{Disarmed} Re: Unable to get Zone transfer to work
Jeff Reasoner
jeff.reasoner at mail.hccanet.org
Thu Dec 20 19:32:44 UTC 2007
On Thu, 2007-12-20 at 14:09 -0500, Vincent Yonemitsu wrote:
> HOLY COW I figured it out, apparently you have to specify the slave
> directory as /var/named/slaves
There is no requirement regarding the name or location of the
transferred zonefiles - That depends strictly in what you put in the
config files.
> you can just bump it into a location of your choice. not only that you
> can't have a blank zone file in there it needs to be created from scratch.
You also don't need to create a file at all on the slave. Named on the
slave will create it (again based on the filename in named.conf) when
transferring the zone. Could this have been a problem with permissions?
The account that named runs under would need rw access
in /var/named/slaves in this case.
> This seems very undocumented. Is this an issue with 9.x? or just with fedora?
Probably more to do with some aspect of your server setup. I don't think
that what you have described is a known issue - certainly not an issue
I've come across in any version of bind 9 I have ever run. There have
been many issues with bind vis-a-vis SELinux on RedHat. Searching this
newslist archive should yield plenty of information on that topic.
>
> --
>
> Vincent Yonemitsu
> Information Technology and Infrastructure Manager
> vincentyonemitsu at soilengineersltd.com
> Tel. (416) 754-8515 x 270
>
> 100 Nugget Avenue
> Toronto, Ontario M1S 3A7
> Toll Free Tel. (800) 268-5624 x 270
> Fax: (416) 754-8516
>
> This message is intended only for the use of the individual to which it is
> addressed and contains information that is privileged and confidential. If
> this e-mail is not intended for you, any reading, distribution, copying,
> or disclosure of this e-mail is strictly prohibited. If you have received
> this communication in error, please notify Soil Engineers Ltd.
> immediately. Soil Engineers Ltd. assumes no liability for any unauthorized
> use or alteration of the contents or attachments of this e-mail.
>
> Have a look at our website: http://www.soilengineersltd.com
>
> > Thats the other wierd thing I am not seeing anything in either log file.
> > both log files are empty.
> >
> > --
> >
> > Vincent Yonemitsu
> > Information Technology and Infrastructure Manager
> > vincentyonemitsu at soilengineersltd.com
> > Tel. (416) 754-8515 x 270
> >
> > 100 Nugget Avenue
> > Toronto, Ontario M1S 3A7
> > Toll Free Tel. (800) 268-5624 x 270
> > Fax: (416) 754-8516
> >
> > This message is intended only for the use of the individual to which it is
> > addressed and contains information that is privileged and confidential. If
> > this e-mail is not intended for you, any reading, distribution, copying,
> > or disclosure of this e-mail is strictly prohibited. If you have received
> > this communication in error, please notify Soil Engineers Ltd.
> > immediately. Soil Engineers Ltd. assumes no liability for any unauthorized
> > use or alteration of the contents or attachments of this e-mail.
> >
> > Have a look at our website: http://www.soilengineersltd.com
> >
> >> What messages are in you log file on both the slave and the master?
> >>
> >> On Dec 20, 2007 8:45 AM, Vincent Yonemitsu <vince at soilengineersltd.com>
> >> wrote:
> >>
> >>> Ok,
> >>> I have a pair of Bind servers 9.xx running on fedora.
> >>> These are sitting on IP's 192.168.1.10 and 192.168.1.11 master and
> >>> slave
> >>> respectively.
> >>>
> >>> They have static Nats to the outside world of 99.99.99.10 and
> >>> 99.99.99.11
> >>> I am unable to get the master zone on the master to transfer to the
> >>> slave.
