Can't get zone to xfer to secondary server

Dawn dawn at zapata.org
Thu Aug 16 22:55:28 UTC 2007 

That's the problem right there. You can't have your domain CNAME to a different
FQDN. Remove that record and replace it with an A record and transfer magic
will happen. Yeah, it blows that if the www record changes, you'll have to
manually change the other record...but that blow factor is lower than not
having a functional slave.

Quoting Ryan McCain <Ryan.McCain at dss.state.la.us>:

> Chris,
>
> Thanks for the response.
>
> Here is the output from the dig command:
>
> ; <<>> DiG 9.3.4 <<>> familiesla.com soa +norec @172.20.11.237
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20783
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;familiesla.com.                        IN      SOA
>
> ;; ANSWER SECTION:
> familiesla.com.         3600    IN      CNAME   www.dss.state.la.us.
>
> ;; Query time: 0 msec
> ;; SERVER: 172.20.11.237#53(172.20.11.237)
> ;; WHEN: Thu Aug 16 17:15:15 2007
> ;; MSG SIZE  rcvd: 65
>
> The DNS server is whatever Windows version is on Windows 2000.  Also, there
> is no domain called .com.  I will check with the Windows side of the house on
> this.  Any other suggestions based on the output above?
>
> Thx..
>
> >>> On Thu, Aug 16, 2007 at  3:42 PM, in message
> <CEA4C10F-BCE5-4E0C-8AC6-0B8151D3A9F6 at menandmice.com>, Chris Buxton
> <cbuxton at menandmice.com> wrote:
> > The problem is shown in the error messages at the end.
> >
> > When trying to get a zone transfer, the slave first requests an SOA
> > record from the master. It expects an SOA record in response to the
> > query, but in this case, it's getting a CNAME record. Which indicates
> > that either the master server is not running BIND (nor any other
> > server that enforces the CNAME and other data rule), or else the
> > master server actually has a zone named "com" on it (which it
> > probably shouldn't) and has a CNAME record named familiesla.com
> > inside that zone.
> >
> > Check the configuration of the master. We on the list can't, from the
> > outside, because the master is on a private address. However, if we
> > were able to, the shell command would look like this:
> >
> > dig familiesla.com soa +norec @172.20.11.237
> >
> > Chris Buxton
> > Men & Mice
> >
> > On Aug 16, 2007, at 1:34 PM, Ryan McCain wrote:
> >
> >> I'm attempting to install a secondary DNS server using BIND 9.3.2
> >> on SLES 10.  It should host multiple zones 2 of which are
> >> 'dss.state.la.us' and 'familiesla.com'.
> >>
> >> The primary DNS server is a Windows server and I have given the
> >> secondary server permission to do zone xfers for both of these
> >> domains, however, only 'dss.state.la.us' comes down. The zone file
> >> for 'familiesla.com' is never created.  I'm not sure why.
> >>
> >> Here is the log:
> >>
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: found 1 CPU, using 1
> >> worker thread
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: loading configuration
> >> from '/etc/named.conf'
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv6
> >> interfaces, port 53
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
> >> interface lo, 127.0.0.1#53
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: listening on IPv4
> >> interface eth0, 10.120.9.246#53
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
> >> on 127.0.0.1#953
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: command channel listening
> >> on ::1#953
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone 0.0.127.in-addr.arpa/
> >> IN: loaded serial 42
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone localhost/IN: loaded
> >> serial 42
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:42:
> >> gc._msdcs.dss.state.la.us: bad owner name (check-names)
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:43:
> >> gc._msdcs.dss.state.la.us: bad owner name (check-names)
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
> >> 128: btr_cluster.dss.state.la.us: bad owner name (check-names)
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
> >> 1003: ipat_ocs.dss.state.la.us: bad owner name (check-names)
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: slave/dss.state.la.us:
> >> 1076: ocs_nt_3.dss.state.la.us: bad owner name (check-names)
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: zone dss.state.la.us/IN:
> >> loaded serial 11146
> >> Aug 16 15:09:47 dss-cs99la14 named[8126]: running
> >> Aug 16 15:09:48 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> >> 0.0.0.0#0)
> >> Aug 16 15:11:01 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> >> 0.0.0.0#0)
> >> Aug 16 15:12:20 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> >> 0.0.0.0#0)
> >> Aug 16 15:15:25 dss-cs99la14 named[8126]: zone familiesla.com/IN:
> >> refresh: CNAME at top of zone in master 172.20.11.237#53 (source
> >> 0.0.0.0#0)
> >>
> >>
> >> ... That didn't tell me too much as to why the familiesla.com zone
> >> isn't being added to the secondary DNS server.
> >>
> >> Any ideas?
> >>
> >> Thanks, Ryan
> >>
> >>
> >>
> >>
>
>

More information about the bind-users mailing list