| |
| |
| |
|
Comments:
<0> hello
<0> :D
<1> hi
<2> happy fourth of july
<3> I have a BIND DNS server, and i'm looking to migrate to maradns. My BIND server act as an authoritativa and recursive name server. It's an secondary DNS for another nameserver. To act as an secondary ns, i need to create a cron job to "manually" update the zonefile using fetchzone? daily? hourly?
<4> arthurgeek: No, all you need is a lower serial than your primary dns.
<3> WoodyWoodpecker: but maradns has no direct support for being an slave server... look: http://www.maradns.org/tutorial/1.2/dnsslave.html
<4> oh, I thought you were asking about bind. I have no idea with maradns. Why do you want to change anyway?
<4> I propably can't help you there :-/
<3> http://en.wikipedia.org/wiki/MaraDNS -> i found something here.. MaraDNS has limited support for being a slave DNS server. While MaraDNS includes a tool that can receive zone files, this process needs to be automated via an external program, such as crontab, and MaraDNS needs to be restarted to load the zone in question.
<3> i wanna change for maradns because i liked the simplicity and the security reasons...
<4> arthurgeek: If you configure bind9 properly, you will have as much security issues as with every other dns server.
<4> I don't like dirty hacks for something so trivial as zone transfers...
<5> I maded an change on my zone file. updated the serial. how long secondary ns will update this zone file?
<6> depends on TTL usually. or you force it to reload
<7> the master should notify the slave
<5> TheBonsai: i reloaded named here
<6> lunaphyte: are notifies on by def?
<6> macaco_prego: i meant "force the slave to reload the zone from master"
<5> right... i reloaded named on slave too.. (i also renamed zone file on slave)... named should get the zone from my master here, right? but it gets an old file... this file no exists here anymore... how this is possible?
<7> i believe so
<6> macaco_prego: mh. mmmmh. sure your bind doesn't run inside a chroot and you just changed a file in the wrong dir? which serial does your named return when you dig @localhost your.zone IN SOA?
<7> logs should show serials being loaded too.
<5> TheBonsai: no chroot here... on my primary ns, dig returns: caraguanet.com.br. 3600 IN SOA caraguanet.com.br. root.caraguanet.com.br. 2006070401 3600 3600 1209600 604800
<6> is that the right serial?
<5> yep
<6> what does the primary and sec log say? (zone transfers are usually visible in logs)
<5> notify.log ?
<6> wherever bind may log to
<6> (that's configurable....)
<5> i know, but i have multiple log files.... for several categories
<5> 05-Jul-2006 15:41:08.415 zone caraguanet.com.br/IN: loaded serial 2006070401 -> on my primary server
<5> i'll get from slave server
<5> Jul 5 15:11:27 dns named[6165]: zone caraguanet.com.br/IN: loaded serial 2006063001
<6> and the transfer message of that trans...
<6> wait
<6> there is no zone transfer
<6> :)
<5> teh same dig command on slave: caraguanet.com.br. 604800 IN SOA web.caraguanet.com.br. root.caraguanet.com.br. 2006063001 3600 3600 1209600 604800
<5> TheBonsai: what?
<6> the sec says it loaded zone
<6> no word about a transfer
<6> mh
<5> Jul 5 15:23:07 dns named[6368]: transfer of 'caraguanet.com.br/IN' from 200.206.190.252#53: end of transfer
<6> can you try to put notify yes; into the zone-statement on the prim?
<5> this line?
<6> oh
<6> :)
<6> mh
<6> i've seen that before
<6> *think*
<6> bla
<5> this line doens't have the serial, so i don't pasted here
<6> blubb
<6> mmmmh
<6> MMMMMH
<6> PERMISSIONS!
<6> is the sec allowed to create files in his zones-dir?
<6> (it will create a temp, then rename it, and reload it)
<5> it worked before.. no changes on the sec... i just migrated the primary from debian to gentoo... so i think the problem isn't on sec
<6> 1. what does the pri tell about the transfer?
<6> 2. gentoo ****s.
<6> 3. it's worth a try. check as which user named is running and check the permissions in <wherever it writes the slave zones>
<5> wow.. no line abpout transfer on primary logs...
