Basic setup question for a master / slave setup with views...

Jim Bucks jbucks at coloradostudios.com
Mon Feb 4 15:45:44 UTC 2008


Hello Mark,   (posted & mailed)

Sorry for the delay in responding (been juggling / dropping a lot of 
balls lately).....

Mark Andrews wrote:
>> Hello All,
>>
>> I'm trying to "get this done on the weekends" a couple of new named 
>> servers into production mode - and am stuck on a couple of problems:
>>
>>
>> Here's what I'm running on both boxed.
>>      Fedora Core 7 Linux 2.6.23.8-34.fc7  i686 i686 i386
>>      BIND 9.4.2
>>
>>
>> The internal views appear to be working ok (at lest they're creating all 
>> the zone files in the internal directories on the slave server - have 
>> not checked if they update changes).
>>
>>
>> The external views are confusing me.  Three of the zones files appear to 
>> work, but the others (15) throw this error in the slave server's log:
>>
>>       zone yyyyyyyyyyyy.yyy/IN/external: refresh: non-authoritative
>>       answer from master xxx.xxx.xxx.xxx#53 (source 0.0.0.0#0)
> 
> 	This is from the client receiving a response to a SOA query
> 	for the zone which doesn't have the AA bit set.
> 
> 	dig -b 0.0.0.0 yyyyyyyyyyyy.yyy soa +norec @xxx.xxx.xxx.xxx
> 
> 	on the slave to reproduce the query.
>  

Well, here's the dig results from the slave server:
    dig -b 0.0.0.0 1080p.com soa +norec  @67.134.161.162

    ; <<>> DiG 9.4.2 <<>> -b 0.0.0.0 1080p.com soa +norec @67.134.161.162
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15269
    ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

    ;; QUESTION SECTION:
    ;1080p.com.                     IN      SOA

    ;; AUTHORITY SECTION:
    .                       276068  IN      NS      K.ROOT-SERVERS.NET.
    .                       276068  IN      NS      G.ROOT-SERVERS.NET.
    .                       276068  IN      NS      F.ROOT-SERVERS.NET.
    .                       276068  IN      NS      C.ROOT-SERVERS.NET.
    .                       276068  IN      NS      B.ROOT-SERVERS.NET.
    .                       276068  IN      NS      M.ROOT-SERVERS.NET.
    .                       276068  IN      NS      J.ROOT-SERVERS.NET.
    .                       276068  IN      NS      E.ROOT-SERVERS.NET.
    .                       276068  IN      NS      H.ROOT-SERVERS.NET.
    .                       276068  IN      NS      A.ROOT-SERVERS.NET.
    .                       276068  IN      NS      I.ROOT-SERVERS.NET.
    .                       276068  IN      NS      L.ROOT-SERVERS.NET.
    .                       276068  IN      NS      D.ROOT-SERVERS.NET.

    ;; ADDITIONAL SECTION:
    A.ROOT-SERVERS.NET.     362468  IN      A       198.41.0.4
    F.ROOT-SERVERS.NET.     362468  IN      A       192.5.5.241
    B.ROOT-SERVERS.NET.     362468  IN      A       192.228.79.201
    K.ROOT-SERVERS.NET.     362468  IN      A       193.0.14.129
    I.ROOT-SERVERS.NET.     362468  IN      A       192.36.148.17
    G.ROOT-SERVERS.NET.     362468  IN      A       192.112.36.4
    E.ROOT-SERVERS.NET.     362468  IN      A       192.203.230.10
    M.ROOT-SERVERS.NET.     362468  IN      A       202.12.27.33
    J.ROOT-SERVERS.NET.     362468  IN      A       192.58.128.30
    L.ROOT-SERVERS.NET.     362468  IN      A       199.7.83.42
    C.ROOT-SERVERS.NET.     362468  IN      A       192.33.4.12
    D.ROOT-SERVERS.NET.     362468  IN      A       128.8.10.90
    H.ROOT-SERVERS.NET.     362468  IN      A       128.63.2.53

    ;; Query time: 29 msec
    ;; SERVER: 67.134.161.162#53(67.134.161.162)
    ;; WHEN: Mon Feb  4 08:23:10 2008
    ;; MSG SIZE  rcvd: 446





>>       NO errors being logged on the master server.
> 
> 	Do you have the zones configured in the external view on the
> 	master?
> 

I do believe so.  I have run named-chkconf (named.conf files on master & 
slave servers) and named-chkzone (every external and internal forward & 
reverse zone file) against all files.  I'm not getting any errors when 
running these.

> 	Are you sure the slave is talking to the right view at the
> 	right time.  Check the query log (enable if need be).
> 

Not sure about this one.  I'll do some reading on this.

Thanks for the ideas.

Jim

>> I have checked spelling, removed / relaxed "security" settings 
>> (match-clients & match-destinations) and added explicit "allow's" (allow 
>> -update and allow-transfer) to no avail.
>>
>> Any thoughts on this that might help?  I can provide copes of the zones 
>> files as well as the master & slave named.conf files.
>>
>> Thanks,
>>
>> Jim
>>
>> -- 
>> Jim Bucks - IT/IS Support       www.coloradostudios.com
>> 2400 N. Ulster St.  Denver, CO 80238  Main 303-388-8500
>> jbucks at coloradostudios.com             DiD 303-542-5520
>>
>>

-- 
Jim Bucks - Central IT Support  www.coloradostudios.com
2400 N. Ulster St.  Denver, CO 80238  Main 303-388-8500
jbucks at coloradostudios.com             DiD 303-542-5520



More information about the bind-users mailing list