HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Zone Transfer trouble. (http://www.howtoforge.com/forums/showthread.php?t=6881)

vbrookie 15th September 2006 19:19

Zone Transfer trouble.
 
I am having a trouble tranfering zone to secondary nameserver. I have set up 2 identical servers(OpenSuse 10.1) and everything seems to be working fine except zone transfer. My servers are set up on DMZ using none public address and I have all the port forwarding rules setup correctly on my firewall.
Anybody have solution for this?
Thanks,

log from secondary nameserver
Code:

Sep 15 11:50:52 ns2 named[21231]: zone example.com/IN: Transfer started.
Sep 15 11:51:41 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'xxx.xxx.xxx.in-addr.arpa': not authoritative
Sep 15 11:51:42 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'example.com'
Sep 15 11:51:42 ns2 named[21231]: zone example.com/IN: refused notify from non-master: 192.168.1.100#33020
Sep 15 11:54:01 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: failed to connect: timed out
Sep 15 11:54:01 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: end of transfer
Sep 15 11:58:09 ns2 named[21231]: zone example.com/IN: refresh: retry limit for master xxx.xxx.xxx.xxx#53 exceeded (source 0.0.0.0#0)
Sep 15 11:58:09 ns2 named[21231]: zone example.com/IN: Transfer started.
Sep 15 12:01:18 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: failed to connect: timed out
Sep 15 12:01:18 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: end of transfer
Sep 15 12:09:06 ns2 proftpd[22487]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:06 ns2 proftpd[22487]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:10 ns2 proftpd[22498]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:10 ns2 proftpd[22498]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:21 ns2 kernel: Netfilter messages via NETLINK v0.30.
Sep 15 12:09:21 ns2 kernel: ip_conntrack version 2.4 (6143 buckets, 49144 max) - 232 bytes per conntrack
Sep 15 12:09:25 ns2 proftpd[22845]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:25 ns2 proftpd[22845]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:30 ns2 proftpd[22857]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:30 ns2 proftpd[22857]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:34 ns2 proftpd[22863]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:34 ns2 proftpd[22863]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:10:44 ns2 named[21231]: zone example.com/IN: refresh: retry limit for master xxx.xxx.xxx.xxx#53 exceeded (source 0.0.0.0#0)
Sep 15 12:10:44 ns2 named[21231]: zone example.com/IN: Transfer started.


falko 16th September 2006 23:47

Quote:

Originally Posted by vbrookie
log from secondary nameserver
Code:

Sep 15 11:51:41 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'xxx.xxx.xxx.in-addr.arpa': not authoritative

Your first DNS server isn't authoritative for the zone you want to transfer...

vbrookie 18th September 2006 17:35

Quote:

Originally Posted by falko
Your first DNS server isn't authoritative for the zone you want to transfer...

Fixed it, stupidly put wrong ip address. :o
Now. I got permission denied errors. Can you tell me which files and folder to to set permission for openSuse 10.1?
Thanks again!

Code:

Sep 18 11:13:35 ns2 named[20656]: zone example.com/IN: Transfer started.
Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: connected using 192.168.1.110#46373
Sep 18 11:13:35 ns2 named[20656]: dumping master file: tmp-Ei61hpSYW7: open: permission denied
Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: failed while receiving responses: permission denied
Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: end of transfer


till 18th September 2006 22:26

Did you follow the perfect setup for OpenSuse 10.1?

vbrookie 18th September 2006 22:49

Yes... I did fellow all the steps from perfect setup for openSuse 10.1, everything seems to be working fine except for zone transfer. :(

falko 19th September 2006 15:28

What's the output of
Code:

ls -la /var/lib/named
on both servers? What's in /etc/named.conf on both servers?

vbrookie 19th September 2006 16:16

Quote:

Originally Posted by falko
What's the output of
Code:

ls -la /var/lib/named
on both servers? What's in /etc/named.conf on both servers?

Here's the content of first server:ns1
Code:

ns1:~ # ls -la /var/lib/named/
total 64
drwxr-xr-x  9 root  root  4096 Sep 15 14:01 .
drwxr-xr-x 28 root  root  4096 Sep 18 15:30 ..
-rw-r--r--  1 root  root  192 Jul  4  2001 127.0.0.zone
drwxr-xr-x  2 root  root  4096 Sep 14 16:21 dev
drwxr-xr-x  2 named named 4096 May  2 04:33 dyn
drwxr-xr-x  3 root  root  4096 Sep 18 13:26 etc
-rw-r--r--  1 root  root  158 Jul  4  2001 localhost.zone
drwxr-xr-x  2 named named 4096 May  2 04:33 log
drwxr-xr-x  2 root  root  4096 May  2 04:33 master
-rw-r--r--  1 named named  704 Sep 15 14:02 pri.xxx.xxx.xxx.in-addr.arpa
-rw-r--r--  1 named named  673 Sep 15 14:02 pri.xxx.xxx.xxx.in-addr.arpa~
-rw-r--r--  1 named named  814 Sep 18 13:26 pri.example.com
-rw-r--r--  1 named named  843 Sep 18 13:26 pri.example.com~
-rw-r--r--  1 root  root  2517 May  2 04:33 root.hint
drwxr-xr-x  2 named named 4096 May  2 04:33 slave
drwxr-xr-x  4 root  root  4096 Sep  8 11:39 var
ns1:~ #


/etc/named

options {
        pid-file "/var/lib/named/var/run/named/named.pid";
        directory "/var/lib/named";
        auth-nxdomain no;
        allow-recursion {
        localhost;
        };
        /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0.zone";
};

zone "xxx.xxx.xxx.in-addr.arpa" {
        type master;
        file "pri.xxx.xxx.xxx.in-addr.arpa";
};


zone "example.com" {
        type master;
        file "pri.example.com";
};



//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

And content of second server: ns2

Code:

ns2:~ # ls -la /var/lib/named/
total 48
drwxr-xr-x  9 root  root  4096 Sep 18 11:13 .
drwxr-xr-x 28 root  root  4096 Sep 18 17:30 ..
-rw-r--r--  1 root  root  192 Jul  4  2001 127.0.0.zone
drwxr-xr-x  2 root  root  4096 Sep 14 13:22 dev
drwxr-xr-x  2 named named 4096 May  2 04:33 dyn
drwxr-xr-x  3 root  root  4096 Sep 18 11:13 etc
-rw-r--r--  1 root  root  158 Jul  4  2001 localhost.zone
drwxr-xr-x  2 named named 4096 May  2 04:33 log
drwxr-xr-x  2 root  root  4096 May  2 04:33 master
-rw-r--r--  1 root  root  2517 May  2 04:33 root.hint
drwxr-xr-x  2 named named 4096 May  2 04:33 slave
drwxr-xr-x  4 root  root  4096 Sep 12 23:17 var
ns2:~ #


/etc/named

options {
        pid-file "/var/lib/named/var/run/named/named.pid";
        directory "/var/lib/named";
        auth-nxdomain no;
        allow-recursion {
        localhost;
        };
        /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0.zone";
};



zone "example.com" {
        type slave;
        file "sec.example.com";
        masters { 192.168.1.100; };
};


//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

Thanks!

falko 20th September 2006 17:49

Please comment out
Code:

allow-recursion {
        localhost;
        };

on both systems and restart named.

vbrookie 20th September 2006 20:13

Thanks.
I changed it, but still error on zone transfer. :(

vbrookie 20th September 2006 20:48

I've googled and found a solution to this. :)
Code:

zone "example.com" {
        type slave;
        file "slave/sec.example.com";
        masters { 192.168.1.100; };
};



All times are GMT +2. The time now is 04:36.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.