Secondary DNS IspConfig3 no dns transfer

Discussion in 'Installation/Configuration' started by rlonghofer, Nov 16, 2013.

  1. rlonghofer

    rlonghofer New Member

    Both Servers os Centos 64
    Installed and working master server with ISPConfig Version: 3.0.5.3 on both.
    The second was installed and connected to the master server during install just fine.

    Master server name is ns and slave server ns1

    I added secondary zone in ispconfig panel for ns1 but saw no dns records on the second dns server.

    So I then added in the named conf to be able to transfer via named.

    [[email protected] dynamic]# more /etc/named.conf.local
    zone "foothost.net" IN {
    type slave;
    file "/var/named/slaves/foodhost.net.db";
    allow-query { any; };
    masters { 64.64.213.8; };
    };


    I added slave record on ns1 and it is trying. But getting the following error on the slave.

    Nov 16 10:46:19 ns1 named[5304]: zone foothost.net/IN: refresh: non-authoritative answer from master 64.64.213.8#53 (source 0.0.0.0#0)

    So I check on main server (ns) the dig statement

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> foodhost.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38738
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;foodhost.net. IN A

    ;; ANSWER SECTION:
    foodhost.net. 3600 IN A 64.64.213.8

    ;; AUTHORITY SECTION:
    foodhost.net. 3600 IN NS ns.foodhost.net.
    foodhost.net. 3600 IN NS ns1.foodhost.net.

    ;; ADDITIONAL SECTION:
    ns.foodhost.net. 86400 IN A 64.64.213.8
    ns1.foodhost.net. 86400 IN A 64.64.213.7

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sat Nov 16 07:53:28 2013
    ;; MSG SIZE rcvd: 113

    So on the main server, it would appear to be authoritative.

    So running dig on the secondary server I get


    [[email protected] dynamic]# dig @64.64.213.8 foodhost.net

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @64.64.213.8 foodhost.net
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44102
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;foodhost.net. IN A

    ;; ANSWER SECTION:
    foodhost.net. 3600 IN A 64.64.213.8

    ;; AUTHORITY SECTION:
    foodhost.net. 3600 IN NS ns1.foodhost.net.
    foodhost.net. 3600 IN NS ns.foodhost.net.

    ;; ADDITIONAL SECTION:
    ns.foodhost.net. 86400 IN A 64.64.213.8
    ns1.foodhost.net. 86400 IN A 64.64.213.7

    ;; Query time: 1 msec
    ;; SERVER: 64.64.213.8#53(64.64.213.8)
    ;; WHEN: Sat Nov 16 10:55:07 2013
    ;; MSG SIZE rcvd: 113

    So again it looks the same.

    What am I missing that I can not get a transfer?
     
  2. rlonghofer

    rlonghofer New Member

    Another try with mirroring

    Ok in the control panel I have the second server listed now with DNS only setup. I have also checked the is a mirror of (my main NS).

    If I run on the second ns to run the queue I get the following info:

    [[email protected] named]# /usr/local/ispconfig/server/server.sh
    which: no tw_cli in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin)
    /usr/bin/fail2ban-client
    /sbin/iptables
    /sbin/ip6tables
    16.11.2013-16:50 - ERROR - Replication failed. Error: (dns_slave) in MySQL server: (localhost) Table 'dbispconfig.dns_slave' doesn't exist # SQL: REPLACE INTO dns_slave (`id`,`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`origin`,`ns`,`active`,`xfer`) VALUES ('5','1','2','riud','riud','','5','foodhost.net.','64.64.213.8','Y','64.64.213.7')
    16.11.2013-16:50 - ERROR - Error in Replication, changes were not processed.
    finished.


    Any suggestions? Seems there is a table missing?
     
  3. rlonghofer

    rlonghofer New Member

    Progress

    Ok I removed the second servers ispconfig3 then re installed.
    Went back to main panel and re added the dns only function on the second server in the server tab, then selected mirror of first server.

    Now it is transfering the zones over to the /var/named directory.. BUT
    all files now show ending of .err

    First name server and control panel with all functions enabled.

    [[email protected] named]# ls
    data named.ca named.localhost pri.foodhost.net pri.solidsurfaceunlimited.com slaves
    dynamic named.empty named.loopback pri.samsitaliancafe.com slave
    [[email protected] named]#


    Second server it is replicating to:
    [[email protected] named]# ls
    data dynamic named.ca named.empty named.localhost named.loopback pri.foodhost.net.err pri.samsitaliancafe.com.err pri.solidsurfaceunlimited.com.err slave slaves
    [[email protected] named]#


    So the good thing is its getting over there, bad thing its not correct.

