#1  
Old 3rd January 2006, 18:37
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default Problem with slave DNS

I have an ISPConfig perfect setup on Debian 3.1 and i have a problem with slave DNS. When i create a slave zone on my ISPCONFIG, i have this error in my syslog file :

Code:
Jan  3 18:19:15 jedi named[15319]: transfer of 'domain.org/IN' from 195 ... ... ...#53: failed while receiving responses: REFUSED
Jan  3 18:19:15 jedi named[15319]: transfer of 'domain.org/IN' from 195 ... ... ...#53: end of transfer
My named.conf seems to be good but the zone file isn't created. It seems to be a problem with a chmod on a directory...?

/var/lib/named = 755 root:root

/var/lib/named/etc = 755 root:root

/var/lib/named/etc/bind = 755 bind:bind


On my primary DNS server i have this in my named.conf :

Code:
zone "domain.org" {
         type master;
         file "domain.zone";
         allow-transfer {195 ... ... ...; };
};
My primary DNS server is not an IPSconfig server.

Could you help me please ?

Thanks for your great work
Reply With Quote
Sponsored Links
  #2  
Old 3rd January 2006, 19:18
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by DarkBen
On my primary DNS server i have this in my named.conf :

Code:
zone "domain.org" {
         type master;
         file "domain.zone";
         allow-transfer {195 ... ... ...; };
};
The IP address in allow-transfer must be the IP address of the secondary DNS server. Also make sure that the firewall doesn't block port 53 (TCP and UDP)!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 4th January 2006, 10:13
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Thanks for your help Falko, but my firewall is off and ip address on my primary server is ip of my ISPconfig server (slave)... If you have another idea i take it

This is in my named.conf on my secondary DNS (ISPConfig)

Code:
zone "domain.org" {
         type slave;
         file "sec.domain.org";
         masters { ip of my primary DNS };
};
In fact the file "sec.domain.org" isn't created...

Last edited by DarkBen; 4th January 2006 at 10:18.
Reply With Quote
  #4  
Old 4th January 2006, 10:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

The domain sec.domain.org is created as master record on the primary DNS server?
The firewall on the primary SNS allows zone transfers?
Maybe you have disabld zone transfers on the primary DNS server?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 4th January 2006, 11:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I found this on http://www.isc.org/index.pl?/sw/bind/FAQ.php:

Quote:
Q:

I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while receiving responses: permission denied" error messages.
A:

These indicate a filesystem permission error preventing named creating / renaming the temporary file. These will usually also have other associated error messages like

"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"

Named needs write permission on the directory containing the file. Named writes the new cache file to a temporary file then renames it to the name specified in named.conf to ensure that the contents are always complete. This is to prevent named loading a partial zone in the event of power failure or similar interrupting the write of the master file.

Note file names are relative to the directory specified in options and any chroot directory ([<chroot dir>/][<options dir>]).

If named is invoked as "named -t /chroot/DNS" with the following named.conf then "/chroot/DNS/var/named/sl" needs to be writable by the user named is running as.

Code:
options {
	directory "/var/named";
};

zone "example.net" {
	type slave;
	file "sl/example.net";
	masters { 192.168.4.12; };
};
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 4th January 2006, 12:09
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

I think it is a permission problem because all my aothers secondary DNS are ok.
On my ISPConfig i have this when i do a

Code:
ps aux | grep named
Code:
bind     21799  0.0  0.2 29404 2656 ?        Ss   11:42   0:00 /usr/sbin/named -u bind -t /var/lib/named
What are the good permissions for my directory /var/lib/named ?

Where should be created sec... files ?

When i restart my primary DNS i have this in my syslog :

Code:
Jan  4 12:06:30 xplora named[711]: client 195... ... ... #48283: zone transfer 'domain.org/IN' denied
Jan  4 12:06:30 xplora named[16155]: received notify for zone 'another_domain.net'
Jan  4 12:06:30 xplora named[16155]: received notify for zone 'another_domain.org'
It seems to be ok for others secondary DNS...

Last edited by DarkBen; 4th January 2006 at 12:20.
Reply With Quote
  #7  
Old 5th January 2006, 11:13
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

A dig on my primary server :

Code:
dig @localhost domain.org
Code:
; <<>> DiG 9.2.4 <<>> @localhost domain.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24453
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.org.               IN      A

;; AUTHORITY SECTION:
domain.org.        38400   IN      SOA     serveur.domain.com. root.domain.org. 2006010402 28800 14400 3600000 86400

;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu Jan  5 11:01:04 2006
;; MSG SIZE  rcvd: 93
On my secondary (ISPConfig)

Code:
dig @localhost domain.org
Code:
; <<>> DiG 9.2.4 <<>> @localhost domain.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51956
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.org.               IN      A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu Jan  5 11:07:51 2006
;; MSG SIZE  rcvd: 33
I think there is a problem with permissions but i dont know where
Reply With Quote
  #8  
Old 5th January 2006, 11:47
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Is your primary DNS the authoritative DNS for domain.org?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 5th January 2006, 12:05
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

Yes it is the SOA...
Reply With Quote
  #10  
Old 5th January 2006, 12:42
DarkBen DarkBen is offline
Member
 
Join Date: Oct 2005
Posts: 70
Thanks: 1
Thanked 2 Times in 2 Posts
Default

This is ok !

there was a problem with my primary DNS on allow-transfer and notify options.

thanks for your help !
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with https and IE on Mac os and safari DarkBen Installation/Configuration 11 29th September 2006 17:45
SMTP TLS Problem with Mail Client dschmid Installation/Configuration 1 9th December 2005 01:56
Problem installing ISPConfig, then with MySQL... ctroyp Installation/Configuration 7 26th September 2005 16:37
Problem with webmail MyLinux General 10 17th September 2005 14:31
Bind stops and cannot be restarted after a slave domain is added jason Installation/Configuration 20 19th August 2005 08:16


All times are GMT +2. The time now is 05:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.