Basic setup question for a master / slave setup with views...

Chris Buxton cbuxton at menandmice.com
Tue Feb 5 00:08:40 UTC 2008


So now you know that the problem is in your view definitions and their  
match-* statements. Since you have not shared those with the class,  
there's nothing more we can tell you.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Feb 4, 2008, at 12:10 PM, Jim Bucks wrote:

> additional info on the querylog.....
>
> Jim Bucks wrote:
>> Hello Mark,   (posted & mailed)
>>
>> Sorry for the delay in responding (been juggling / dropping a lot of
>> balls lately).....
>>
>> Mark Andrews wrote:
>>>> Hello All,
>>>>
>>>> I'm trying to "get this done on the weekends" a couple of new named
>>>> servers into production mode - and am stuck on a couple of  
>>>> problems:
>>>>
>>>>
>>>> Here's what I'm running on both boxed.
>>>>     Fedora Core 7 Linux 2.6.23.8-34.fc7  i686 i686 i386
>>>>     BIND 9.4.2
>>>>
>>>>
>>>> The internal views appear to be working ok (at lest they're  
>>>> creating
>>>> all the zone files in the internal directories on the slave  
>>>> server -
>>>> have not checked if they update changes).
>>>>
>>>>
>>>> The external views are confusing me.  Three of the zones files  
>>>> appear
>>>> to work, but the others (15) throw this error in the slave  
>>>> server's log:
>>>>
>>>>      zone yyyyyyyyyyyy.yyy/IN/external: refresh: non-authoritative
>>>>      answer from master xxx.xxx.xxx.xxx#53 (source 0.0.0.0#0)
>>>
>>>    This is from the client receiving a response to a SOA query
>>>    for the zone which doesn't have the AA bit set.
>>>
>>>    dig -b 0.0.0.0 yyyyyyyyyyyy.yyy soa +norec @xxx.xxx.xxx.xxx
>>>
>>>    on the slave to reproduce the query.
>>>
>>
>> Well, here's the dig results from the slave server:
>>   dig -b 0.0.0.0 1080p.com soa +norec  @67.134.161.162
>>
>>   ; <<>> DiG 9.4.2 <<>> -b 0.0.0.0 1080p.com soa +norec  
>> @67.134.161.162
>>   ;; global options:  printcmd
>>   ;; Got answer:
>>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15269
>>   ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
>>
>>   ;; QUESTION SECTION:
>>   ;1080p.com.                     IN      SOA
>>
>>   ;; AUTHORITY SECTION:
>>   .                       276068  IN      NS      K.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      G.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      F.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      C.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      B.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      M.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      J.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      E.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      H.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      A.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      I.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      L.ROOT-SERVERS.NET.
>>   .                       276068  IN      NS      D.ROOT-SERVERS.NET.
>>
>>   ;; ADDITIONAL SECTION:
>>   A.ROOT-SERVERS.NET.     362468  IN      A       198.41.0.4
>>   F.ROOT-SERVERS.NET.     362468  IN      A       192.5.5.241
>>   B.ROOT-SERVERS.NET.     362468  IN      A       192.228.79.201
>>   K.ROOT-SERVERS.NET.     362468  IN      A       193.0.14.129
>>   I.ROOT-SERVERS.NET.     362468  IN      A       192.36.148.17
>>   G.ROOT-SERVERS.NET.     362468  IN      A       192.112.36.4
>>   E.ROOT-SERVERS.NET.     362468  IN      A       192.203.230.10
>>   M.ROOT-SERVERS.NET.     362468  IN      A       202.12.27.33
>>   J.ROOT-SERVERS.NET.     362468  IN      A       192.58.128.30
>>   L.ROOT-SERVERS.NET.     362468  IN      A       199.7.83.42
>>   C.ROOT-SERVERS.NET.     362468  IN      A       192.33.4.12
>>   D.ROOT-SERVERS.NET.     362468  IN      A       128.8.10.90
>>   H.ROOT-SERVERS.NET.     362468  IN      A       128.63.2.53
>>
>>   ;; Query time: 29 msec
>>   ;; SERVER: 67.134.161.162#53(67.134.161.162)
>>   ;; WHEN: Mon Feb  4 08:23:10 2008
>>   ;; MSG SIZE  rcvd: 446
>>
>>
>>
>>
>>
>>>>      NO errors being logged on the master server.
>>>
>>>    Do you have the zones configured in the external view on the
>>>    master?
>>>
>>
>> I do believe so.  I have run named-chkconf (named.conf files on  
>> master &
>> slave servers) and named-chkzone (every external and internal  
>> forward &
>> reverse zone file) against all files.  I'm not getting any errors  
>> when
>> running these.
>>
>>>    Are you sure the slave is talking to the right view at the
>>>    right time.  Check the query log (enable if need be).
>>>
>>
>> Not sure about this one.  I'll do some reading on this.
>>
>
> ok, now, I'm confused / back to thinking it's a "silly syntax typo"...
>
> Here's what the MASTER server's saying...
> Feb  4 12:51:00 dns02 named[16847]: client 67.134.161.163#32786: view
> internal: query: 1080p.com IN SOA -E
> Feb  4 12:52:42 dns02 named[16847]: client 67.134.161.163#32786: view
> internal: query: 1080p.com IN SOA -E
>
> 1080p.com is not in the internal zone directory.  It's only in the
> external zone directory.
>
>
> Here's what the SLAVE server's saying...
> Feb  4 13:03:16 dns03 named[11347]: zone 1080p.com/IN/external:  
> refresh:
> non-authoritative answer from master 67.134.161.162#53 (source  
> 0.0.0.0#0)
>
>
>
>
>
>
>
>> Thanks for the ideas.
>>
>> Jim
>>
>>>> I have checked spelling, removed / relaxed "security" settings
>>>> (match-clients & match-destinations) and added explicit "allow's"
>>>> (allow -update and allow-transfer) to no avail.
>>>>
>>>> Any thoughts on this that might help?  I can provide copes of the
>>>> zones files as well as the master & slave named.conf files.
>>>>
>>>> Thanks,
>>>>
>>>> Jim
>>>>
>>>> -- 
>>>> Jim Bucks - IT/IS Support       www.coloradostudios.com
>>>> 2400 N. Ulster St.  Denver, CO 80238  Main 303-388-8500
>>>> jbucks at coloradostudios.com             DiD 303-542-5520
>>>>
>>>>
>>
>
> -- 
> Jim Bucks - Central IT Support  www.coloradostudios.com
> 2400 N. Ulster St.  Denver, CO 80238  Main 303-388-8500
> jbucks at coloradostudios.com             DiD 303-542-5520
>
>



More information about the bind-users mailing list