A Zone Transfer Question

David Li dlipubkey at gmail.com
Fri Feb 19 19:01:18 UTC 2016 

Hi John,

Here are the files. They are all internal zones without any references
to external name servers.

VM1:
====

named.conf:
-------------

#
# master (on VM1)
#
zone "rack1.com" {
    type master;
    file "/var/named/db.rack1.com";
    allow-update { key rndc-key-rack1; }; # For DHCP dynamic update
};

#
# slave (on VM2)
#
zone "rack3.com" {
    type slave;
    file "/var/named/bak.rack3.com";
    masters { 10.4.3.101; }; #VM3 named IP
};


zone file:
/var/named/db.rack1.com
-------------------------

$ORIGIN .
$TTL 907200     ; 1 week 3 days 12 hours
rack1.com               IN SOA  dnsserver1.rack1.com. admin.rack1.com. (
                                8          ; serial
                                60         ; refresh (1 minute)
                                60         ; retry (1 minute)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
                        NS      dnsserver1.rack1.com.
$ORIGIN rack1.com.
dnsserver1              A       10.4.1.101

$TTL 3600       ; 1 hour
node1                   A       10.4.1.11
                        TXT     "007ddd47ea6ddcd890312de89e37bde496"
node2                   A       10.4.1.12
                        TXT     "316a8d5e65fbd9f853df6d90ad1f24ecac"
node3                   A       10.4.1.13
                        TXT     "009da8179478f9169cb47965e53d19f134"

On VM2
=======



named.conf file
---------------




#
# Master
#
zone "rack3.com" {
    type master;
    file "/var/named/db.rack3.com";
    allow-update { key rndc-key-rack3; }; # For DHCP update
};


#
# Slave
#
zone "rack1.com" {
    type slave;
    file "/var/named/bak.rack1.com";
    masters { 10.4.1.101; }; # VM1 named IP address
};




zone file:
----------

$ORIGIN .
$TTL 907200     ; 1 week 3 days 12 hours
rack3.com               IN SOA  dnsserver3.rack3.com. admin.rack3.com. (
                                2          ; serial
                                60      ; refresh ()
                                60       ; retry ()
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
                        NS      dnsserver3.rack3.com.
$ORIGIN rack3.com.
dnsserver3              A       10.4.3.101
$TTL 3600       ; 1 hour
node1                   A       10.4.3.11
                        TXT     "001395d7d2a164c7efde811584bbc470b9"


On Fri, Feb 19, 2016 at 8:59 AM, John Miller <johnmill at brandeis.edu> wrote:
> On Fri, Feb 19, 2016 at 11:45 AM, David Li <dlipubkey at gmail.com> wrote:
>>  This is my first time to try master slave configuration. Here is a
>>     brief description:
>>
>>     I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the
>>     master for zone1 and slave for zone2. VM2 is master for zone2 and
>>     slave for zone1. Both zones uses DNS Dynamic Update from DHCP
>> servers on the same VM
>>     to update the A records in their zone files. No DNSSEC configured.
>>
>>
>>     To start, everything seems to be working fine. I have one host in each
>>     zone and they can resolve each other fine.
>>
>>     Now I add a new host to zone1 and its sequence number has been bumped
>>     up. I read that when the zone1 file changes, it will automatically
>>     notify its slave zone (ie. zone2) to start a zone transfer after 15
>>     min. This never happened. Then I restarted named on VM2 and hoped it
>>     would pull the new zone1 file. This didn't happened either.
>>     Eventually I have to either restart the VM2 or use dig to start the
>>     zone transfer.
>>
>>     Can anyone spot anything obviously wrong here? Do I need to post my
>>     zone file and named.conf?
>>
>
> Hi David -
>
> Yes, it'd certainly help if you posted your named.conf.  I don't know
> that we need the whole zone file: the SOA and NS records would
> probably suffice in this case, especially if the zone has tons of
> records.
>
> I'll say: it sounds a little odd that you'd expect zone2 to be updated
> when zone1 changes.  The master NS for zone1 will send out NOTIFY
> messages to the servers listed in the NS records for zone1; it'll also
> send NOTIFYs to anything you've put in an also-notify block.
>
> The 15-minute wait also sounds strange: NOTIFY happens as soon as the
> serial number of the master zone is incremented and the zone is
> reloaded.  Also, a slave NS will automatically check its master for
> updates after the refresh interval (1st number after the serial)
> specified in the SOA record.  If you have that set to 15 minutes (900
> seconds), then yes--the slave would check its master for updates, but
> it's the _slave_ reaching out to the _master_ in that case.  Likewise,
> slaves will reach out to their master NS when their zones are
> reloaded.
>
> I'm not going to worry about the DHCP dynamic updates piece yet - make
> sure your master and slave are set up properly before introducing
> dynamic updates to the mix.
>
> John

More information about the bind-users mailing list