non-authoritative answer from master
John Beamon
jbeamon at franklinamerican.com
Mon Aug 2 21:38:09 UTC 2004
I have had a two-host DNS system up and running for months, and it
recently developed a problem. The master is telling the slave it is not
authoritative for any of the 10 or so domains for which it has zone
files. They are all running BIND-9.2, 'type master' zones, served from
files on the disk. None of them are slaved from outside our network.
Each zone file has an SOA record. www.dnsreport.com's test of
"franklinamerican.com" shows that my master (67.107.93.4) has become
lame. Oddly enough, at the beginning of the day, both the master and
slave were lame. I couldn't tell you what fixed the slave.
The slave's zone files (named:named 0600) are about 10 days old, so
these records finally just expired on me. Refreshing any zone from the
slave gets me a "refresh: non-authoritative answer from master
67.107.93.4#53" error. I can dig axfr successfully, so it doesn't
appear to be a network issue. The output of a host SOA check is below.
# host -C franklinamerican.com.
Nameserver ns1.franklinamerican.com:
franklinamerican.com SOA ns1.franklinamerican.com.
hostmaster.franklinamerican.com. 2004080205 14400 3600 604800 28800
Nameserver ns2.franklinamerican.com:
franklinamerican.com SOA ns1.franklinamerican.com.
hostmaster.franklinamerican.com. 2004080205 14400 3600 604800 28800
All that appears to be correct. ns2 at least knows about the changes on
ns1, but it's not seeing ns1 as authoritative. What could make a server
say it's no longer authoritative for ANY of its zones? Part of each
named.conf is pasted below for your inspection. Thanks.
ns1:/etc/named.conf
include "/etc/rndc.key";
acl WORLD { 0.0.0.0/0; 127.0.0.0/0; };
acl LAN { 192.168.0.0/16; 127.0.0.0/0; };
acl DMZ { 67.107.93.0/24; 67.107.79.0/24; };
acl SLAVES { 67.107.79.4; };
options { directory "/var/named";
pid-file "/var/run/named/named.pid";
allow-recursion { localhost; LAN; DMZ; SLAVES; };
version "surely you must be joking";
};
logging {
channel default_log { file "/var/log/named/default_log"
versions 5 size 10M; severity info; print-time yes; };
category lame-servers { null; };
channel xlog { file "/var/log/named/xfer_log" versions 5 size
5M; severity debug; print-time yes; };
category xfer-out { xlog; };
category default { default_log; };
};
zone "com" { type delegation-only; };
zone "net" { type delegation-only; };
// EXTERNAL ZONES
zone "franklinamerican.com" { type master; file
"franklinamerican.com.db"; allow-query { any; }; allow-transfer {
SLAVES; }; notify yes; };
ns2:/etc/named.conf
include "/etc/rndc.key";
acl LAN { 192.168.0.0/16; 127.0.0.0/0; };
acl DMZ { 67.107.93.0/24; 67.107.79.0/24; };
acl DHCPD { 192.168.1.4; 192.168.8.10; };
options { directory "/var/named";
pid-file "/var/run/named/named.pid";
allow-recursion { LAN; DMZ; };
version "surely you must be joking";
};
logging {
channel default_log { file "/var/log/named/default_log"
versions 5 size 10M; severity info; print-time yes; };
category lame-servers { null; };
category default { default_log; };
};
// EXTERNAL ZONES
zone "franklinamerican.com" { type slave; masters { 67.107.93.4; }; file
"franklinamerican.com.db"; allow-query { any; }; };
--
John Beamon
Systems Administrator
Franklin American Mortgage Co.
em: jbeamon at franklinamerican.com
More information about the bind-users
mailing list