1st May 2009, 08:10
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
DNS zone transfer
I would like to allow zone transfer to a backup DNS server which is hosted by EditDNS. The IPSConfig box is currently now acting as the master and accepting DNS request from outside.
What else do I need to do besides adding the IP's "slave domain" where it says:
Allow zone transfers to these IPs (comma separated list) under the DNS tab for my zone?
For some reason it's not working. Are there any logs that I can look to see if the request being made from EditDNS? Do I need to modify any config files?
Last edited by binaryrogue; 1st May 2009 at 19:27.
|
2nd May 2009, 20:05
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
Can you post your /etc/mydns.conf file?
|
4th May 2009, 05:16
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
## AUTOMATICALLY GENERATED BY DEBCONF. DO NOT MODIFY DATABASE
## INFORMATION (database, db-*)...
## PLEASE RUN 'dpkg-reconfigure mydns-mysql' INSTEAD.
## CHANGES TO THE FOLLOWING DIRECTIVES ARE NOT PRESERVED, BUT REPLACED,
## ON UPGRADE:
## user, group, pidfile, db-*, database
##
## /etc/mydns.conf
## Thu Aug 2 16:36:26 2007
## For more information, see mydns.conf(5).
##
# DATABASE INFORMATION
db-host = localhost # SQL server hostname
db-user = ispconfig # SQL server username
db-password = xxxx # SQL server password
database = dbispconfig # MyDNS database name
# GENERAL OPTIONS
user = nobody # Run with the permissions of this user
group = nogroup # Run with the permissions of this group
listen = * # Listen on these addresses ('*' for all)
no-listen = # Do not listen on these addresses
# CACHE OPTIONS
zone-cache-size = 2048 # Maximum number of elements stored in the zone cache
zone-cache-expire = 60 # Number of seconds after which cached zones expires
reply-cache-size = 2048 # Maximum number of elements stored in the reply cache
reply-cache-expire = 30 # Number of seconds after which cached replies expire
# ESOTERICA
log = LOG_DAEMON # Facility to use for program output (LOG_*/stdout/stderr)
pidfile = /var/run/mydns.pid # Path to PID file
timeout = 120 # Number of seconds after which queries time out
multicpu = 1 # Number of CPUs installed on your system
recursive = 68.87.78.130 # Location of recursive resolver
allow-axfr = yes # Should AXFR be enabled?
allow-tcp = yes # Should TCP be enabled?
allow-update = no # Should DNS UPDATE be enabled?
ignore-minimum = no # Ignore minimum TTL for zone?
soa-table = dns_soa # Name of table containing SOA records
rr-table = dns_rr # Name of table containing RR data
soa-where = server_id = 2 # Extra WHERE clause for SOA queries
rr-where = server_id = 2 # Extra WHERE clause for RR queries
use-soa-active = yes # To fix bug 295 where active or inactive status is ignored.
use-rr-active = yes# To fix bug 295 where active or inactive status is ignored.
Last edited by falko; 4th May 2009 at 11:45.
Reason: removed MYSQL password
|
4th May 2009, 11:47
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
Quote:
|
allow-axfr = yes # Should AXFR be enabled?
|
That looks ok.
Please make sure that port 53 (TCP and UDP) is open in your firewall.
|
4th May 2009, 18:42
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
Those DNS ports are defenitley open from the firewall. It must be EditDNS issue then. Thanks.
|
5th May 2009, 19:16
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,591 Times in 2,443 Posts
|
|
In the MyDNS database, you can specify the slave server IP that will be allowed to connect to the master. You can try to add the IP of the slave there.
|
5th May 2009, 21:26
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
I'm looking inside the dbispconfig database and can't figure where to input the slave IP's.
*update - I see where it's located now which is under the dns_soa table. I do see the same IP's that I put in from the web interface.
I just got a responds from EditDNS stating that my nameserver is refusing axfr (tcp 53) connections:
These ports are open, else my websites would not be accessible. I also ran a port scanner from outside and port 53/tcp and udp are open.
Question - Under the DNS zones, do I need to manually add EditDNS nameservers as well?
Last edited by binaryrogue; 5th May 2009 at 21:32.
|
6th May 2009, 01:56
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
I also tried to run this command from the server itself and it's failing.
Code:
[root@ispconfig3 ~]# dig @10.0.0.7 mydomain.com axfr
; <<>> DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10 <<>> @10.0.0.7 mydomain.com axfr
; (1 server found)
;; global options: printcmd
; Transfer failed.
|
6th May 2009, 19:17
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,872
Thanks: 689
Thanked 4,182 Times in 3,201 Posts
|
|
The slave IP's have to be entered directly into the field "Allow zone transfers to
these IPs (comma separated list)" in the ispconfig interface that is in the dns zone form. No need to edit anything in the database.
|
6th May 2009, 19:28
|
|
Member
|
|
Join Date: Apr 2008
Posts: 89
Thanks: 5
Thanked 0 Times in 0 Posts
|
|
Are there any logs for me to look at to see what's going on? It's just not working..
btw: I have two servers doing replication. The 2nd server acts only as my DNS.
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 00:46.
|
|
English | 
Deutsch
Recent comments
1 day 29 min ago
1 day 3 hours ago
1 day 4 hours ago
1 day 6 hours ago
1 day 7 hours ago
1 day 9 hours ago
1 day 10 hours ago
2 days 2 hours ago
2 days 3 hours ago
2 days 6 hours ago