Can't get zone to xfer to secondary server
Kal Feher
kal.feher at melbourneit.com.au
Thu Aug 16 23:36:42 UTC 2007
Actually the following would work, although it would also work for _any_ non
defined subdomain, which may not be what you want.
$ORIGIN familiesla.com.
* IN CNAME www.dss.state.la.us.
How you do this with Windows I don't know, but I'm sure you can.
On 17/8/07 8:55 AM, "Dawn" <dawn at zapata.org> wrote:
> That's the problem right there. You can't have your domain CNAME to a
> different
> FQDN. Remove that record and replace it with an A record and transfer magic
> will happen. Yeah, it blows that if the www record changes, you'll have to
> manually change the other record...but that blow factor is lower than not
> having a functional slave.
>
> Quoting Ryan McCain <Ryan.McCain at dss.state.la.us>:
>
>> Chris,
>>
>> Thanks for the response.
>>
>> Here is the output from the dig command:
>>
>> ; <<>> DiG 9.3.4 <<>> familiesla.com soa +norec @172.20.11.237
>> ; (1 server found)
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20783
>> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;familiesla.com. IN SOA
>>
>> ;; ANSWER SECTION:
>> familiesla.com. 3600 IN CNAME www.dss.state.la.us.
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 172.20.11.237#53(172.20.11.237)
>> ;; WHEN: Thu Aug 16 17:15:15 2007
>> ;; MSG SIZE rcvd: 65
>>
>> The DNS server is whatever Windows version is on Windows 2000. Also, there
>> is no domain called .com. I will check with the Windows side of the house on
>> this. Any other suggestions based on the output above?
>>
>> Thx..
>>
>>>>> On Thu, Aug 16, 2007 at 3:42 PM, in message
>> <CEA4C10F-BCE5-4E0C-8AC6-0B8151D3A9F6 at menandmice.com>, Chris Buxton
>> <cbuxton at menandmice.com> wrote:
>>> The problem is shown in the error messages at the end.
>>>
>>> When trying to get a zone transfer, the slave first requests an SOA
>>> record from the master. It expects an SOA record in response to the
>>> query, but in this case, it's getting a CNAME record. Which indicates
>>> that either the master server is not running BIND (nor any other
>>> server that enforces the CNAME and other data rule), or else the
>>> master server actually has a zone named "com" on it (which it
>>> probably shouldn't) and has a CNAME record named familiesla.com
>>> inside that zone.
>>>
>>> Check the configuration of the master. We on the list can't, from the
>>> outside, because the master is on a private address. However, if we
>>> were able to, the shell command would look like this:
>>>
>>> dig familiesla.com soa +norec @172.20.11.237
>>>
>>> Chris Buxton
>>> Men & Mice
>>>
>>> On Aug 16, 2007, at 1:34 PM, Ryan McCain wrote:
>>>
>>>> I'm attempting to install a secondary DNS server using BIND 9.3.2
>>>> on SLES 10. It should host multiple zones 2 of which are
>>>> 'dss.state.la.us' and 'familiesla.com'.
>>>>
>>>> The primary DNS server is a Windows server and I have given the
>>>> secondary server permission to do zone xfers for both of these
>>>> domains, however, only 'dss.state.la.us' comes down. The zone file
>>>> for 'familiesla.com' is never created. I'm not sure why.
>>>>
>>>> Here is the log:
>>>>
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: found 1 CPU, using 1
>>>> worker thread
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: loading configuration
>>>> from '/etc/named.conf'
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv6
>>>> interfaces, port 53
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
>>>> interface lo, 127.0.0.1#53
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
>>>> interface eth0, 10.120.9.246#53
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
>>>> on 127.0.0.1#953
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
>>>> on ::1#953
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone 0.0.127.in-addr.arpa/
>>>> IN: loaded serial 42
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone localhost/IN: loaded
>>>> serial 42
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:42:
>>>> gc._msdcs.dss.state.la.us: bad owner name (check-names)
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:43:
>>>> gc._msdcs.dss.state.la.us: bad owner name (check-names)
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
>>>> 128: btr_cluster.dss.state.la.us: bad owner name (check-names)
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
>>>> 1003: ipat_ocs.dss.state.la.us: bad owner name (check-names)
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
>>>> 1076: ocs_nt_3.dss.state.la.us: bad owner name (check-names)
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone dss.state.la.us/IN:
>>>> loaded serial 11146
>>>> Aug 16 15:09:47 dss-cs99la14 named[8126]: running
>>>> Aug 16 15:09:48 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>>>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>>>> 0.0.0.0#0)
>>>> Aug 16 15:11:01 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>>>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>>>> 0.0.0.0#0)
>>>> Aug 16 15:12:20 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>>>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>>>> 0.0.0.0#0)
>>>> Aug 16 15:15:25 dss-cs99la14 named[8126]: zone familiesla.com/IN:
>>>> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
>>>> 0.0.0.0#0)
>>>>
>>>>
>>>> ... That didn't tell me too much as to why the familiesla.com zone
>>>> isn't being added to the secondary DNS server.
>>>>
>>>> Any ideas?
>>>>
>>>> Thanks, Ryan
>>>>
>>>>
>>>>
>>>>
>>
>>
>
>
>
>
>
--
Kal Feher
More information about the bind-users
mailing list