Basic setup question for a master / slave setup with views...

Jim Bucks jbucks at coloradostudios.com
Mon Feb 4 20:10:17 UTC 2008 

additional info on the querylog.....

Jim Bucks wrote:
> Hello Mark,   (posted & mailed)
> 
> Sorry for the delay in responding (been juggling / dropping a lot of 
> balls lately).....
> 
> Mark Andrews wrote:
>>> Hello All,
>>>
>>> I'm trying to "get this done on the weekends" a couple of new named 
>>> servers into production mode - and am stuck on a couple of problems:
>>>
>>>
>>> Here's what I'm running on both boxed.
>>>      Fedora Core 7 Linux 2.6.23.8-34.fc7  i686 i686 i386
>>>      BIND 9.4.2
>>>
>>>
>>> The internal views appear to be working ok (at lest they're creating 
>>> all the zone files in the internal directories on the slave server - 
>>> have not checked if they update changes).
>>>
>>>
>>> The external views are confusing me.  Three of the zones files appear 
>>> to work, but the others (15) throw this error in the slave server's log:
>>>
>>>       zone yyyyyyyyyyyy.yyy/IN/external: refresh: non-authoritative
>>>       answer from master xxx.xxx.xxx.xxx#53 (source 0.0.0.0#0)
>>
>>     This is from the client receiving a response to a SOA query
>>     for the zone which doesn't have the AA bit set.
>>
>>     dig -b 0.0.0.0 yyyyyyyyyyyy.yyy soa +norec @xxx.xxx.xxx.xxx
>>
>>     on the slave to reproduce the query.
>>  
> 
> Well, here's the dig results from the slave server:
>    dig -b 0.0.0.0 1080p.com soa +norec  @67.134.161.162
> 
>    ; <<>> DiG 9.4.2 <<>> -b 0.0.0.0 1080p.com soa +norec @67.134.161.162
>    ;; global options:  printcmd
>    ;; Got answer:
>    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15269
>    ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> 
>    ;; QUESTION SECTION:
>    ;1080p.com.                     IN      SOA
> 
>    ;; AUTHORITY SECTION:
>    .                       276068  IN      NS      K.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      G.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      F.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      C.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      B.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      M.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      J.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      E.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      H.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      A.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      I.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      L.ROOT-SERVERS.NET.
>    .                       276068  IN      NS      D.ROOT-SERVERS.NET.
> 
>    ;; ADDITIONAL SECTION:
>    A.ROOT-SERVERS.NET.     362468  IN      A       198.41.0.4
>    F.ROOT-SERVERS.NET.     362468  IN      A       192.5.5.241
>    B.ROOT-SERVERS.NET.     362468  IN      A       192.228.79.201
>    K.ROOT-SERVERS.NET.     362468  IN      A       193.0.14.129
>    I.ROOT-SERVERS.NET.     362468  IN      A       192.36.148.17
>    G.ROOT-SERVERS.NET.     362468  IN      A       192.112.36.4
>    E.ROOT-SERVERS.NET.     362468  IN      A       192.203.230.10
>    M.ROOT-SERVERS.NET.     362468  IN      A       202.12.27.33
>    J.ROOT-SERVERS.NET.     362468  IN      A       192.58.128.30
>    L.ROOT-SERVERS.NET.     362468  IN      A       199.7.83.42
>    C.ROOT-SERVERS.NET.     362468  IN      A       192.33.4.12
>    D.ROOT-SERVERS.NET.     362468  IN      A       128.8.10.90
>    H.ROOT-SERVERS.NET.     362468  IN      A       128.63.2.53
> 
>    ;; Query time: 29 msec
>    ;; SERVER: 67.134.161.162#53(67.134.161.162)
>    ;; WHEN: Mon Feb  4 08:23:10 2008
>    ;; MSG SIZE  rcvd: 446
> 
> 
> 
> 
> 
>>>       NO errors being logged on the master server.
>>
>>     Do you have the zones configured in the external view on the
>>     master?
>>
> 
> I do believe so.  I have run named-chkconf (named.conf files on master & 
> slave servers) and named-chkzone (every external and internal forward & 
> reverse zone file) against all files.  I'm not getting any errors when 
> running these.
> 
>>     Are you sure the slave is talking to the right view at the
>>     right time.  Check the query log (enable if need be).
>>
> 
> Not sure about this one.  I'll do some reading on this.
> 

ok, now, I'm confused / back to thinking it's a "silly syntax typo"...

Here's what the MASTER server's saying...
Feb  4 12:51:00 dns02 named[16847]: client 67.134.161.163#32786: view 
internal: query: 1080p.com IN SOA -E
Feb  4 12:52:42 dns02 named[16847]: client 67.134.161.163#32786: view 
internal: query: 1080p.com IN SOA -E

1080p.com is not in the internal zone directory.  It's only in the 
external zone directory.


Here's what the SLAVE server's saying...
Feb  4 13:03:16 dns03 named[11347]: zone 1080p.com/IN/external: refresh: 
non-authoritative answer from master 67.134.161.162#53 (source 0.0.0.0#0)







> Thanks for the ideas.
> 
> Jim
> 
>>> I have checked spelling, removed / relaxed "security" settings 
>>> (match-clients & match-destinations) and added explicit "allow's" 
>>> (allow -update and allow-transfer) to no avail.
>>>
>>> Any thoughts on this that might help?  I can provide copes of the 
>>> zones files as well as the master & slave named.conf files.
>>>
>>> Thanks,
>>>
>>> Jim
>>>
>>> -- 
>>> Jim Bucks - IT/IS Support       www.coloradostudios.com
>>> 2400 N. Ulster St.  Denver, CO 80238  Main 303-388-8500
>>> jbucks at coloradostudios.com             DiD 303-542-5520
>>>
>>>
> 

-- 
Jim Bucks - Central IT Support  www.coloradostudios.com
2400 N. Ulster St.  Denver, CO 80238  Main 303-388-8500
jbucks at coloradostudios.com             DiD 303-542-5520

More information about the bind-users mailing list