Secondary zones not creating zone files

Discussion in 'Installation/Configuration' started by fbarcenas, Nov 16, 2014.

  1. fbarcenas

    fbarcenas Member

    I've created secondary dns zone on the slave server, but the zones never transfer even though the slave in on the allow transfer of the primary dns domain record.
     
  2. destine

    destine Member

    Could you please check your directory ownership and permissions.

    /etc/bind/slave should have set ownership to root.bind and permissions 2770

    chown root:bind /etc/bind/slave
    chmod -R 2770 /etc/bind/slave


    Regards
     
  3. fbarcenas

    fbarcenas Member

    YEs, that appeared to work.
    One zone has already been created!
     
  4. fbarcenas

    fbarcenas Member

    None of the guides include this instruction. None of the guides are based on wiki, so that it can be amended by anyone to include this instruction.

    The guides are made by FALKO. I guess we need to contact him to make the change
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Which tutorial did you use? I will update the guide. All guides labeled with "Falko" are from our ISPConfig and howtoforge support team, Falko is one of our employees that published the guides.
     
  6. fbarcenas

    fbarcenas Member

    This install of bind does not include it:
    http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3-p4

    nor here:

    http://www.howtoforge.com/multiserv...servers-on-debian-squeeze-with-ispconfig-3-p4

    and countless others. I've yet to find a guide where the installation of bind includes this instruction.
     
    Last edited: Nov 16, 2014
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Thank you for posting the links. The guides are correct and not to blame here as the slave directory is created by the ispconfig installer automatically, it is not created in the guide. The ispconfig installer creates it with user root:bind and 770 permissions.

    Which ispconfig version did you install? If you did not install version 3.0.5.4p5 initially, which older version did you install first and did you choose "yes" when the updater asks to reconfigure permissions?
     
  8. fbarcenas

    fbarcenas Member

    The master was installed with 3.0.5.4p4 and the slave was installed with 3.0.5.4p5. The slave was originally setup as a master then ispconfig was uninstalled and re-installed as a slave.

    The guides used in both cases was:
    http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3

    No modifications were done to slave after the guide except for:
    • change of aliases for mail
    • added the virtual IPS of the server (eth0:0, eth0:1,etc)
    • denyhosts was installed

    The installation used to setup this debian was the non-official 7.7 amd64 netinst with all the firmware. This was because the server needed the BNX driver for the NICS.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

  10. fbarcenas

    fbarcenas Member

    Yeah!!!
    Great I could be of help. :)

    Well, I guess if the installer takes care of it, it saves from having to update the docs.
     
  11. brainsys

    brainsys New Member

    The same issue has suddenly struck me. The slave server still updates from the master but new zones are not created. I reproduced this problem across all servers and the issue is coincident with the p9 update. Taking my lead from the posts above I checked out the permissions for /etc/bind/slave and then changed them to 2770 as you can see from this first time Jessie installation today:

    Code:
    [email protected]:/etc/bind# ls -l
    total 56
    -rw-r--r-- 1 root root 2389 Mar  9 23:26 bind.keys
    -rw-r--r-- 1 root root  237 Mar  9 23:26 db.0
    -rw-r--r-- 1 root root  271 Mar  9 23:26 db.127
    -rw-r--r-- 1 root root  237 Mar  9 23:26 db.255
    -rw-r--r-- 1 root root  353 Mar  9 23:26 db.empty
    -rw-r--r-- 1 root root  270 Mar  9 23:26 db.local
    -rw-r--r-- 1 root root 3048 Mar  9 23:26 db.root
    -rw-r--r-- 1 root bind  463 Mar  9 23:26 named.conf
    -rw-r--r-- 1 root bind  490 Mar  9 23:26 named.conf.default-zones
    -rw-r--r-- 1 root bind  343 Apr 20 18:49 named.conf.local
    -rw-r--r-- 1 root bind  890 Apr 20 16:04 named.conf.options
    -rw-r----- 1 bind bind   77 Apr 20 16:04 rndc.key
    d-ws-w--wT 2 root bind 4096 Apr 20 16:38 slave
    -rw-r--r-- 1 root root 1317 Mar  9 23:26 zones.rfc1918
    [email protected]:/etc/bind# chmod -R 2770 /etc/bind/slave
    [email protected]:/etc/bind# ls -l
    total 56
    -rw-r--r-- 1 root root 2389 Mar  9 23:26 bind.keys
    -rw-r--r-- 1 root root  237 Mar  9 23:26 db.0
    -rw-r--r-- 1 root root  271 Mar  9 23:26 db.127
    -rw-r--r-- 1 root root  237 Mar  9 23:26 db.255
    -rw-r--r-- 1 root root  353 Mar  9 23:26 db.empty
    -rw-r--r-- 1 root root  270 Mar  9 23:26 db.local
    -rw-r--r-- 1 root root 3048 Mar  9 23:26 db.root
    -rw-r--r-- 1 root bind  463 Mar  9 23:26 named.conf
    -rw-r--r-- 1 root bind  490 Mar  9 23:26 named.conf.default-zones
    -rw-r--r-- 1 root bind  343 Apr 20 18:49 named.conf.local
    -rw-r--r-- 1 root bind  890 Apr 20 16:04 named.conf.options
    -rw-r----- 1 bind bind   77 Apr 20 16:04 rndc.key
    drwsrws--- 2 root bind 4096 Apr 20 16:38 slave
    -rw-r--r-- 1 root root 1317 Mar  9 23:26 zones.rfc1918
    
    Hey presto - new zones are now being formed. Could the p9 upgrade have upset permissions?
     
    Last edited: Apr 20, 2016
  12. brainsys

    brainsys New Member

    I can confirm that running 'php -q update.php' reverts the permissions on /etc/bind/slave to the above preventing the creation of new slave zones. Is this a bug or a feature?
     
  13. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    This shoul be fixed in 3.1 - iirc there was a wrong permission
     
  14. brainsys

    brainsys New Member

    That's great. Just as an aside if I populate the dns_slave table from another mysql dump how can I get ISPConfig to regenerate the named.conf.local file to add the domain entry and pull across the zone from the master. Currently I'm having to 'deactivate/reactivate' the slave from the CP to force it. I can't work out what script that initiates ... sorry to be so dumb.
     
    Last edited: Apr 25, 2016
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    See Tools > Resync in ispconfig.
     
  16. brainsys

    brainsys New Member

    That appears to only resync main zones. It merely says 'none' and stops. No secondary zones are synced. I can do them one a time by deactivating/reactivating but when you have hundreds ...

    EDIT: Doh! Now I understand - resync-ing the master re-syncs the slaves. I was just re-syncing the slave server. That was the problem. Sorry to be a bit thick about this. Fixed.
     
    Last edited: Apr 28, 2016

Share This Page