Trouble create slave zones
Eric B.
ebenze at hotmail.com
Tue Apr 1 13:21:28 UTC 2008
Thanks Mark.
I tried a dig soa command and got the following output. I am hoping that
someone can help me determine what is missing. The one thing I noticed is
that I don't have the "AUTHORITY" section. Could that be triggering the
problem? If so, any ideas how can I ensure that it is present? What do I
need to make sure is in my Master conf file to have that appear?
# dig soa mydomain.biz @198.20.1.1 +norec
; <<>> DiG 9.2.4 <<>> soa mydomain.biz @198.20.1.1 +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42824
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.biz. IN SOA
;; ANSWER SECTION:
mydomain.biz. 3600 IN SOA ns1.mydomain.com.
administrator.mydomain.com. 610 3600 600 86400 3600
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3600 IN A 198.20.1.1
;; Query time: 20 msec
;; SERVER: 198.20.1.1#53(198.20.1.1)
;; WHEN: Tue Apr 1 09:17:40 2008
;; MSG SIZE rcvd: 106
Thanks!
Eric
"Mark Andrews" <Mark_Andrews at isc.org> wrote in message
news:200803312114.m2VLExtZ065992 at drugs.dv.isc.org...
>
>
> A refresh query is equivalent to "dig soa <zone> @<server> +norec".
>
> You should get only the SOA record for the zone in the
> answer section and "aa" should be set in the flags field.
> If you don't then there is a error on the master.
>
> Mark
>
> e.g.
>
> ; <<>> DiG 9.3.4-P1 <<>> soa +norec dv.isc.org @::1
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18464
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5
>
> ;; QUESTION SECTION:
> ;dv.isc.org. IN SOA
>
> ;; ANSWER SECTION:
> dv.isc.org. 3600 IN SOA bsdi.dv.isc.org. marka.isc.org. 2007103051 86400
> 21600 2419200 86400
>
> ;; AUTHORITY SECTION:
> dv.isc.org. 86400 IN NS drugs.dv.isc.org.
> dv.isc.org. 86400 IN NS bsdi1.dv.isc.org.
>
> ;; ADDITIONAL SECTION:
> bsdi1.dv.isc.org. 86400 IN A 192.168.191.233
> drugs.dv.isc.org. 86400 IN A 192.168.191.236
> drugs.dv.isc.org. 86400 IN AAAA 2001:470:1f00:820:214:22ff:fed9:fbdc
> drugs.dv.isc.org. 86400 IN AAAA fd92:7065:b8e:0:214:22ff:fed9:fbdc
> drugs.dv.isc.org. 86400 IN AAAA fe80::214:22ff:fed9:fbdc
>
> ;; Query time: 29 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Tue Apr 1 08:13:01 2008
> ;; MSG SIZE rcvd: 231
>
>> Sorry - good point. Yes, the slave is also being the firewall.
>>
>> If I set the master addres to 192.168.1.1, I get the same result. If I
>> check my master logs, I do see that my Master dns server is being queried
>> for the records and responding to bind's requests.
>>
>> Is there a way I can have bind log more detailed info to try to
>> understand
>> why it thinks the response is non-authoritative?
>>
>> Thanks!
>>
>> Eric
>>
>> "Chris Buxton" <cbuxton at menandmice.com> wrote in message
>> news:B93F8A8D-F72E-47AF-8074-BCBEF1132075 at menandmice.com...
>> You didn't say whether the slave server is also behind the firewall.
>> If it is, I would guess that the non-authoritative answer is coming
>> from the firewall, not from the actual master server. What happens if
>> you set the master server address in your zone statement to 192.168.1.1?
>>
>> Chris Buxton
>> Professional Services
>> Men & Mice
>>
>> On Mar 31, 2008, at 9:57 AM, Eric B. wrote:
>> > Hi,
>> >
>> > I'm trying to set up bind 9.2.4 to create slave zones on my machine
>> > for a
>> > bunch of dns zones. The master is a Win2K Server running it's built-
>> > in DNS
>> > (not Active Directory).
>> >
>> > My named.conf file lists the following:
>> > options {
>> > directory "/var/named";
>> > dump-file "/var/named/data/cache_dump.db";
>> > statistics-file "/var/named/data/named_stats.txt";
>> > zone-statistics yes;
>> > notify yes; // notify the above IP's when a zone is updated
>> > pid-file "/var/run/named/named.pid";
>> > transfer-format many-answers; // Generates more efficient zone
>> > transfers
>> > listen-on { any; };
>> > };
>> >
>> > include "/etc/rndc.key";
>> >
>> > zone "mydomain.biz.dns" IN { type slave; file "slaves/
>> > mydomain.biz.dns";
>> > masters { 198.20.1.1; }; };
>> >
>> >
>> > // Include logging config file
>> > include "/var/named/conf/logging.conf";
>> >
>> >
>> >
>> > However, if I look at /var/log/named/general.log, I see the
>> > following error
>> > messages:
>> > Mar 31 12:26:25.902 zone mydomain.biz.dns/IN: refresh: non-
>> > authoritative
>> > answer from master 198.20.1.1#53
>> >
>> > This is confusing me extremely. If I check the configuration on the
>> > master
>> > server, the zone is configured as the primary server. If it is of
>> > any help,
>> > I can also post the actual dns conf file for the zone on the W2K
>> > server.
>> >
>> > The only thing I can think of is that my zone's NS records point to
>> > my DNS
>> > server's public address, even though my DNS server is actually
>> > behind a
>> > firewall and has an internal address:
>> >
>> > ; Zone NS recors
>> > @ NS ns1.mydomain.biz
>> > ns1.mydomain.biz. A 198.20.1.1
>> >
>> > But my primary server's address is actually 192.168.1.1 (and mapped to
>> > 198.20.1.1 through my firewall rules).
>> >
>> >
>> > Is this a configuration problem of bind, the Win2K server, or the
>> > actual
>> > zone information within the DNS server?
>> >
>> > Any help, ideas, suggestions would be greatly appreciated.
>> >
>> > Thanks,
>> >
>> > Eric
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>>
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
>
More information about the bind-users
mailing list