A Zone Transfer Question
Barry Margolin
barmar at alum.mit.edu
Fri Feb 19 19:21:47 UTC 2016
In article <mailman.254.1455908502.73610.bind-users at lists.isc.org>,
David Li <dlipubkey at gmail.com> wrote:
> Hi John,
>
> Here are the files. They are all internal zones without any references
> to external name servers.
The zones should have NS records that list the slave servers, or you
should have an "also-notify" statement in the master's named.conf.
Although with 1-minute refresh times, DNS Notify is hardly necessary. A
more normal configuration is for Refresh to be something like an hour,
and use Notify to expedite zone transfers after a change.
>
> VM1:
> ====
>
> named.conf:
> -------------
>
> #
> # master (on VM1)
> #
> zone "rack1.com" {
> type master;
> file "/var/named/db.rack1.com";
> allow-update { key rndc-key-rack1; }; # For DHCP dynamic update
> };
>
> #
> # slave (on VM2)
> #
> zone "rack3.com" {
> type slave;
> file "/var/named/bak.rack3.com";
> masters { 10.4.3.101; }; #VM3 named IP
> };
>
>
> zone file:
> /var/named/db.rack1.com
> -------------------------
>
> $ORIGIN .
> $TTL 907200 ; 1 week 3 days 12 hours
> rack1.com IN SOA dnsserver1.rack1.com. admin.rack1.com. (
> 8 ; serial
> 60 ; refresh (1 minute)
> 60 ; retry (1 minute)
> 604800 ; expire (1 week)
> 3600 ; minimum (1 hour)
> )
> NS dnsserver1.rack1.com.
> $ORIGIN rack1.com.
> dnsserver1 A 10.4.1.101
>
> $TTL 3600 ; 1 hour
> node1 A 10.4.1.11
> TXT "007ddd47ea6ddcd890312de89e37bde496"
> node2 A 10.4.1.12
> TXT "316a8d5e65fbd9f853df6d90ad1f24ecac"
> node3 A 10.4.1.13
> TXT "009da8179478f9169cb47965e53d19f134"
>
> On VM2
> =======
>
>
>
> named.conf file
> ---------------
>
>
>
>
> #
> # Master
> #
> zone "rack3.com" {
> type master;
> file "/var/named/db.rack3.com";
> allow-update { key rndc-key-rack3; }; # For DHCP update
> };
>
>
> #
> # Slave
> #
> zone "rack1.com" {
> type slave;
> file "/var/named/bak.rack1.com";
> masters { 10.4.1.101; }; # VM1 named IP address
> };
>
>
>
>
> zone file:
> ----------
>
> $ORIGIN .
> $TTL 907200 ; 1 week 3 days 12 hours
> rack3.com IN SOA dnsserver3.rack3.com. admin.rack3.com. (
> 2 ; serial
> 60 ; refresh ()
> 60 ; retry ()
> 604800 ; expire (1 week)
> 3600 ; minimum (1 hour)
> )
> NS dnsserver3.rack3.com.
> $ORIGIN rack3.com.
> dnsserver3 A 10.4.3.101
> $TTL 3600 ; 1 hour
> node1 A 10.4.3.11
> TXT "001395d7d2a164c7efde811584bbc470b9"
>
>
> On Fri, Feb 19, 2016 at 8:59 AM, John Miller <johnmill at brandeis.edu> wrote:
> > On Fri, Feb 19, 2016 at 11:45 AM, David Li <dlipubkey at gmail.com> wrote:
> >> This is my first time to try master slave configuration. Here is a
> >> brief description:
> >>
> >> I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the
> >> master for zone1 and slave for zone2. VM2 is master for zone2 and
> >> slave for zone1. Both zones uses DNS Dynamic Update from DHCP
> >> servers on the same VM
> >> to update the A records in their zone files. No DNSSEC configured.
> >>
> >>
> >> To start, everything seems to be working fine. I have one host in each
> >> zone and they can resolve each other fine.
> >>
> >> Now I add a new host to zone1 and its sequence number has been bumped
> >> up. I read that when the zone1 file changes, it will automatically
> >> notify its slave zone (ie. zone2) to start a zone transfer after 15
> >> min. This never happened. Then I restarted named on VM2 and hoped it
> >> would pull the new zone1 file. This didn't happened either.
> >> Eventually I have to either restart the VM2 or use dig to start the
> >> zone transfer.
> >>
> >> Can anyone spot anything obviously wrong here? Do I need to post my
> >> zone file and named.conf?
> >>
> >
> > Hi David -
> >
> > Yes, it'd certainly help if you posted your named.conf. I don't know
> > that we need the whole zone file: the SOA and NS records would
> > probably suffice in this case, especially if the zone has tons of
> > records.
> >
> > I'll say: it sounds a little odd that you'd expect zone2 to be updated
> > when zone1 changes. The master NS for zone1 will send out NOTIFY
> > messages to the servers listed in the NS records for zone1; it'll also
> > send NOTIFYs to anything you've put in an also-notify block.
> >
> > The 15-minute wait also sounds strange: NOTIFY happens as soon as the
> > serial number of the master zone is incremented and the zone is
> > reloaded. Also, a slave NS will automatically check its master for
> > updates after the refresh interval (1st number after the serial)
> > specified in the SOA record. If you have that set to 15 minutes (900
> > seconds), then yes--the slave would check its master for updates, but
> > it's the _slave_ reaching out to the _master_ in that case. Likewise,
> > slaves will reach out to their master NS when their zones are
> > reloaded.
> >
> > I'm not going to worry about the DHCP dynamic updates piece yet - make
> > sure your master and slave are set up properly before introducing
> > dynamic updates to the mix.
> >
> > John
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list