MyDNS rude awaking

Discussion in 'HOWTO-Related Questions' started by kaptk2, May 8, 2006.

  1. kaptk2

    kaptk2 New Member

    Ok I have been running myDNS for a couple of months now with no problems. However yesterday we had a server crash that was running MyDNS. It was not MyDNS fault a NIC went bad. That stopped DNS though since we have a slave DNS server running BIND I thought all was well. I had entered in Zone Transfers the approiate IP and since things were working great before switching to MyDNS I just assumed things were working. They were not.

    Here are some of the error messages I am getting in the logs of the slave box.
    Code:
    transfer of 'example1.com/IN' from 192.168.1.122#53: failed while receiving responses: bad zone
    transfer of 'example1.com/IN' from 192.168.1.122#53: end of transfer
    zone example2.net/IN: refresh: unexpected rcode (REFUSED) from master 192.168.1.122#53
    zone example3.com/IN: has no NS records
    transfer of 'example3.com/IN' from 192.168.1.122#53: failed while receiving responses: bad zone
    dumping master file: tmp-XXXXC4edYW: open: permission denied
    transfer of 'example4.net/IN' from 192.168.1.122#53: failed while receiving responses: permission denied
    transfer of 'example4.net/IN' from 192.168.1.122#53: end of transfer
    
    Any ideas on how to fix this or what the heck is going on?
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    The secondary DNS is trying to get the zones from the primary, but this doesn't work because it's down.
    Repair your primary DNS server and boot it, and these errors should go away.
    For now, you can ignore them.
     
  3. kaptk2

    kaptk2 New Member

    The server is fixed and it is running DNS. The secondary server was never getting transfers. Do the transfers go over another port other than 53 with MyDNS? This is a weird one to me.
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You must open port 53 TCP and UDP on your primary DNS. In /etc/mydns.conf, you must have
    Code:
    allow-axfr = yes
     
  5. kaptk2

    kaptk2 New Member

    Went back and double checked those things and everything looks great. Any other things that I should check?
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    It should work then... :confused: Did you restart MyDNS?
     
  7. kaptk2

    kaptk2 New Member

    Tried another restart of MyDNS nothing. Still getting a bad zone error.
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in your /etc/mydns.conf?
    What's the output of
    Code:
    iptables -L
    on the primary?
    Do you see any errors in the primary's logs related to your problem?
     
  9. kaptk2

    kaptk2 New Member

    Here is the output of mydns.conf.

    Code:
    [root@index ~]# cat /etc/mydns.conf
    ##
    ##  /etc/mydns.conf
    ##  Mon Mar  6 11:15:54 2006
    ##  For more information, see mydns.conf(5).
    ##
    
    
                                    # DATABASE INFORMATION
    
    db-host = localhost             # SQL server hostname
    db-user = mydns                 # SQL server username
    db-password = password       # SQL server password
    database = database            # MyDNS database name
    
    
                                    # GENERAL OPTIONS
    
    user = nobody                   # Run with the permissions of this user
    group = nobody                  # Run with the permissions of this group
    listen = 192.168.1.122        # Listen on these addresses ('*' for all)
    
    
                                    # CACHE OPTIONS
    
    zone-cache-size = 1024          # Maximum number of elements stored in the zone cache
    zone-cache-expire = 60          # Number of seconds after which cached zones expires
    reply-cache-size = 1024         # Maximum number of elements stored in the reply cache
    reply-cache-expire = 30         # Number of seconds after which cached replies expire
    
    
                                    # ESOTERICA
    
    log = LOG_DAEMON                # Facility to use for program output (LOG_*/stdout/stderr)
    pidfile = /var/run/mydns.pid    # Path to PID file
    timeout = 120                   # Number of seconds after which queries time out
    multicpu = 1                    # Number of CPUs installed on your system
    allow-axfr = yes                # Should AXFR be enabled?
    allow-tcp = yes                 # Should TCP be enabled?
    ignore-minimum = no             # Ignore minimum TTL for zone?
    soa-table = soa                 # Name of table containing SOA records
    rr-table = rr                   # Name of table containing RR data
    
    Here is the revlent part of iptables -L
    Code:
    ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
    The only thing I see is success on the primary machine. So I am not sure where the hangup is.
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Can you try
    Code:
    listen = *
    in /etc/mydns.conf and restart MyDNS?
     
  11. kaptk2

    kaptk2 New Member

    Tried that it did not work. This box has three interfaces. On one of the other interfaces djbdns is running as a caching only DNS. When I put in
    Code:
    listen = *
    That caused some problems with mydns restarting and djbdns running.
     
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What happens if you disable the firewall on the primary DNS?
     
  13. kaptk2

    kaptk2 New Member

    I was finally able to test it with out the firewall on, still the same bad zone responces. Any more ideas or am I stuck?
     
  14. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Is 192.168.1.122 the IP address of your primare DNS? Are both name servers in the same 192.168.1.x net?
     
  15. kaptk2

    kaptk2 New Member

    Yes that is the IP of the primary DNS, the other server is not on the same subnet. The primary machine is acting as a firewall with 3 interfaces the internet, the LAN and a DMZ. The slave DNS is in the DMZ connected via a cross over cable. The 192.168.1.122 IP is the internet interface of the primary DNS. On the LAN interface there is a caching DNS server running.
     
  16. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Can you post the output of
    Code:
    ifconfig
    from both the primary and the secondary DNS?
     
  17. kaptk2

    kaptk2 New Member

    Fixed It

    In the listen directive in in my DNS config I added my DMZ IP address. That fixed the problem. Thanks for your help on this falko!
     

Share This Page