Trouble create slave zones
Eric B.
ebenze at hotmail.com
Wed Apr 2 15:35:25 UTC 2008
"Mark Andrews" <Mark_Andrews at isc.org> wrote in message
news:200804012158.m31LwfZp081249 at drugs.dv.isc.org...
>
>> On 01-Apr-2008, at 09:21 , Eric B. wrote:
>> > Thanks Mark.
>> >
>> > I tried a dig soa command and got the following output. I am hoping
>> > that
>> > someone can help me determine what is missing. The one thing I
>> > noticed is
>> > that I don't have the "AUTHORITY" section. Could that be triggering
>> > the
>> > problem? If so, any ideas how can I ensure that it is present?
>> > What do I
>> > need to make sure is in my Master conf file to have that appear?
>>
>> > # dig soa mydomain.biz @198.20.1.1 +norec
>> >
>> > ; <<>> DiG 9.2.4 <<>> soa mydomain.biz @198.20.1.1 +norec
>> > ; (1 server found)
>> > ;; global options: printcmd
>> > ;; Got answer:
>> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42824
>> > ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> >
>>
>>
>> The AUTHORITY section is only present when the name server that
>> responds is not authoritative for the data you queried about. The
>> presence of the AUTHORITY section suggests "I'm not authoritative for
>> this data, the name servers listed here are." You wouldn't expect it
>> to be present in a response from your master.
>>
>> The key thing to note in your output is that the +aa bit is set, which
>> means that this is an authoritative response.
>>
>> Looking back at your original post, I see where your problem is:
>>
>> > zone "mydomain.biz.dns" IN { type slave; file "slaves/
>> > mydomain.biz.dns";
>> > masters { 198.20.1.1; }; };
>> >
>>
>>
>> The zones 'mydomain.biz.dns' (in your config file) and 'mydomain.biz'
>> are not the same. Your master is authoritative for mydomain.biz, but
>> your slave is configured to do a zone transfer for mydomain.biz.dns,
>> which your master is not authoritative for.
>>
>> Fix your slave configuration and you should be golden.
>
> This is also a example of why you should not try to hide
> details when debugging problems. This would most problably
> been addressed at the start if you had not tried to hide the
> zone name and the master's address.
>
> People would have tried querying the master and probably
> deduced the error.
It is unfortunate to need to mask some of this information, however,
experience has taught me that addresses and domain names are very happily
harvested from mailing lists and newsgroups by ill-meaning people.
Consequently, I try to keep as much information as accurate as possible,
only modifying a small detail here or there to throw of the scent of a bot.
However point taken.
Thx again for your help.
Eric
More information about the bind-users
mailing list