<5> 05-Jul-2006 16:13:05.023 client 192.168.0.54#1084: update 'caraguanet.com.br/IN' denied -> i found this on logs too... related?
<5> and the permissions on secondary is ok... i deleted the zone from my primary... restarted named and it gets an unexistent zone file (it existed.. was an old zone)...
<6> uhm
<6> changed the wrong named.conf? ;)
<5> dig @localhost caraguanet.com.br AXFR -> on my primary server returns info about the old zone file and the one secondary gets
<5> and my contact on secondary server disconnected.. :( ... so, i can just look at info on my server (the primary one)
<6> only AXFR?
<6> or also IN SOA?
<5> only AXFR
<5> IN SOA on slave returns the old serial
<6> i mean the master
<6> AXFR vs SOA
<5> in master is ok
<5> SOA
<6> but AXFR not?
<6> (if that's true, it begins to make no sense)
<5> on my primary IN SOA returns the right serial... AXFR returns the old one
<6> wa..
<6> er
<6> what
<6> i mean
<6> uh...
<6> the AXFR's SOA is different from the one you directly request?
<5> i don't understood that
<6> AXFR also brings up the SOA record, that serial is different from the SOA record you request by IN SOA?
<6> let's make it different: can you pastebin:`` dig @localhost caraguanet.com.br AXFR; echo "###CUT###"; dig @localhost caraguanet.com.br IN SOA '' somewhere?
<6> (on the pri)
<5> ok
<5> http://pastebin.ca/79855
<6> wtf
<6> twkm: there?
<6> macaco_prego: it shows something i didn't believe it's possible
<5> ok... do u wanna see my zone and named.conf files?
<6> yea
<5> http://pastebin.ca/79862 -> named.conf
<5> http://pastebin.ca/79863 -> caraguanet.zone
<6> hm
<6> look at the authority section (the informational section of the IN SOA query)
<6> the authority reported is different from the SOA given
<6> oh damn
<6> that were the NS records
<6> ok
<6> can you disable recoursion for both networks?
<6> plus enable query logging (rndc querylog) and watch the log on both, AXFR and IN SOA
<5> i have no access on sec servernow... my contact on sec is disconnected now... if i make these changes just on my pri server, helps?
<6> yes. i'm only talking of the pri
<6> did you restart it?
<6> i guess you already said that, yea?
<6> btw: restart != reload. RESTART the server - kill it and start it from scratch. not that i wrongly ***umed that you already did that
<5> i restarted before.. i'll disable recursion and enable the log you said
<5> fine... i disabled recursion and stopped the server (and killed named) stareted it agian... now, AXFR shows the right serial
<5> how i enable this query log?
<5> TheBonsai: but, dig IN SOA on sec server still showing the old serial
<6> rndc querylog
<6> (rndc is the named's remote control command)
<5> TheBonsai: where it saves the log?
<6> uhm.
<6> where you configured it heh
<6> your logging rules are somewhat huge :)
<5> TheBonsai: what do you recommends?
<6> Jul 5 22:29:18 gate named[16334]: client 192.168.64.3#32957: query: www.w3.org IN A +
<6> that's a syslog line of a query log
<6> grep your lofiles for such a thing
<6> then you'll find the right one
<6> (once querylogging is enabled)
<5> right... it's on queries.log one line is enough?
<5> 05-Jul-2006 17:39:04.636 client 172.16.1.165#137: query: MTSC.*.educacao.caraguanet.com.br IN A +
<5> 05-Jul-2006 17:38:49.099 client 192.168.0.145#3010: query: download61.avast.com IN A +
<6> check the differences on the AXFR log and the IN SOA log (one sec you menationed doesn't work right, no)
<6> ?
<5> now, dig IN SOA and dig AXFR returns the same serial. BUT on secondary server it still the old one
<6> ah
<6> notify yes;
<6> in the zone config
<6> try it
<6> and watch slave's log (transfer)
<6> sorry for latency. busy in background
Return to
#dns
or
Go to some related
logs:
#perl
Xserver G5 graphic card $
symerian
#debian
#math
ping: sendmsg: operation not permited
#linux
gstreamer-plugin-ugly
#openzaurus
#debian
|
|