Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th October 2012, 08:48
primesoftnz primesoftnz is offline
Junior Member
 
Join Date: Jul 2008
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default Broke my MyISPconfig3 DNS sync

I have a newly installed multiserver cluster setup with one master and two slave dns servers. (and a web, mail and database server)

I attempted to load DNS with a zone import which was successful but with an unintended result. It did however initially sync the result of the import with the two slaves. All records ended up under the last zone of the import file instead of in a dozen different zones. Consequently I deleted the zone and the slaves appear to have deleted the records as well.

I then re-imported a single zone and tested but neither of the slaves have updated.

Under tools I attempted to resync dns with no success. (even though it says that the zone has been resynced)

I've been using mysql from the command line for checking the dns_rr table for entries manually and find no records have been loaded on the slaves but are present on the master.

I have somehow broken the mysql synchronisation.

Any idea what I the remedy is?
Reply With Quote
Sponsored Links
  #2  
Old 16th October 2012, 08:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,245 Times in 4,111 Posts
Default

Pleases ee here for debug instructions:

http://www.howtoforge.com/forums/showthread.php?t=58408
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 16th October 2012, 21:20
primesoftnz primesoftnz is offline
Junior Member
 
Join Date: Jul 2008
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I followed the instructions on setting higher debug level on both master and slave and tested using instructions http://www.faqforge.com/linux/debugg...-of-a-failure/

The only output from running the server.sh script was that it had finished.

I tailed the syslog on both servers while running the script but it also produced no output.

I'm wondering if I should now move on to http://stackoverflow.com/questions/2...abase-incase-o instructions for resyncing mysql databases?
Reply With Quote
  #4  
Old 17th October 2012, 03:31
primesoftnz primesoftnz is offline
Junior Member
 
Join Date: Jul 2008
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Never mind, My bad.
I missed a critical setup of choosing the mirrored server.

Now for some reason I can't do a lookup from outside the network the DNS servers are on.
:-(

syslog shows

dns1 named[31920]: client xxx.xxx.xxx.xxx#36234: query (cache) 'www.mydomain.xx.xx/A/IN' denied
Reply With Quote
  #5  
Old 17th October 2012, 08:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,461
Thanks: 813
Thanked 5,245 Times in 4,111 Posts
Default

Take a look at the syslog and post the errors that you get when you restart named.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 17th October 2012, 22:36
primesoftnz primesoftnz is offline
Junior Member
 
Join Date: Jul 2008
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Output from named in syslog from a restart of bind9 on primary DNS server as follows:


Oct 18 09:32:38 dns1 named[31920]: received control channel command 'stop -p'
Oct 18 09:32:38 dns1 named[31920]: shutting down: flushing changes
Oct 18 09:32:38 dns1 named[31920]: stopping command channel on 127.0.0.1#953
Oct 18 09:32:38 dns1 named[31920]: stopping command channel on ::1#953
Oct 18 09:32:38 dns1 named[31920]: no longer listening on ::#53
Oct 18 09:32:38 dns1 named[31920]: no longer listening on 127.0.0.1#53
Oct 18 09:32:38 dns1 named[31920]: no longer listening on 202.36.227.102#53
Oct 18 09:32:38 dns1 named[31920]: exiting
Oct 18 09:32:39 dns1 named[20852]: starting BIND 9.7.3 -u bind
Oct 18 09:32:39 dns1 named[20852]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Oct 18 09:32:39 dns1 named[20852]: adjusted limit on open files from 1024 to 1048576
Oct 18 09:32:39 dns1 named[20852]: found 2 CPUs, using 2 worker threads
Oct 18 09:32:39 dns1 named[20852]: using up to 4096 sockets
Oct 18 09:32:39 dns1 named[20852]: loading configuration from '/etc/bind/named.conf'
Oct 18 09:32:39 dns1 named[20852]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Oct 18 09:32:39 dns1 named[20852]: using default UDP/IPv4 port range: [1024, 65535]
Oct 18 09:32:39 dns1 named[20852]: using default UDP/IPv6 port range: [1024, 65535]
Oct 18 09:32:39 dns1 named[20852]: listening on IPv6 interfaces, port 53
Oct 18 09:32:39 dns1 named[20852]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 18 09:32:39 dns1 named[20852]: listening on IPv4 interface eth0, 202.36.227.102#53
Oct 18 09:32:39 dns1 named[20852]: generating session key for dynamic DNS
Oct 18 09:32:39 dns1 named[20852]: set up managed keys zone for view _default, file 'managed-keys.bind'
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: D.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: A.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: B.E.F.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 18 09:32:39 dns1 named[20852]: command channel listening on 127.0.0.1#953
Oct 18 09:32:39 dns1 named[20852]: command channel listening on ::1#953
Oct 18 09:32:39 dns1 named[20852]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 18 09:32:39 dns1 named[20852]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 18 09:32:39 dns1 named[20852]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 18 09:32:39 dns1 named[20852]: zone localhost/IN: loaded serial 2
Oct 18 09:32:39 dns1 named[20852]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 18 09:32:39 dns1 named[20852]: managed-keys-zone ./IN: loaded serial 0
Oct 18 09:32:39 dns1 named[20852]: running

I got rid of the only error of file not found through

touch /var/cache/bind/managed-keys.bind
chown bind:bind /var/cache/bind/managed-keys.bind

Original issue regarding named not allowing a query from outside the network still exists.

Last edited by primesoftnz; 17th October 2012 at 22:54. Reason: Completeness
Reply With Quote
  #7  
Old 18th October 2012, 08:53
primesoftnz primesoftnz is offline
Junior Member
 
Join Date: Jul 2008
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I found a fix that works but I'm not sure what it opens up as far as security risk.
My DNS servers are intended to be authoritative so I added

allow-query { any; };

to named.conf.options and restarted bind9 on each of my three DNS servers in the cluster.

Seems to answer queries from outside my network now for records both on the servers and external to them. I guess this provides recursion as well?
Reply With Quote
  #8  
Old 18th October 2012, 13:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,730 Times in 2,568 Posts
 
Default

Quote:
Originally Posted by primesoftnz View Post
I guess this provides recursion as well?
No, to enable recursion, you need

Code:
recursion yes;
in the options.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
broken, dns, ispconfig3, sync

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS data from Standalone servers to Primary DNS server SamTzu Tips/Tricks/Mods 7 15th November 2009 13:38
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 19:51
Google Apps dayjahone General 19 29th March 2008 17:25
DNS Configuration Problems VMartins Installation/Configuration 10 24th July 2007 14:40
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 14:34


All times are GMT +2. The time now is 11:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.