Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th September 2006, 19:19
vbrookie vbrookie is offline
Junior Member
 
Join Date: May 2006
Posts: 16
Thanks: 2
Thanked 2 Times in 2 Posts
Default Zone Transfer trouble.

I am having a trouble tranfering zone to secondary nameserver. I have set up 2 identical servers(OpenSuse 10.1) and everything seems to be working fine except zone transfer. My servers are set up on DMZ using none public address and I have all the port forwarding rules setup correctly on my firewall.
Anybody have solution for this?
Thanks,

log from secondary nameserver
Code:
Sep 15 11:50:52 ns2 named[21231]: zone example.com/IN: Transfer started.
Sep 15 11:51:41 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'xxx.xxx.xxx.in-addr.arpa': not authoritative
Sep 15 11:51:42 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'example.com'
Sep 15 11:51:42 ns2 named[21231]: zone example.com/IN: refused notify from non-master: 192.168.1.100#33020
Sep 15 11:54:01 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: failed to connect: timed out
Sep 15 11:54:01 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: end of transfer
Sep 15 11:58:09 ns2 named[21231]: zone example.com/IN: refresh: retry limit for master xxx.xxx.xxx.xxx#53 exceeded (source 0.0.0.0#0)
Sep 15 11:58:09 ns2 named[21231]: zone example.com/IN: Transfer started.
Sep 15 12:01:18 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: failed to connect: timed out
Sep 15 12:01:18 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: end of transfer
Sep 15 12:09:06 ns2 proftpd[22487]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:06 ns2 proftpd[22487]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:10 ns2 proftpd[22498]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:10 ns2 proftpd[22498]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:21 ns2 kernel: Netfilter messages via NETLINK v0.30.
Sep 15 12:09:21 ns2 kernel: ip_conntrack version 2.4 (6143 buckets, 49144 max) - 232 bytes per conntrack
Sep 15 12:09:25 ns2 proftpd[22845]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:25 ns2 proftpd[22845]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:30 ns2 proftpd[22857]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:30 ns2 proftpd[22857]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:09:34 ns2 proftpd[22863]: localhost (localhost[127.0.0.1]) - FTP session opened.
Sep 15 12:09:34 ns2 proftpd[22863]: localhost (localhost[127.0.0.1]) - FTP session closed.
Sep 15 12:10:44 ns2 named[21231]: zone example.com/IN: refresh: retry limit for master xxx.xxx.xxx.xxx#53 exceeded (source 0.0.0.0#0)
Sep 15 12:10:44 ns2 named[21231]: zone example.com/IN: Transfer started.
Reply With Quote
Sponsored Links
  #2  
Old 16th September 2006, 23:47
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by vbrookie
log from secondary nameserver
Code:
Sep 15 11:51:41 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'xxx.xxx.xxx.in-addr.arpa': not authoritative
Your first DNS server isn't authoritative for the zone you want to transfer...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 18th September 2006, 17:35
vbrookie vbrookie is offline
Junior Member
 
Join Date: May 2006
Posts: 16
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by falko
Your first DNS server isn't authoritative for the zone you want to transfer...
Fixed it, stupidly put wrong ip address.
Now. I got permission denied errors. Can you tell me which files and folder to to set permission for openSuse 10.1?
Thanks again!

Code:
Sep 18 11:13:35 ns2 named[20656]: zone example.com/IN: Transfer started.
Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: connected using 192.168.1.110#46373
Sep 18 11:13:35 ns2 named[20656]: dumping master file: tmp-Ei61hpSYW7: open: permission denied
Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: failed while receiving responses: permission denied
Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: end of transfer
Reply With Quote
  #4  
Old 18th September 2006, 22:26
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,565
Thanks: 791
Thanked 4,979 Times in 3,900 Posts
Default

Did you follow the perfect setup for OpenSuse 10.1?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 18th September 2006, 22:49
vbrookie vbrookie is offline
Junior Member
 
Join Date: May 2006
Posts: 16
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Yes... I did fellow all the steps from perfect setup for openSuse 10.1, everything seems to be working fine except for zone transfer.
Reply With Quote
The Following User Says Thank You to vbrookie For This Useful Post:
ToeKnee (3rd April 2009)
  #6  
Old 19th September 2006, 15:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

What's the output of
Code:
ls -la /var/lib/named
on both servers? What's in /etc/named.conf on both servers?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 19th September 2006, 16:16
vbrookie vbrookie is offline
Junior Member
 
