Allowing zone xfer to slave server
Ryan McCain
Ryan.McCain at dss.state.la.us
Fri Aug 31 16:36:58 UTC 2007
manual zone xfers do in fact work from the slave to the primary. See below:
dss-cs99la49:/var/lib/named/slave # dig @172.20.11.200 dss.la.gov axfr
; <<>> DiG 9.3.2 <<>> @172.20.11.200 dss.la.gov axfr
; (1 server found)
;; global options: printcmd
dss.la.gov. 3600 IN SOA dssns.dss.la.gov. admin. 55 900 600 86400 3600
dss.la.gov. 3600 IN NS dssns.dss.la.gov.
dss.la.gov. 3600 IN NS dssns2.dss.la.gov.
dss.la.gov. 3600 IN NS dns-ext2.dss.state.la.us.
dss.la.gov. 3600 IN A 205.172.49.49
dss.la.gov. 3600 IN MX 10 smtp-ext1.dss.la.gov.
dss.la.gov. 3600 IN MX 20 smtp-ext2.dss.la.gov.
dss-cs99lv01-a.dss.la.gov. 3600 IN A 205.172.49.5
dssns.dss.la.gov. 3600 IN A 199.248.209.34
dssns2.dss.la.gov. 3600 IN A 199.248.209.35
formquesttanf.dss.la.gov. 3600 IN A 205.172.49.17
formquesttanftrain.dss.la.gov. 3600 IN A 205.172.49.16
ryan.dss.la.gov. 3600 IN A 205.172.49.100
smtp-ext1.dss.la.gov. 3600 IN A 205.172.49.5
smtp-ext2.dss.la.gov. 3600 IN A 205.172.49.7
webaccess.dss.la.gov. 3600 IN CNAME webaccess.dss.state.la.us.
www.dss.la.gov. 3600 IN A 205.172.49.49
wwwapps.dss.la.gov. 3600 IN A 205.172.49.15
dss.la.gov. 3600 IN SOA dssns.dss.la.gov. admin. 55 900 600 86400 3600
;; Query time: 1 msec
;; SERVER: 172.20.11.200#53(172.20.11.200)
;; WHEN: Fri Aug 31 11:35:41 2007
;; XFR size: 19 records (messages 1)
>>> On Fri, Aug 31, 2007 at 11:22 AM, in message
<46D7F9DB.5D1A.003A.0 at dss.state.la.us>, "Ryan McCain"
<Ryan.McCain at dss.state.la.us> wrote:
> Actually dss-dr93la06-s1 resolves to 10.120.11.83 which was a secondary IP
> address which isnt in use anymore. dss-dr93la06-s1 resolves to a secondary IP
> address which doesn't exist anymore. My brain is fried and I should have
> removed them. I am doing that now.
>
> the dss.la.gov zone file is below. Noticed I added NS dns-ext2.
> dns-ext2.dss.state.la.us is an A record in the external dss.state.la.us zone
> that points to 172.20.11.118
>
> $ORIGIN .
> $TTL 3600 ; 1 hour
> dss.la.gov IN SOA dssns.dss.la.gov. admin. (
> 53 ; serial
> 900 ; refresh (15 minutes)
> 600 ; retry (10 minutes)
> 86400 ; expire (1 day)
> 3600 ; minimum (1 hour)
> )
> NS dssns.dss.la.gov.
> NS dssns2.dss.la.gov.
> NS dns-ext2.dss.state.la.us.
> A 205.172.49.49
> MX 10 smtp-ext1.dss.la.gov.
> MX 20 smtp-ext2.dss.la.gov.
> $ORIGIN dss.la.gov.
> dss-cs99lv01-a A 205.172.49.5
> dssns A 199.248.209.34
> dssns2 A 199.248.209.35
> formquesttanf A 205.172.49.17
> formquesttanftrain A 205.172.49.16
> smtp-ext1 A 205.172.49.5
> smtp-ext2 A 205.172.49.7
> webaccess CNAME webaccess.dss.state.la.us.
> www A 205.172.49.49
> wwwapps A 205.172.49.15
> ryan A 205.172.49.100
> $ORIGIN .
>
> ---
>
> Both of these servers are on our internal network and accessible through
> firewall rules. Our internal domain used is dss.state.la.us and one of the
> external domains I want to provide DNS services for is dss.state.la.us so I
> don't know if thats confusing things???
>
>
>
>
>
>
>
>>>> On Thu, Aug 30, 2007 at 4:40 PM, in message
> <e65c4bab0708301440g79782488l33d01112593c9b23 at mail.gmail.com>, "Dawn Connelly"
> <dawn.connelly at gmail.com> wrote:
>> The command is actually:
>> dig @172.20.11.200 dss.la.gov axfr
>> You have to have the axfr for transfer. Otherwise it just queries for a
>> record rather than transfer.
>>
>> I'm assuming that either dss-cs99la45-s1.dss.state.la.us or
>> dss-dr93la06-s1.dss.state.la.us resolves to 172.20.11.118?
>>
>> The also-notify is only needed if there isn't an NS record.
>>
>> Are there any messages in you log files that would provide a hint? Like does
>> your master server have any logs with your slaves IP address or does your
>> slave have any logs regarding this particular domain?
>>
>>
>> On 8/30/07, Ryan McCain <Ryan.McCain at dss.state.la.us> wrote:
>>>
>>> Here is the zone file from the primary DNS server if this helps..
>>>
>>> --
>>>
>>> $ORIGIN .
>>> $TTL 3600 ; 1 hour
>>> dss.la.gov IN SOA dssns.dss.la.gov. admin. (
>>> 53 ; serial
>>> 900 ; refresh (15 minutes)
>>> 600 ; retry (10 minutes)
>>> 86400 ; expire (1 day)
>>> 3600 ; minimum (1 hour)
>>> )
>>> NS dssns.dss.la.gov.
>>> NS dssns2.dss.la.gov.
>>> NS dss-cs99la45-s1.dss.state.la.us.
>>> NS dss-dr93la06-s1.dss.state.la.us.
>>> A 205.172.49.49
>>> MX 10 smtp-ext1.dss.la.gov.
>>> MX 20 smtp-ext2.dss.la.gov.
>>> $ORIGIN dss.la.gov.
>>> dss-cs99lv01-a A 205.172.49.5
>>> dssns A 199.248.209.34
>>> dssns2 A 199.248.209.35
>>> smtp-ext1 A 205.172.49.5
>>> smtp-ext2 A 205.172.49.7
>>> ryan A 205.172.49.100
>>> $ORIGIN .
>>>
>>>
>>>
More information about the bind-users
mailing list