retransfer zone from stealth master

Lawrence K. Chen, P.Eng. lkchen at ksu.edu
Wed Feb 26 14:57:01 UTC 2014 

Noticed some zones weren't transferring, so I tried to see what was up.  The 
logs show its polling the published master (one of my secondaries), which 
fails since it doesn't have the zone yet.  None of my secondaries have it 
yet.

I was on vacation when the domains were set up, though I had provided 
instructions on how to do this very task before I left, along with other 
instructions, since the request was "how do I setup a new secondary"...in the 
context of DDoS...which I first read as another secondary authoritative 
nameserver (which didn't make sense to me...since there are other things 
outside of our groups control that are needed.)

I later decided the real request was how to make our secondaries slave to a 
departmental nameserver, so that there will still be accessible authorities 
for their (sub)domains after their port 53 gets blocked at the border.  Which 
was that its the same as the last part of our adding a new domain to our DNS 
wiki document, except that instead of slaving from our master nameserver, its 
slaving from the departmental master.

Anyhoo...

How can I get an initial transfer of the zone from a stealth master?  Or do I 
have to wait to get the administrator of the master to give it another kick?

masters {}; contains the IPs for both departmental nameservers, plus IP for 
ns-1.ksu.edu, but logs show its only trying to transfer from ns-1.ksu.edu.

Often, due to historical reasons, some departments only notify ns-1.ksu.edu, 
leaving me to also-notify my other secondaries, etc.  masters {} also used to 
contain every server that could act as an authoritative source...even if the 
instance was host-only (the admin wanted a local recursive caching resolver 
instance, created a full blown authoritative with recursive caching query 
resolver.... that only responds to localhost)  I think there are 8 of these 
still in existence.  They were to be refreshed or eliminated in the near 
future.... ~5 years ago.... (I did remove one or two from my pseudo-script to 
update bind everywhere, last year...)

-- 
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally

More information about the bind-users mailing list