bind9 questions

Jim Reid jim at rfc1035.com
Wed Feb 28 23:18:38 UTC 2001 

>>>>> "Timothy" == Timothy Moseley <Timothy.Moseley at hurlburt.af.mil> writes:

    Timothy> rndc.conf

    Timothy> options {
    Timothy>	default-server localhost; 
    Timothy>	default-key rndc_key;
    Timothy> };

Where is the key{} statement defining rndc_key? Why have you omitted
stuff that the documentation tells you has to be in rndc.conf? Oh, and
there are controls{} and key{} statements missing from the named.conf
file you posted too. And an allow-update clause in a slave zone{}
statement isn't particularly sensible either. Not that those errors
have any bearing on failing zone transfers. Hiding the actual domain
name and IP addresses doesn't help. All that does is confirm what we
see is not the same as what your name server sees.

    Timothy> MY primary internal is a QIP box running on NT...

Sigh.

    Timothy> when named is started w/ kill -HUP 'cat /var/run/named.pid'

You should NEVER use signals to control a name server, especially a
BIND9 server. Signals will usually cause a BIND9 server to
terminate. And you usually won't start a server by typing "kill -HUP
'cat /var/run/named.pid`" either. This might *restart* a BIND8 server,
but never start one. [That cat command should be enclosed in
backquotes BTW, but leave that to one side.] This has no bearing on
failing zone transfers either.

    Timothy> Feb 28 20:56:15 pinnacle4 /usr/local/sbin/named[263]: the default for the 'auth-nxdomain' option is now 'no' 
    Timothy> Feb 28 20:56:15 pinnacle4 /usr/local/sbin/named[263]: option 'check-names' is not implemented

Ignore them. They are just informational. BIND9 should really just
shut up about these defaults. They have no bearing on failing zone
transfers anyway.

    Timothy> I have printed out the manual that comes with BIND9 

Have you tried reading it? :-)

    Timothy> and have tried everything I can to get zone transfers, 

What, precisely, have you tried? If you'd "tried everything" you would
inevitably have stumbled on a correct configuration by a process of
trial and error.

Why don't you read the name server's logs? There will be a message
there explaining why the zone transfers are failing. What
troubleshooting have you done? Can you get zone transfers to work by
hand with dig? Is the master server reachable? Does it allow you to
make zone transfers?  Does the master server answer authoritatively
for the zone? If you'd told us the server's address and the domain
name, someone might have been able to query it and find the
problem. Does the slave have a higher serial number for the zone than
the master server? This is a depressingly common problem with QIP.

    Timothy> what am I doing wrong, besides using NT.

Well using QIP doesn't help, but you should already know that.

More information about the bind-users mailing list