> >>> Here is my named.conf on the master
> >>>
> >>> [root at ns1 named]# cat /etc/named.conf
> >>> acl "trusted" {
> >>> localhost;
> >>> 192.168.0.0/24;
> >>> 192.168.1.0/24;
> >>> };
> >>>
> >>> options {
> >>> directory "/var/named";
> >>> allow-recursion { trusted; };
> >>> allow-query { trusted; };
> >>> allow-notify {192.168.1.11; };
> >>> version "get lost";
> >>> listen-on {
> >>> 192.168.1.10;
> >>> 127.0.0.1;
> >>> };
> >>> forwarders {
> >>> 207.181.101.4;
> >>> 207.181.101.5;
> >>> };
> >>> forward first;
> >>> recursion yes;
> >>> };
> >>>
> >>> logging{
> >>> channel example_log{
> >>> file "/var/log/named/example.log" versions 3 size 2m;
> >>> severity info;
> >>> print-severity yes;
> >>> print-time yes;
> >>> print-category yes;
> >>> };
> >>>
> >>> category default{
> >>> example_log;
> >>> };
> >>> };
> >>>
> >>> zone "." {
> >>> type hint;
> >>> file "/var/named/root.servers";
> >>> };
> >>> zone "mydomain.com" in{
> >>> type master;
> >>> file "/var/named/mydomain.com.zone";
> >>> allow-transfer {192.168.1.11;};
> >>> };
> >>>
> >>> Here is the mydomain.com zone file.
> >>>
> >>> [root at ns1 named]# cat mydomain.com.zone
> >>> $TTL 86400
> >>> mydomain.com. IN SOA ns1.mydomain.com. ns2.mydomain.com.
> >>> (
> >>> 200712201
> >>> 60
> >>> 3600
> >>> 604800
> >>> 38400
> >>> )
> >>>
> >>> mydomain.com. IN NS ns1.mydomain.com.
> >>> mydomain.com. IN NS ns2.mydomain.com.
> >>> mydomain.com. IN MX 10 mail.mydomain.com.
> >>>
> >>> www IN A 99.99.99.230
> >>> mail IN A 99.99.99.229
> >>> ns1 IN A 192.168.1.10
> >>> ns2 IN A 192.168.1.11
> >>> ldap IN A 99.99.99.232
> >>> iis IN A 99.99.99.231
> >>> dms IN A 99.99.99.234
> >>> brback IN A 99.99.99.233
> >>>
> >>>
> >>> Here is the named.conf file on the Slave
> >>>
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]#
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# ls
> >>> data dynamic named.ca named.empty named.localhost named.loopback
> >>> root.servers slaves
> >>> [root at ns2 named]# service named stop
> >>> Stopping named: [ OK ]
> >>> [root at ns2 named]# vi soilengineersltd.com
> >>> [root at ns2 named]# service named start
> >>> Starting named: [ OK ]
> >>> [root at ns2 named]# ls
> >>> data named.ca named.localhost root.servers
> >>> soilengineersltd.com
> >>> dynamic named.empty named.loopback slaves
> >>> [root at ns2 named]# service named stop
> >>> Stopping named: [ OK ]
> >>> [root at ns2 named]# vi soilengineersltd.com.zone
> >>> [root at ns2 named]# service named start
> >>> Starting named: [ OK ]
> >>> [root at ns2 named]# cat soilengineersltd.com.zone
> >>> [root at ns2 named]# rm soilengineersltd.com
> >>> rm: remove regular empty file `soilengineersltd.com'? y
> >>> [root at ns2 named]# ls
> >>> data named.ca named.localhost root.servers
> >>> soilengineersltd.com.zone
> >>> dynamic named.empty named.loopback slaves
> >>> [root at ns2 named]# cat named.conf
> >>> cat: named.conf: No such file or directory
> >>> [root at ns2 named]# cat /etc/named.conf
> >>> acl "trusted" {
> >>> localhost;
> >>> 192.168.0.0/24;
> >>> 192.168.1.0/24;
> >>> };
> >>>
> >>> options {
> >>> directory "/var/named";
> >>> allow-recursion { trusted; };
> >>> allow-query { trusted; };
> >>> version "get lost";
> >>> allow-transfer {192.168.1.10;};
> >>> listen-on {
> >>> 192.168.1.11;
> >>> 127.0.0.1;
> >>> };
> >>> forwarders {
> >>> 207.181.101.4;
