non-authoritative answer from master

John Beamon jbeamon at franklinamerican.com
Mon Aug 2 21:38:09 UTC 2004 

I have had a two-host DNS system up and running for months, and it 
recently developed a problem.  The master is telling the slave it is not 
authoritative for any of the 10 or so domains for which it has zone 
files.  They are all running BIND-9.2, 'type master' zones, served from 
files on the disk.  None of them are slaved from outside our network. 
Each zone file has an SOA record.  www.dnsreport.com's test of 
"franklinamerican.com" shows that my master (67.107.93.4) has become 
lame.  Oddly enough, at the beginning of the day, both the master and 
slave were lame.  I couldn't tell you what fixed the slave.

The slave's zone files (named:named 0600) are about 10 days old, so 
these records finally just expired on me.  Refreshing any zone from the 
slave gets me a "refresh: non-authoritative answer from master 
67.107.93.4#53" error.  I can dig axfr successfully, so it doesn't 
appear to be a network issue.  The output of a host SOA check is below.

# host -C franklinamerican.com.
Nameserver ns1.franklinamerican.com:
         franklinamerican.com SOA ns1.franklinamerican.com. 
hostmaster.franklinamerican.com. 2004080205 14400 3600 604800 28800
Nameserver ns2.franklinamerican.com:
         franklinamerican.com SOA ns1.franklinamerican.com. 
hostmaster.franklinamerican.com. 2004080205 14400 3600 604800 28800

All that appears to be correct.  ns2 at least knows about the changes on 
ns1, but it's not seeing ns1 as authoritative.  What could make a server 
say it's no longer authoritative for ANY of its zones?  Part of each 
named.conf is pasted below for your inspection.  Thanks.

ns1:/etc/named.conf
include "/etc/rndc.key";
acl WORLD { 0.0.0.0/0; 127.0.0.0/0; };
acl LAN { 192.168.0.0/16; 127.0.0.0/0; };
acl DMZ { 67.107.93.0/24; 67.107.79.0/24; };
acl SLAVES { 67.107.79.4; };
options { directory "/var/named";
         pid-file "/var/run/named/named.pid";
         allow-recursion { localhost; LAN; DMZ; SLAVES; };
         version "surely you must be joking";
};
logging {
         channel default_log { file "/var/log/named/default_log" 
versions 5 size 10M; severity info; print-time yes; };
         category lame-servers { null; };
         channel xlog { file "/var/log/named/xfer_log" versions 5 size 
5M; severity debug; print-time yes; };
         category xfer-out { xlog; };
         category default { default_log; };
};
zone "com" { type delegation-only; };
zone "net" { type delegation-only; };
// EXTERNAL ZONES
zone "franklinamerican.com" { type master; file 
"franklinamerican.com.db"; allow-query { any; }; allow-transfer { 
SLAVES; }; notify yes; };

ns2:/etc/named.conf
include "/etc/rndc.key";
acl LAN { 192.168.0.0/16; 127.0.0.0/0; };
acl DMZ { 67.107.93.0/24; 67.107.79.0/24; };
acl DHCPD { 192.168.1.4; 192.168.8.10; };
options { directory "/var/named";
         pid-file "/var/run/named/named.pid";
         allow-recursion { LAN; DMZ; };
         version "surely you must be joking";
};
logging {
         channel default_log { file "/var/log/named/default_log" 
versions 5 size 10M; severity info; print-time yes; };
         category lame-servers { null; };
         category default { default_log; };
};
// EXTERNAL ZONES
zone "franklinamerican.com" { type slave; masters { 67.107.93.4; }; file 
"franklinamerican.com.db"; allow-query { any; }; };


-- 
John Beamon
Systems Administrator
Franklin American Mortgage Co.
em: jbeamon at franklinamerican.com

More information about the bind-users mailing list