bind9 questions
Timothy.Moseley at hurlburt.af.mil
Timothy.Moseley at hurlburt.af.mil
Thu Mar 1 13:36:33 UTC 2001
As I said QIP (the master) does not support keys. That is why I tried the
rndc.conf w/out the key statement first, I am wanting to know how I can
configure the .conf file w/out it and still get rndc to work.
> >-----Original Message-----
> >From: Jim Reid [mailto:jim at rfc1035.com]
> >Sent: Wednesday, February 28, 2001 5:19 PM
> >To: Timothy.Moseley at hurlburt.af.mil
> >Cc: bind-users at isc.org
> >Subject: Re: bind9 questions
> >
> >
> >>>>>> "Timothy" == Timothy Moseley
> ><Timothy.Moseley at hurlburt.af.mil> writes:
> >
> > Timothy> rndc.conf
> >
> > Timothy> options {
> > Timothy> default-server localhost;
> > Timothy> default-key rndc_key;
> > Timothy> };
> >
> >Where is the key{} statement defining rndc_key? Why have you omitted
> >stuff that the documentation tells you has to be in
> >rndc.conf? Oh, and
> >there are controls{} and key{} statements missing from the named.conf
> >file you posted too. And an allow-update clause in a slave zone{}
> >statement isn't particularly sensible either. Not that those errors
> >have any bearing on failing zone transfers. Hiding the actual domain
> >name and IP addresses doesn't help. All that does is confirm what we
> >see is not the same as what your name server sees.
> >
> > Timothy> MY primary internal is a QIP box running on NT...
> >
> >Sigh.
> >
> > Timothy> when named is started w/ kill -HUP 'cat
> >/var/run/named.pid'
> >
> >You should NEVER use signals to control a name server, especially a
> >BIND9 server. Signals will usually cause a BIND9 server to
> >terminate. And you usually won't start a server by typing "kill -HUP
> >'cat /var/run/named.pid`" either. This might *restart* a
> >BIND8 server,
> >but never start one. [That cat command should be enclosed in
> >backquotes BTW, but leave that to one side.] This has no bearing on
> >failing zone transfers either.
> >
> > Timothy> Feb 28 20:56:15 pinnacle4
> >/usr/local/sbin/named[263]: the default for the
> >'auth-nxdomain' option is now 'no'
> > Timothy> Feb 28 20:56:15 pinnacle4
> >/usr/local/sbin/named[263]: option 'check-names' is not implemented
> >
> >Ignore them. They are just informational. BIND9 should really just
> >shut up about these defaults. They have no bearing on failing zone
> >transfers anyway.
> >
> > Timothy> I have printed out the manual that comes with BIND9
> >
> >Have you tried reading it? :-)
> >
> > Timothy> and have tried everything I can to get zone transfers,
> >
> >What, precisely, have you tried? If you'd "tried everything"
> >you would
> >inevitably have stumbled on a correct configuration by a process of
> >trial and error.
> >
> >Why don't you read the name server's logs? There will be a message
> >there explaining why the zone transfers are failing. What
> >troubleshooting have you done? Can you get zone transfers to work by
> >hand with dig? Is the master server reachable? Does it allow you to
> >make zone transfers? Does the master server answer authoritatively
> >for the zone? If you'd told us the server's address and the domain
> >name, someone might have been able to query it and find the
> >problem. Does the slave have a higher serial number for the zone than
> >the master server? This is a depressingly common problem with QIP.
> >
> > Timothy> what am I doing wrong, besides using NT.
> >
> >Well using QIP doesn't help, but you should already know that.
> >
More information about the bind-users
mailing list