HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Broke my MyISPconfig3 DNS sync (http://www.howtoforge.com/forums/showthread.php?t=59115)

primesoftnz 16th October 2012 08:48

Broke my MyISPconfig3 DNS sync
 
I have a newly installed multiserver cluster setup with one master and two slave dns servers. (and a web, mail and database server)

I attempted to load DNS with a zone import which was successful but with an unintended result. It did however initially sync the result of the import with the two slaves. All records ended up under the last zone of the import file instead of in a dozen different zones. Consequently I deleted the zone and the slaves appear to have deleted the records as well.

I then re-imported a single zone and tested but neither of the slaves have updated.

Under tools I attempted to resync dns with no success. (even though it says that the zone has been resynced)

I've been using mysql from the command line for checking the dns_rr table for entries manually and find no records have been loaded on the slaves but are present on the master.

I have somehow broken the mysql synchronisation.

Any idea what I the remedy is?

till 16th October 2012 08:50

Pleases ee here for debug instructions:

http://www.howtoforge.com/forums/showthread.php?t=58408

primesoftnz 16th October 2012 21:20

I followed the instructions on setting higher debug level on both master and slave and tested using instructions http://www.faqforge.com/linux/debugg...-of-a-failure/

The only output from running the server.sh script was that it had finished.

I tailed the syslog on both servers while running the script but it also produced no output.

I'm wondering if I should now move on to http://stackoverflow.com/questions/2...abase-incase-o instructions for resyncing mysql databases?

primesoftnz 17th October 2012 03:31

Never mind, My bad.
I missed a critical setup of choosing the mirrored server.

Now for some reason I can't do a lookup from outside the network the DNS servers are on.
:-(

syslog shows

dns1 named[31920]: client xxx.xxx.xxx.xxx#36234: query (cache) 'www.mydomain.xx.xx/A/IN' denied

till 17th October 2012 08:40

Take a look at the syslog and post the errors that you get when you restart named.

primesoftnz 17th October 2012 22:36

Output from named in syslog from a restart of bind9 on primary DNS server as follows:


Oct 18 09:32:38 dns1 named[31920]: received control channel command 'stop -p'
Oct 18 09:32:38 dns1 named[31920]: shutting down: flushing changes
Oct 18 09:32:38 dns1 named[31920]: stopping command channel on 127.0.0.1#953
Oct 18 09:32:38 dns1 named[31920]: stopping command channel on ::1#953
Oct 18 09:32:38 dns1 named[31920]: no longer listening on ::#53
Oct 18 09:32:38 dns1 named[31920]: no longer listening on 127.0.0.1#53
Oct 18 09:32:38 dns1 named[31920]: no longer listening on 202.36.227.102#53
Oct 18 09:32:38 dns1 named[31920]: exiting
Oct 18 09:32:39 dns1 named[20852]: starting BIND 9.7.3 -u bind
Oct 18 09:32:39 dns1 named[20852]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Oct 18 09:32:39 dns1 named[20852]: adjusted limit on open files from 1024 to 1048576
Oct 18 09:32:39 dns1 named[20852]: found 2 CPUs, using 2 worker threads
Oct 18 09:32:39 dns1 named[20852]: using up to 4096 sockets
Oct 18 09:32:39 dns1 named[20852]: loading configuration from '/etc/bind/named.conf'
Oct 18 09:32:39 dns1 named[20852]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Oct 18 09:32:39 dns1 named[20852]: using default UDP/IPv4 port range: [1024, 65535]
Oct 18 09:32:39 dns1 named[20852]: using default UDP/IPv6 port range: [1024, 65535]
Oct 18 09:32:39 dns1 named[20852]: listening on IPv6 interfaces, port 53
Oct 18 09:32:39 dns1 named[20852]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 18 09:32:39 dns1 named[20852]: listening on IPv4 interface eth0, 202.36.227.102#53
Oct 18 09:32:39 dns1 named[20852]: generating session key for dynamic DNS
Oct 18 09:32:39 dns1 named[20852]: set up managed keys zone for view _default, file 'managed-keys.bind'
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: D.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: A.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: B.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: command channel listening on 127.0.0.1#953
Oct 18 09:32:39 dns1 named[20852]: command channel listening on ::1#953
Oct 18 09:32:39 dns1 named[20852]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 18 09:32:39 dns1 named[20852]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 18 09:32:39 dns1 named[20852]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 18 09:32:39 dns1 named[20852]: zone localhost/IN: loaded serial 2
Oct 18 09:32:39 dns1 named[20852]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 18 09:32:39 dns1 named[20852]: managed-keys-zone ./IN: loaded serial 0
Oct 18 09:32:39 dns1 named[20852]: running

I got rid of the only error of file not found through

touch /var/cache/bind/managed-keys.bind
chown bind:bind /var/cache/bind/managed-keys.bind

Original issue regarding named not allowing a query from outside the network still exists.

primesoftnz 18th October 2012 08:53

I found a fix that works but I'm not sure what it opens up as far as security risk.
My DNS servers are intended to be authoritative so I added

allow-query { any; };

to named.conf.options and restarted bind9 on each of my three DNS servers in the cluster.

Seems to answer queries from outside my network now for records both on the servers and external to them. I guess this provides recursion as well?

falko 18th October 2012 13:37

Quote:

Originally Posted by primesoftnz (Post 286957)
I guess this provides recursion as well?

No, to enable recursion, you need

Code:

recursion yes;
in the options.


All times are GMT +2. The time now is 13:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.