Trouble create slave zones

Mark Andrews Mark_Andrews at isc.org
Mon Mar 31 21:14:59 UTC 2008 


	A refresh query is equivalent to "dig soa <zone> @<server> +norec".

	You should get only the SOA record for the zone in the
	answer section and "aa" should be set in the flags field.
	If you don't then there is a error on the master.

	Mark

e.g.

; <<>> DiG 9.3.4-P1 <<>> soa +norec dv.isc.org @::1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18464
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; QUESTION SECTION:
;dv.isc.org.			IN	SOA

;; ANSWER SECTION:
dv.isc.org.		3600	IN	SOA	bsdi.dv.isc.org. marka.isc.org. 2007103051 86400 21600 2419200 86400

;; AUTHORITY SECTION:
dv.isc.org.		86400	IN	NS	drugs.dv.isc.org.
dv.isc.org.		86400	IN	NS	bsdi1.dv.isc.org.

;; ADDITIONAL SECTION:
bsdi1.dv.isc.org.	86400	IN	A	192.168.191.233
drugs.dv.isc.org.	86400	IN	A	192.168.191.236
drugs.dv.isc.org.	86400	IN	AAAA	2001:470:1f00:820:214:22ff:fed9:fbdc
drugs.dv.isc.org.	86400	IN	AAAA	fd92:7065:b8e:0:214:22ff:fed9:fbdc
drugs.dv.isc.org.	86400	IN	AAAA	fe80::214:22ff:fed9:fbdc

;; Query time: 29 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Apr  1 08:13:01 2008
;; MSG SIZE  rcvd: 231

> Sorry - good point.  Yes, the slave is also being the firewall.
> 
> If I set the master addres to 192.168.1.1, I get the same result.  If I 
> check my master logs, I do see that my Master dns server is being queried 
> for the records and responding to bind's requests.
> 
> Is there a way I can have bind log more detailed info to try to understand 
> why it thinks the response is non-authoritative?
> 
> Thanks!
> 
> Eric
> 
> "Chris Buxton" <cbuxton at menandmice.com> wrote in message 
> news:B93F8A8D-F72E-47AF-8074-BCBEF1132075 at menandmice.com...
> You didn't say whether the slave server is also behind the firewall.
> If it is, I would guess that the non-authoritative answer is coming
> from the firewall, not from the actual master server. What happens if
> you set the master server address in your zone statement to 192.168.1.1?
> 
> Chris Buxton
> Professional Services
> Men & Mice
> 
> On Mar 31, 2008, at 9:57 AM, Eric B. wrote:
> > Hi,
> >
> > I'm trying to set up bind 9.2.4 to create slave zones on my machine
> > for a
> > bunch of dns zones.  The master is a Win2K Server running it's built-
> > in DNS
> > (not Active Directory).
> >
> > My named.conf file lists the following:
> > options {
> >        directory "/var/named";
> >        dump-file "/var/named/data/cache_dump.db";
> >        statistics-file "/var/named/data/named_stats.txt";
> >        zone-statistics yes;
> >        notify yes; // notify the above IP's when a zone is updated
> >        pid-file "/var/run/named/named.pid";
> >        transfer-format many-answers; // Generates more efficient zone
> > transfers
> >        listen-on { any; };
> > };
> >
> > include "/etc/rndc.key";
> >
> > zone "mydomain.biz.dns" IN { type slave; file "slaves/
> > mydomain.biz.dns";
> > masters { 198.20.1.1; }; };
> >
> >
> > // Include logging config file
> > include "/var/named/conf/logging.conf";
> >
> >
> >
> > However, if I look at /var/log/named/general.log, I see the
> > following error
> > messages:
> > Mar 31 12:26:25.902 zone mydomain.biz.dns/IN: refresh: non-
> > authoritative
> > answer from master 198.20.1.1#53
> >
> > This is confusing me extremely.  If I check the configuration on the
> > master
> > server, the zone is configured as the primary server.  If it is of
> > any help,
> > I can also post the actual dns conf file for the zone on the W2K
> > server.
> >
> > The only thing I can think of is that my zone's NS records point to
> > my DNS
> > server's public address, even though my DNS server is actually
> > behind a
> > firewall and has an internal address:
> >
> > ;    Zone NS recors
> > @                             NS    ns1.mydomain.biz
> > ns1.mydomain.biz.    A        198.20.1.1
> >
> > But my primary server's address is actually 192.168.1.1 (and mapped to
> > 198.20.1.1 through my firewall rules).
> >
> >
> > Is this a configuration problem of bind, the Win2K server, or the
> > actual
> > zone information within the DNS server?
> >
> > Any help, ideas, suggestions would be greatly appreciated.
> >
> > Thanks,
> >
> > Eric
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list