Basic setup question for a master / slave setup with views...
Jim Bucks
jbucks at coloradostudios.com
Mon Feb 4 20:10:17 UTC 2008
additional info on the querylog.....
Jim Bucks wrote:
> Hello Mark, (posted & mailed)
>
> Sorry for the delay in responding (been juggling / dropping a lot of
> balls lately).....
>
> Mark Andrews wrote:
>>> Hello All,
>>>
>>> I'm trying to "get this done on the weekends" a couple of new named
>>> servers into production mode - and am stuck on a couple of problems:
>>>
>>>
>>> Here's what I'm running on both boxed.
>>> Fedora Core 7 Linux 2.6.23.8-34.fc7 i686 i686 i386
>>> BIND 9.4.2
>>>
>>>
>>> The internal views appear to be working ok (at lest they're creating
>>> all the zone files in the internal directories on the slave server -
>>> have not checked if they update changes).
>>>
>>>
>>> The external views are confusing me. Three of the zones files appear
>>> to work, but the others (15) throw this error in the slave server's log:
>>>
>>> zone yyyyyyyyyyyy.yyy/IN/external: refresh: non-authoritative
>>> answer from master xxx.xxx.xxx.xxx#53 (source 0.0.0.0#0)
>>
>> This is from the client receiving a response to a SOA query
>> for the zone which doesn't have the AA bit set.
>>
>> dig -b 0.0.0.0 yyyyyyyyyyyy.yyy soa +norec @xxx.xxx.xxx.xxx
>>
>> on the slave to reproduce the query.
>>
>
> Well, here's the dig results from the slave server:
> dig -b 0.0.0.0 1080p.com soa +norec @67.134.161.162
>
> ; <<>> DiG 9.4.2 <<>> -b 0.0.0.0 1080p.com soa +norec @67.134.161.162
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15269
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
>
> ;; QUESTION SECTION:
> ;1080p.com. IN SOA
>
> ;; AUTHORITY SECTION:
> . 276068 IN NS K.ROOT-SERVERS.NET.
> . 276068 IN NS G.ROOT-SERVERS.NET.
> . 276068 IN NS F.ROOT-SERVERS.NET.
> . 276068 IN NS C.ROOT-SERVERS.NET.
> . 276068 IN NS B.ROOT-SERVERS.NET.
> . 276068 IN NS M.ROOT-SERVERS.NET.
> . 276068 IN NS J.ROOT-SERVERS.NET.
> . 276068 IN NS E.ROOT-SERVERS.NET.
> . 276068 IN NS H.ROOT-SERVERS.NET.
> . 276068 IN NS A.ROOT-SERVERS.NET.
> . 276068 IN NS I.ROOT-SERVERS.NET.
> . 276068 IN NS L.ROOT-SERVERS.NET.
> . 276068 IN NS D.ROOT-SERVERS.NET.
>
> ;; ADDITIONAL SECTION:
> A.ROOT-SERVERS.NET. 362468 IN A 198.41.0.4
> F.ROOT-SERVERS.NET. 362468 IN A 192.5.5.241
> B.ROOT-SERVERS.NET. 362468 IN A 192.228.79.201
> K.ROOT-SERVERS.NET. 362468 IN A 193.0.14.129
> I.ROOT-SERVERS.NET. 362468 IN A 192.36.148.17
> G.ROOT-SERVERS.NET. 362468 IN A 192.112.36.4
> E.ROOT-SERVERS.NET. 362468 IN A 192.203.230.10
> M.ROOT-SERVERS.NET. 362468 IN A 202.12.27.33
> J.ROOT-SERVERS.NET. 362468 IN A 192.58.128.30
> L.ROOT-SERVERS.NET. 362468 IN A 199.7.83.42
> C.ROOT-SERVERS.NET. 362468 IN A 192.33.4.12
> D.ROOT-SERVERS.NET. 362468 IN A 128.8.10.90
> H.ROOT-SERVERS.NET. 362468 IN A 128.63.2.53
>
> ;; Query time: 29 msec
> ;; SERVER: 67.134.161.162#53(67.134.161.162)
> ;; WHEN: Mon Feb 4 08:23:10 2008
> ;; MSG SIZE rcvd: 446
>
>
>
>
>
>>> NO errors being logged on the master server.
>>
>> Do you have the zones configured in the external view on the
>> master?
>>
>
> I do believe so. I have run named-chkconf (named.conf files on master &
> slave servers) and named-chkzone (every external and internal forward &
> reverse zone file) against all files. I'm not getting any errors when
> running these.
>
>> Are you sure the slave is talking to the right view at the
>> right time. Check the query log (enable if need be).
>>
>
> Not sure about this one. I'll do some reading on this.
>
ok, now, I'm confused / back to thinking it's a "silly syntax typo"...
Here's what the MASTER server's saying...
Feb 4 12:51:00 dns02 named[16847]: client 67.134.161.163#32786: view
internal: query: 1080p.com IN SOA -E
Feb 4 12:52:42 dns02 named[16847]: client 67.134.161.163#32786: view
internal: query: 1080p.com IN SOA -E
1080p.com is not in the internal zone directory. It's only in the
external zone directory.
Here's what the SLAVE server's saying...
Feb 4 13:03:16 dns03 named[11347]: zone 1080p.com/IN/external: refresh:
non-authoritative answer from master 67.134.161.162#53 (source 0.0.0.0#0)
> Thanks for the ideas.
>
> Jim
>
>>> I have checked spelling, removed / relaxed "security" settings
>>> (match-clients & match-destinations) and added explicit "allow's"
>>> (allow -update and allow-transfer) to no avail.
>>>
>>> Any thoughts on this that might help? I can provide copes of the
>>> zones files as well as the master & slave named.conf files.
>>>
>>> Thanks,
>>>
>>> Jim
>>>
>>> --
>>> Jim Bucks - IT/IS Support www.coloradostudios.com
>>> 2400 N. Ulster St. Denver, CO 80238 Main 303-388-8500
>>> jbucks at coloradostudios.com DiD 303-542-5520
>>>
>>>
>
--
Jim Bucks - Central IT Support www.coloradostudios.com
2400 N. Ulster St. Denver, CO 80238 Main 303-388-8500
jbucks at coloradostudios.com DiD 303-542-5520
More information about the bind-users
mailing list