HI All

I'm working with the Debian Master/slave DNS system HOWTO
I'm using Debian 3.1
and i'm using ftp.de.debian.org

to source my files

I'm having a number problems with the BIND9 Master/Slave System

I get stuck in the begining

after adding
deb-src http://ftp.de.debian.org/debian testing main contrib non-free

to my sources.list file and then running
cd ~/lsb-base/
apt-get -y build-dep lsb-base
apt-get source lsb-base -b
dpkg-i lsb-base*.deb

it has a problem in the
apt-get -y build-dep lsb-base:mad:

E: Build-Depends dependency for lsb cannot be satisfied because no available versions of package debhelper can satisfy version requirements

and the second when i decided to leave those 2 steps outs (LSB-Base and BIND9) i just ran the apt-get install bind 9 and bind was installed but now after all that when i try to run /etc/init.d/bind9 restart after installoing on the master and the slave i get this error

Stopping domain name service: namedrndc: connect failed: connection refused

and i read that i need to change the settings on /etc/default/bind9
from the bind user to nobody and i did that and still no luck i still get the same error even after restarting the machine many a time and my other problem is that the zones are not copied from one machine to another could that be because of lsb-base not being installed correctly

after including these 2 lines in /etc/bind/named.conf.options
dnssec-enable yes;
dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan

and running the named-checkconf command i get this error
/etc/bind/named.conf.options:22: unknown option 'dnssec-enable'
/etc/bind/named.conf.options:23: unknown option 'dnssec-keygen'

can anyone assist me as to what am i doing wrong!!!!:mad: :mad:

HI All

I'm working with the Debian Master/slave DNS system HOWTO
I'm using Debian 3.1
and i'm using ftp.de.debian.org

to source my files

I'm having a number problems with the BIND9 Master/Slave System

I get stuck in the begining

after adding
deb-src http://ftp.de.debian.org/debian testing main contrib non-free

to my sources.list file and then running
cd ~/lsb-base/
apt-get -y build-dep lsb-base
apt-get source lsb-base -b
dpkg-i lsb-base*.deb

it has a problem in the
apt-get -y build-dep lsb-base:mad:

E: Build-Depends dependency for lsb cannot be satisfied because no available versions of package debhelper can satisfy version requirementsHave a look here: http://www.howtoforge.com/forums/showthread.php?t=6816

and the second when i decided to leave those 2 steps outs (LSB-Base and BIND9) i just ran the apt-get install bind 9 and bind was installed but now after all that when i try to run /etc/init.d/bind9 restart after installoing on the master and the slave i get this error

Stopping domain name service: namedrndc: connect failed: connection refused

and i read that i need to change the settings on /etc/default/bind9
from the bind user to nobody and i did that and still no luck i still get the same error even after restarting the machine many a time and my other problem is that the zones are not copied from one machine to another could that be because of lsb-base not being installed correctly

after including these 2 lines in /etc/bind/named.conf.options
dnssec-enable yes;
dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan

and running the named-checkconf command i get this error
/etc/bind/named.conf.options:22: unknown option 'dnssec-enable'
/etc/bind/named.conf.options:23: unknown option 'dnssec-keygen'

can anyone assist me as to what am i doing wrong!!!!:mad: :mad:Check out the comments at the bottom of http://www.howtoforge.com/howto_bind_chroot_debian . It's a permissions problem.

:) Thanks for the reply falko :)

I'm still having trouble here though


after including these 2 lines in /etc/bind/named.conf.options
dnssec-enable yes;
dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan

and running the named-checkconf command i get this error
/etc/bind/named.conf.options:22: unknown option 'dnssec-enable'
/etc/bind/named.conf.options:23: unknown option 'dnssec-keygen'

dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan

This one is a command for the shell, it doesn't go into a configuration file.

And this one?

dnssec-enable yes;

Put it into /etc/bind/named.conf.options.

I included this to the end of

/etc/bind/named.conf.options.

and whenever i run named-checkconf

i get an error on the line of that dnssec what must it be


when i add these to the different files i get an error when i try to restart bind9


Add this in your /etc/bind/named.conf on master AND slave:
key "TRANSFER" {
algorithm hmac-md5;
secret "---HASHKEY---";
};

On the master we add the slave ip to /etc/bind/named.conf:
server 192.168.254.2 {
keys {
TRANSFER;
};
};

And on the slave we add the master ip to /etc/bind/named.conf:
server 192.168.254.1 {
keys {
TRANSFER;
};
};

Add to /etc/bind/named.conf.local: zone "linux.lan" {
type slave;
file "/etc/bind/zones/slave_linux.lan";
masters { 192.168.254.1; };
allow-notify { 192.168.254.1; };
};
Final thing needed on BOTH hosts is to add this to /etc/bind/named.conf:
include "/etc/bind/rndc.key";

i did some research and someone actually said that i should change the permissions on my /etc/default/bind9 file from the user bind to nobody and i tried that still no luck

i get an error on the line of that dnssec what must it be


when i add these to the different files i get an error when i try to restart bind9

What are the exact error messages?

When i copied the DNSSec and included it to the end of

/etc/bind/named.conf.options

and run named-checkconf this is the error that i get

:~# named-checkconf
/etc/bind/named.conf.options:23: unknown option 'dnssec-enable'

Did you install Bind exactly as described under "Installing Software" on http://www.howtoforge.com/debian_bind9_master_slave_system ?

to be on the safe side i'll do a fresh installation on 2 pc's again hope that this time it works...

hi,
i noticed the problem to when trying my howto some days/week later :x

you should go to backports for lsb package or just get every thing from them.

eg. apt-get install bind9 -t sarge-backports

the dnssec-enable option will not work with the bind9 version Sarge has, so thats why youre stuck now and need the version from testing ;)

I have a question about the master/slave DNS system.

What I want to ask is if I have to manually edit the named.conf file on the Slave DNS Server every time I add a new domain to my Master DNS Server.

I understand that the zones file gets created automatically by the transfer process between the master and the server that bind does, but what about the named.conf file?

In a short way, is the Slave DNS Server a set-and-forget thing or do I still have to login to it and manually edit the named.conf file every time I add a new domain?

And a second question I would like to ask is if a DNS server can be a master for one zone and a slave for another zone at the same time.
The reason I'm asking this is because I have some Plesk servers and using this (http://www.blitzengineers.net/component/option,com_remository/Itemid,26/func,fileinfo/id,7/) script I fetch the DNS records from the Plesk servers. The script produces a file that has all the zone configuration from the Plesk servers, but configured as slave zones then transfers the zone files using the bind transfer system and finally it restarts named. I have added this script to my crontab and it runs every 15 minues. The only thing I needed to do was to add the generated filename as an include in named.conf the first time the script ran. So I want to ask if it's OK to host master zones and slave zones on the same machine.

Thanks a lot,
wintech2003

What I want to ask is if I have to manually edit the named.conf file on the Slave DNS Server every time I add a new domain to my Master DNS Server.Yes, unless you use a control panel like ISPConfig on your slave. If you don't add something like this to the named.conf on the slave:

zone "example.com" {
type slave;
file "sec.example.com";
masters { 1.2.3.4; };
};where 1.2.3.4 is the IP address of the master DNS server. Then restart Bind.


And a second question I would like to ask is if a DNS server can be a master for one zone and a slave for another zone at the same time.
Yes.