In article <mailman.254.1455908502.73610.bind-us...@lists.isc.org>, David Li <dlipub...@gmail.com> wrote:
> Hi John, > > Here are the files. They are all internal zones without any references > to external name servers. The zones should have NS records that list the slave servers, or you should have an "also-notify" statement in the master's named.conf. Although with 1-minute refresh times, DNS Notify is hardly necessary. A more normal configuration is for Refresh to be something like an hour, and use Notify to expedite zone transfers after a change. > > VM1: > ==== > > named.conf: > ------------- > > # > # master (on VM1) > # > zone "rack1.com" { > type master; > file "/var/named/db.rack1.com"; > allow-update { key rndc-key-rack1; }; # For DHCP dynamic update > }; > > # > # slave (on VM2) > # > zone "rack3.com" { > type slave; > file "/var/named/bak.rack3.com"; > masters { 10.4.3.101; }; #VM3 named IP > }; > > > zone file: > /var/named/db.rack1.com > ------------------------- > > $ORIGIN . > $TTL 907200 ; 1 week 3 days 12 hours > rack1.com IN SOA dnsserver1.rack1.com. admin.rack1.com. ( > 8 ; serial > 60 ; refresh (1 minute) > 60 ; retry (1 minute) > 604800 ; expire (1 week) > 3600 ; minimum (1 hour) > ) > NS dnsserver1.rack1.com. > $ORIGIN rack1.com. > dnsserver1 A 10.4.1.101 > > $TTL 3600 ; 1 hour > node1 A 10.4.1.11 > TXT "007ddd47ea6ddcd890312de89e37bde496" > node2 A 10.4.1.12 > TXT "316a8d5e65fbd9f853df6d90ad1f24ecac" > node3 A 10.4.1.13 > TXT "009da8179478f9169cb47965e53d19f134" > > On VM2 > ======= > > > > named.conf file > --------------- > > > > > # > # Master > # > zone "rack3.com" { > type master; > file "/var/named/db.rack3.com"; > allow-update { key rndc-key-rack3; }; # For DHCP update > }; > > > # > # Slave > # > zone "rack1.com" { > type slave; > file "/var/named/bak.rack1.com"; > masters { 10.4.1.101; }; # VM1 named IP address > }; > > > > > zone file: > ---------- > > $ORIGIN . > $TTL 907200 ; 1 week 3 days 12 hours > rack3.com IN SOA dnsserver3.rack3.com. admin.rack3.com. ( > 2 ; serial > 60 ; refresh () > 60 ; retry () > 604800 ; expire (1 week) > 3600 ; minimum (1 hour) > ) > NS dnsserver3.rack3.com. > $ORIGIN rack3.com. > dnsserver3 A 10.4.3.101 > $TTL 3600 ; 1 hour > node1 A 10.4.3.11 > TXT "001395d7d2a164c7efde811584bbc470b9" > > > On Fri, Feb 19, 2016 at 8:59 AM, John Miller <johnm...@brandeis.edu> wrote: > > On Fri, Feb 19, 2016 at 11:45 AM, David Li <dlipub...@gmail.com> wrote: > >> This is my first time to try master slave configuration. Here is a > >> brief description: > >> > >> I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the > >> master for zone1 and slave for zone2. VM2 is master for zone2 and > >> slave for zone1. Both zones uses DNS Dynamic Update from DHCP > >> servers on the same VM > >> to update the A records in their zone files. No DNSSEC configured. > >> > >> > >> To start, everything seems to be working fine. I have one host in each > >> zone and they can resolve each other fine. > >> > >> Now I add a new host to zone1 and its sequence number has been bumped > >> up. I read that when the zone1 file changes, it will automatically > >> notify its slave zone (ie. zone2) to start a zone transfer after 15 > >> min. This never happened. Then I restarted named on VM2 and hoped it > >> would pull the new zone1 file. This didn't happened either. > >> Eventually I have to either restart the VM2 or use dig to start the > >> zone transfer. > >> > >> Can anyone spot anything obviously wrong here? Do I need to post my > >> zone file and named.conf? > >> > > > > Hi David - > > > > Yes, it'd certainly help if you posted your named.conf. I don't know > > that we need the whole zone file: the SOA and NS records would > > probably suffice in this case, especially if the zone has tons of > > records. > > > > I'll say: it sounds a little odd that you'd expect zone2 to be updated > > when zone1 changes. The master NS for zone1 will send out NOTIFY > > messages to the servers listed in the NS records for zone1; it'll also > > send NOTIFYs to anything you've put in an also-notify block. > > > > The 15-minute wait also sounds strange: NOTIFY happens as soon as the > > serial number of the master zone is incremented and the zone is > > reloaded. Also, a slave NS will automatically check its master for > > updates after the refresh interval (1st number after the serial) > > specified in the SOA record. If you have that set to 15 minutes (900 > > seconds), then yes--the slave would check its master for updates, but > > it's the _slave_ reaching out to the _master_ in that case. Likewise, > > slaves will reach out to their master NS when their zones are > > reloaded. > > > > I'm not going to worry about the DHCP dynamic updates piece yet - make > > sure your master and slave are set up properly before introducing > > dynamic updates to the mix. > > > > John -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users