Secondary DNS Issues

Mon Dec 22 15:56:05 UTC 2008

Thanks for the response:

On Dec 22, 10:38 am, Kirk <b... at kirkb.net> wrote:
> Bryce Fischer wrote:
> > On Dec 22, 9:52 am, Bryce Fischer <br... at berzerker-soft.com> wrote:
> >> I'm trying to use xname.org to use as secondary DNS servers. I have
> >> setup the following zone from my primary NS:
>
> >> (named.conf.local)
>
> >> zone "gwatdesigns.com" {
> >>         type master;
> >>         file "/etc/bind/zones/gwatdesigns.com.db";
> >>         allow-transfer {
> >>                 87.98.164.164; 195.234.42.1;
> >>         };
>
> >> };
>
> >> where the two IP addresses are those given by xname.org for secondary
> >> NS.
>
> >> The only error I"m seeing in syslog is:
>
> >> Dec 22 09:44:38 jupiter named[5209]: client 87.98.164.164#45789: zone
> >> transfer 'gwatdesigns.com/AXFR/IN' denied
>
> >> Configuration on XName seem pretty straight forward. I set the
> >> following form fields:
>
> >> Primary Nameserver IP: 207.192.71.243
> >> Allow Transfers From: Master Only
>
> >> Not sure what else to look for. It seems to me that I have the master
> >> setup correctly, but I'm willing to bet I've forgotten something that
> >> is probably obvious.
>
> > As it may be applicable, this is the result from
> > root at jupiter:/etc# dig @ns1.berzerker-soft.com gwatdesigns.com axfr
>
> > ; <<>> DiG 9.4.2-P1 <<>> @ns1.berzerker-soft.com gwatdesigns.com axfr
> > ; (1 server found)
> > ;; global options:  printcmd
> > ; Transfer failed.
>
> > Which is also the results from the xname.org log file.
>
> Are you certain your configs are the same on your ns1 and
> ns2.berzerker-soft.com.

ns2 was originally supposed to be the slave, and ns1 was the master.
I'm moving from ns2 because they are on the same network, and was
hoping to use xname to provide secondary DNS.

> I am able to do zone transfers from your ns2 just fine but not ns1.

But, this brings up the other issue I was moving from NS2 as a slave.
It was having issues retrieving zone information from NS1, and I had
thought it was an issue with NS2. For the domain in question, it would
always retrieve an older version of the zone record, no matter if the
primary serial was greater than the slave. This is the configuration
for the domain on NS2:

zone "gwatdesigns.com" {
        type slave;
        file "/etc/bind/zones/gwatdesigns.com.db";
        masters { 207.192.71.243; };
        };

where 207.192.71.243 is the IP address of the NS1.

> dig @NS2.BERZERKER-SOFT.COM. gwatdesigns.com. axfr

<snip response from NS2.berzerker-soft.com>

After you posted this, I realized I should check the other domains I
am hosting to see if it was the configuration of this particular
domain.

dig @ns1.berzerker-soft.com sebringfans.com axfr

returns the correct information for this domain, so I am going to try
to see what might be different about the two domain records on the
primary server.

Thanks again for the response.