Join Date: May 2006
Posts: 16
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by falko
What's the output of
Code:
ls -la /var/lib/named
on both servers? What's in /etc/named.conf on both servers?
Here's the content of first server:ns1
Code:
ns1:~ # ls -la /var/lib/named/
total 64
drwxr-xr-x  9 root  root  4096 Sep 15 14:01 .
drwxr-xr-x 28 root  root  4096 Sep 18 15:30 ..
-rw-r--r--  1 root  root   192 Jul  4  2001 127.0.0.zone
drwxr-xr-x  2 root  root  4096 Sep 14 16:21 dev
drwxr-xr-x  2 named named 4096 May  2 04:33 dyn
drwxr-xr-x  3 root  root  4096 Sep 18 13:26 etc
-rw-r--r--  1 root  root   158 Jul  4  2001 localhost.zone
drwxr-xr-x  2 named named 4096 May  2 04:33 log
drwxr-xr-x  2 root  root  4096 May  2 04:33 master
-rw-r--r--  1 named named  704 Sep 15 14:02 pri.xxx.xxx.xxx.in-addr.arpa
-rw-r--r--  1 named named  673 Sep 15 14:02 pri.xxx.xxx.xxx.in-addr.arpa~
-rw-r--r--  1 named named  814 Sep 18 13:26 pri.example.com
-rw-r--r--  1 named named  843 Sep 18 13:26 pri.example.com~
-rw-r--r--  1 root  root  2517 May  2 04:33 root.hint
drwxr-xr-x  2 named named 4096 May  2 04:33 slave
drwxr-xr-x  4 root  root  4096 Sep  8 11:39 var
ns1:~ #


/etc/named

options {
        pid-file "/var/lib/named/var/run/named/named.pid";
        directory "/var/lib/named";
        auth-nxdomain no;
        allow-recursion {
	localhost;
	};
	/*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0.zone";
};

zone "xxx.xxx.xxx.in-addr.arpa" {
        type master;
        file "pri.xxx.xxx.xxx.in-addr.arpa";
};


zone "example.com" {
        type master;
        file "pri.example.com";
};



//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
And content of second server: ns2

Code:
ns2:~ # ls -la /var/lib/named/
total 48
drwxr-xr-x  9 root  root  4096 Sep 18 11:13 .
drwxr-xr-x 28 root  root  4096 Sep 18 17:30 ..
-rw-r--r--  1 root  root   192 Jul  4  2001 127.0.0.zone
drwxr-xr-x  2 root  root  4096 Sep 14 13:22 dev
drwxr-xr-x  2 named named 4096 May  2 04:33 dyn
drwxr-xr-x  3 root  root  4096 Sep 18 11:13 etc
-rw-r--r--  1 root  root   158 Jul  4  2001 localhost.zone
drwxr-xr-x  2 named named 4096 May  2 04:33 log
drwxr-xr-x  2 root  root  4096 May  2 04:33 master
-rw-r--r--  1 root  root  2517 May  2 04:33 root.hint
drwxr-xr-x  2 named named 4096 May  2 04:33 slave
drwxr-xr-x  4 root  root  4096 Sep 12 23:17 var
ns2:~ #


/etc/named

options {
        pid-file "/var/lib/named/var/run/named/named.pid";
        directory "/var/lib/named";
        auth-nxdomain no;
        allow-recursion {
	localhost;
	};
	/*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
        type hint;
        file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "127.0.0.zone";
};



zone "example.com" {
        type slave;
        file "sec.example.com";
        masters { 192.168.1.100; };
};


//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
Thanks!
Reply With Quote
  #8  
Old 20th September 2006, 17:49
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Please comment out
Code:
allow-recursion {
	localhost;
	};
on both systems and restart named.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 20th September 2006, 20:13
vbrookie vbrookie is offline
Junior Member
 
Join Date: May 2006
Posts: 16
Thanks: 2
Thanked 2 Times in 2 Posts
Default

Thanks.
I changed it, but still error on zone transfer.
Reply With Quote
  #10  
Old 20th September 2006, 20:48
vbrookie vbrookie is offline
Junior Member
 
Join Date: May 2006
Posts: 16
Thanks: 2
Thanked 2 Times in 2 Posts
 
Default

I've googled and found a solution to this.
Code:
zone "example.com" {
        type slave;
        file "slave/sec.example.com";
        masters { 192.168.1.100; };
};
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ethereal Trouble mcrosby Installation/Configuration 8 25th June 2006 03:50
DNS Default TTL and Reverse Zone WEX General 2 16th June 2006 00:46
BIND broke adamluz Installation/Configuration 4 2nd June 2006 21:31
Zone transfer chrno Server Operation 1 1st May 2006 15:43
named.conf and zone files latcarf Server Operation 2 6th August 2005 15:00


All times are GMT +2. The time now is 10:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.