bad owner name (check-names)
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
>> >> 128: btr_cluster.dss.state.la.us: bad owner name (check-names)
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
>> >> 1003: ipat_ocs.dss.state.la.us: bad owner name (check-names)
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
>> >> 1076: ocs_nt_3.dss.state.la.us: bad owner name (check-names)
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone dss.state.la.us/IN:
>> >> loaded serial 11146
>> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: running
>> >> Aug 16 15:09:48 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>> >> 0.0.0.0#0)
>> >> Aug 16 15:11:01 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>> >> 0.0.0.0#0)
>> >> Aug 16 15:12:20 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>> >> 0.0.0.0#0)
>> >> Aug 16 15:15:25 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>> >> 0.0.0.0#0)
>> >>
>> >>
>> >> ... That didn't tell me too much as to why the familiesla.com zone
>> >> isn't being added to the secondary DNS server.
>> >>
>> >> Any ideas?
>> >>
>> >> Thanks, Ryan
>> >>
>> >>
>> >>
>> >>
>>
>>



More information about the bind-users mailing list