    Any suggestions?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Check the syslog on the second server for bind / named errors.
     
  5. rlonghofer

    rlonghofer New Member

    uninstall note

    Ok well if you do not use a regular install with all services, is best not to run the update script. Sure messed it up. Also noted on uninstall you get this error should this not be mysqld and not mysql?


    sh: /etc/init.d/mysql: No such file or directory
    sh: /etc/init.d/mysql: No such file or directory
    Please do not forget to delete the ispconfig user in the mysql.user table.

    Finished.
     
  6. rlonghofer

    rlonghofer New Member

    from log

    this is what shows up in messages log after the first sync


    Nov 17 09:10:05 ns1 rsyslogd-2177: imuxsock begins to drop messages from pid 6090 due to rate-limiting
    Nov 17 09:10:08 ns1 named[5717]: received control channel command 'reload'
    Nov 17 09:10:08 ns1 named[5717]: loading configuration from '/etc/named.conf'
    Nov 17 09:10:08 ns1 named[5717]: using default UDP/IPv4 port range: [1024, 65535]
    Nov 17 09:10:08 ns1 named[5717]: using default UDP/IPv6 port range: [1024, 65535]
    Nov 17 09:10:08 ns1 named[5717]: sizing zone task pool based on 1 zones
    Nov 17 09:10:08 ns1 named[5717]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
    Nov 17 09:10:08 ns1 named[5717]: reloading configuration succeeded
    Nov 17 09:10:08 ns1 named[5717]: reloading zones succeeded


    OK well I see using dig from second server, it does not see the first server as the authoritative server.

    [[email protected] log]# dig @ns.foodhost.net any foodhost.net

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @ns.foodhost.net any foodhost.net
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56676
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;foodhost.net. IN ANY

    ;; ANSWER SECTION:
    foodhost.net. 3600 IN A 64.64.213.8
    foodhost.net. 3600 IN MX 10 mail.foodhost.net.
    foodhost.net. 3600 IN NS ns1.foodhost.net.
    foodhost.net. 3600 IN NS ns.foodhost.net.
    foodhost.net. 3600 IN SOA ns.foodhost.net. rod.foodhost.net. 2013111607 7200 540 604800 86400

    ;; ADDITIONAL SECTION:
    mail.foodhost.net. 86400 IN A 64.64.213.8
    ns.foodhost.net. 86400 IN A 64.64.213.8
    ns1.foodhost.net. 86400 IN A 64.64.213.7

    ;; Query time: 2 msec
    ;; SERVER: 64.64.213.8#53(64.64.213.8)
    ;; WHEN: Sun Nov 17 09:17:34 2013
    ;; MSG SIZE rcvd: 190

    And funny it does not either on the first server.


    [[email protected] ~]$ dig @foodhost.net any foodhost.net

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @foodhost.net any foodhost.net
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16482
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;foodhost.net. IN ANY

    ;; ANSWER SECTION:
    foodhost.net. 3600 IN A 64.64.213.8
    foodhost.net. 3600 IN MX 10 mail.foodhost.net.
    foodhost.net. 3600 IN NS ns1.foodhost.net.
    foodhost.net. 3600 IN NS ns.foodhost.net.
    foodhost.net. 3600 IN SOA ns.foodhost.net. rod.foodhost.net. 2013111607 7200 540 604800 86400

    ;; ADDITIONAL SECTION:
    mail.foodhost.net. 86400 IN A 64.64.213.8
    ns.foodhost.net. 86400 IN A 64.64.213.8
    ns1.foodhost.net. 86400 IN A 64.64.213.7

    ;; Query time: 1 msec
    ;; SERVER: 64.64.213.8#53(64.64.213.8)
    ;; WHEN: Sun Nov 17 06:19:15 2013
    ;; MSG SIZE rcvd: 190

    So this is no longer a problem with ispconfig3 but apparently a bind problem.
     
  7. rlonghofer

    rlonghofer New Member

    quick question

    When selecting mirroring in the dns to the second server, should it not also add the info into the /etc/named.conf.local ?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    only working dns zones are added there. as your zones are are repoerted as invalid by bind, ispconfig will not add them to ensure that bind will start at all with this configuration and that no other zones get affected by the problem.

    Check again the syslog after you modified one of the zones, you will see detailed error messages from the bind test of the zone there and also the reasn why it failed and why the zone geots excluded from configuration and saved as .err file.
     

Share This Page