DNS Slave server CANNOT get zone files from Master Server

Patrick Chiang saikang at gmail.com
Thu Oct 7 20:52:00 UTC 2004 

Hi everybody,

I think my question is probably a FAQ, but I still can't find an answer
from the Internet. Hope someone can give me some hints to fix my
problems.

I have a master DNS Server working properly, which connects to internet
directly. Recently I setup a Slave DNS server "behind" a simple firewall
(actually it's a wireless router D-Link DI-524 with NAT), I've set up a
mapping to my internal Slave DNS Server, 192.168.0.254.

I was wondering should I open some firewall ports to help them do "Zone
Transfer" ? I've opened TCP/UDP 53 everywhere (Maser/Slave DNS Server
with iptables, wireless rounter TCP/UDP 53) and I expected there would
be a zone file appear in /var/named/chroot/var/named/slave - I was told
that this was a good sign that master server had successfully transfered
zone file(s) to slave server. Am I correct ?

Below is my settings. Hopefully anyone in the list can help me find out
the errors. Thanks in advance :)

-----------  Envrionemt -----------------------
Master&Slave are Fedora Core 2,BIND 9.2.3-13

-----------  Cfg filez ------------------------
Master DNS (ip address: 55.66.77.88)
-----------------------------------------------
/var/named/chroot/etc/named.conf
-----------------------------------------------
options {
   directory "/var/named";
   statistics-file "/var/run/named/named.stats";
};
----<snip>---
zone "foo.org" IN{
        type master;
        file "foo.org.domain";
        zone-statistics yes;
        notify yes;
        also-notify { 11.22.33.44; };
};

-----------------------------------------------
Slave (ip address: 11.22.33.44)
-----------------------------------------------
/var/named/chroot/etc/named.conf (Copy from master's)
-----------------------------------------------
<snip>
zone "foo.org" IN{
        type slave;
        file "slave/foo.org.domain.bak";
        masters { 55.66.77.88; };
        zone-statistics yes;
};

-------------------------------------------------
O U T P U T (on slave DNS server)
-------------------------------------------------
# rndc reload
named[25483]: zone foo.org/IN: refresh: non-authoritative answer from
master 55.66.77.88#53

ps.
/var/named/chroot/var/named/slaves is "drwxrwx---", owned by named:named

More information about the bind-users mailing list