> >>> 207.181.101.5;
> >>> };
> >>> forward first;
> >>> recursion yes;
> >>> };
> >>>
> >>> logging{
> >>> channel example_log{
> >>> file "/var/log/named/example.log" versions 3 size 2m;
> >>> severity info;
> >>> print-severity yes;
> >>> print-time yes;
> >>> print-category yes;
> >>> };
> >>>
> >>> category default{
> >>> example_log;
> >>> };
> >>> };
> >>>
> >>> zone "." {
> >>> type hint;
> >>> file "/var/named/root.servers";
> >>> };
> >>> zone "soilengineersltd.com" in{
> >>> type slave;
> >>> file "/var/named/soilengineersltd.com.zone";
> >>> masters {192.168.1.10; };
> >>> };
> >>>
> >>>
> >>> Here is named.conf file on the Slave
> >>>
> >>> [root at ns2 named]# cat /etc/named.conf
> >>> acl "trusted" {
> >>> localhost;
> >>> 192.168.0.0/24;
> >>> 192.168.1.0/24;
> >>> };
> >>>
> >>> options {
> >>> directory "/var/named";
> >>> allow-recursion { trusted; };
> >>> allow-query { trusted; };
> >>> version "get lost";
> >>> allow-transfer {192.168.1.10;};
> >>> listen-on {
> >>> 192.168.1.11;
> >>> 127.0.0.1;
> >>> };
> >>> forwarders {
> >>> 207.181.101.4;
> >>> 207.181.101.5;
> >>> };
> >>> forward first;
> >>> recursion yes;
> >>> };
> >>>
> >>> logging{
> >>> channel example_log{
> >>> file "/var/log/named/example.log" versions 3 size 2m;
> >>> severity info;
> >>> print-severity yes;
> >>> print-time yes;
> >>> print-category yes;
> >>> };
> >>>
> >>> category default{
> >>> example_log;
> >>> };
> >>> };
> >>>
> >>> zone "." {
> >>> type hint;
> >>> file "/var/named/root.servers";
> >>> };
> >>> zone "mydomain.com" in{
> >>> type slave;
> >>> file "/var/named/mydomain.com.zone";
> >>> masters {192.168.1.10; };
> >>> };
> >>>
> >>>
> >>> Any Ideas on where I screwed up? The server can ping eahcother and can
> >>> resolave against eachother but the zone file won't transfer.
> >>> I created a blank /var/named/mydomain.com.zone on the slave but it
> >>> continues to be empty after many bounces of the server...Ps I reduced
> >>> the
> >>> refresh to 60 to try and hurry up the process.
> >>>
> >>> --
> >>>
> >>> Vincent Yonemitsu
> >>> Information Technology and Infrastructure Manager
> >>> vincentyonemitsu at soilengineersltd.com
> >>> Tel. (416) 754-8515 x 270
> >>>
> >>> 100 Nugget Avenue
> >>> Toronto, Ontario M1S 3A7
> >>> Toll Free Tel. (800) 268-5624 x 270
> >>> Fax: (416) 754-8516
> >>>
> >>> This message is intended only for the use of the individual to which it
> >>> is
> >>> addressed and contains information that is privileged and confidential.
> >>> If
> >>> this e-mail is not intended for you, any reading, distribution,
> >>> copying,
> >>> or disclosure of this e-mail is strictly prohibited. If you have
> >>> received
> >>> this communication in error, please notify Soil Engineers Ltd.
> >>> immediately. Soil Engineers Ltd. assumes no liability for any
> >>> unauthorized
> >>> use or alteration of the contents or attachments of this e-mail.
> >>>
> >>> Have a look at our website: http://www.soilengineersltd.com
> >>>
> >>>
> >>>
> >>> --
> >>> This message has been scanned for viruses and
> >>> dangerous content by MailScanner, and is
> >>> believed to be clean.
> >>>
> >>>
> >>>
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >>
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>
>
--
Jeff Reasoner
HCCA
513 728-7902 office
513 728-7958 fax
More information about the bind-users
mailing list