A Zone Transfer Question
David Li
dlipubkey at gmail.com
Fri Feb 19 19:01:18 UTC 2016
Hi John,
Here are the files. They are all internal zones without any references
to external name servers.
VM1:
====
named.conf:
-------------
#
# master (on VM1)
#
zone "rack1.com" {
type master;
file "/var/named/db.rack1.com";
allow-update { key rndc-key-rack1; }; # For DHCP dynamic update
};
#
# slave (on VM2)
#
zone "rack3.com" {
type slave;
file "/var/named/bak.rack3.com";
masters { 10.4.3.101; }; #VM3 named IP
};
zone file:
/var/named/db.rack1.com
-------------------------
$ORIGIN .
$TTL 907200 ; 1 week 3 days 12 hours
rack1.com IN SOA dnsserver1.rack1.com. admin.rack1.com. (
8 ; serial
60 ; refresh (1 minute)
60 ; retry (1 minute)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS dnsserver1.rack1.com.
$ORIGIN rack1.com.
dnsserver1 A 10.4.1.101
$TTL 3600 ; 1 hour
node1 A 10.4.1.11
TXT "007ddd47ea6ddcd890312de89e37bde496"
node2 A 10.4.1.12
TXT "316a8d5e65fbd9f853df6d90ad1f24ecac"
node3 A 10.4.1.13
TXT "009da8179478f9169cb47965e53d19f134"
On VM2
=======
named.conf file
---------------
#
# Master
#
zone "rack3.com" {
type master;
file "/var/named/db.rack3.com";
allow-update { key rndc-key-rack3; }; # For DHCP update
};
#
# Slave
#
zone "rack1.com" {
type slave;
file "/var/named/bak.rack1.com";
masters { 10.4.1.101; }; # VM1 named IP address
};
zone file:
----------
$ORIGIN .
$TTL 907200 ; 1 week 3 days 12 hours
rack3.com IN SOA dnsserver3.rack3.com. admin.rack3.com. (
2 ; serial
60 ; refresh ()
60 ; retry ()
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS dnsserver3.rack3.com.
$ORIGIN rack3.com.
dnsserver3 A 10.4.3.101
$TTL 3600 ; 1 hour
node1 A 10.4.3.11
TXT "001395d7d2a164c7efde811584bbc470b9"
On Fri, Feb 19, 2016 at 8:59 AM, John Miller <johnmill at brandeis.edu> wrote:
> On Fri, Feb 19, 2016 at 11:45 AM, David Li <dlipubkey at gmail.com> wrote:
>> This is my first time to try master slave configuration. Here is a
>> brief description:
>>
>> I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the
>> master for zone1 and slave for zone2. VM2 is master for zone2 and
>> slave for zone1. Both zones uses DNS Dynamic Update from DHCP
>> servers on the same VM
>> to update the A records in their zone files. No DNSSEC configured.
>>
>>
>> To start, everything seems to be working fine. I have one host in each
>> zone and they can resolve each other fine.
>>
>> Now I add a new host to zone1 and its sequence number has been bumped
>> up. I read that when the zone1 file changes, it will automatically
>> notify its slave zone (ie. zone2) to start a zone transfer after 15
>> min. This never happened. Then I restarted named on VM2 and hoped it
>> would pull the new zone1 file. This didn't happened either.
>> Eventually I have to either restart the VM2 or use dig to start the
>> zone transfer.
>>
>> Can anyone spot anything obviously wrong here? Do I need to post my
>> zone file and named.conf?
>>
>
> Hi David -
>
> Yes, it'd certainly help if you posted your named.conf. I don't know
> that we need the whole zone file: the SOA and NS records would
> probably suffice in this case, especially if the zone has tons of
> records.
>
> I'll say: it sounds a little odd that you'd expect zone2 to be updated
> when zone1 changes. The master NS for zone1 will send out NOTIFY
> messages to the servers listed in the NS records for zone1; it'll also
> send NOTIFYs to anything you've put in an also-notify block.
>
> The 15-minute wait also sounds strange: NOTIFY happens as soon as the
> serial number of the master zone is incremented and the zone is
> reloaded. Also, a slave NS will automatically check its master for
> updates after the refresh interval (1st number after the serial)
> specified in the SOA record. If you have that set to 15 minutes (900
> seconds), then yes--the slave would check its master for updates, but
> it's the _slave_ reaching out to the _master_ in that case. Likewise,
> slaves will reach out to their master NS when their zones are
> reloaded.
>
> I'm not going to worry about the DHCP dynamic updates piece yet - make
> sure your master and slave are set up properly before introducing
> dynamic updates to the mix.
>
> John
More information about the bind-users
mailing list