refuse in notify slave
I have multiple ip address on my primary ns server. (eth0 , eth0:1 , eth0:2). Let's say eth0 is 1.2.3.4, eth0:1 is 2.3.4.5 and th0:2 is 3.4.5.6. I have a slave ns server but everytime I do rndc reload and check secondary ns on syslog, I see refused notify from non-master: 1.2.3.4#48499 where 1.2.3.4 is the ip of eth0. Is it possible the ip address that will send to slave will be 4.5.6.7 (eth0:2) and not 1.2.3.4 (eth0)? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: refuse in notify slave
Thanks! It solved by notify-source 4.5.6.7 on named.conf Mark Andrews wrote: In message 4adfe607.4050...@gmail.com, Nelson Serafica writes: I have multiple ip address on my primary ns server. (eth0 , eth0:1 , eth0:2). Let's say eth0 is 1.2.3.4, eth0:1 is 2.3.4.5 and th0:2 is 3.4.5.6. I have a slave ns server but everytime I do rnd c reload and check secondary ns on syslog, I see refused notify from non-master: 1.2.3.4#48499 where 1.2.3.4 is the ip of eth0. Is it possible the ip address that will send to slave will be 4.5.6.7 (eth0:2) and not 1.2.3.4 (eth0)? notify-source ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does allow-transfer have cache
It works! Thanks for the advise. Your named is clearly not transferring to 1.2.3.4, but you apparently did not move the ns2 to new IP so it still tries to fetch zone(s) from old IP. Move ns2 to 5.6.7.8 and it will ask fot transfers from that IP. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
query-source to all
Is it possible to set query-source to all? I'm using AMAZON EC2 and I want to setup a DNS Server. I just notice it was bind to private ip address. Since the public ip address was not on the OS ( probably a NAT define by AMAZON), I cannot connect to it even just a telnet. When I do netstat: tcp0 0 10.252.178.180:53 0.0.0.0:* LISTEN 28428/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 28428/named tcp0 0 127.0.0.1:953 0.0.0.0:* LISTEN 28428/named udp0 0 10.252.178.180:53 0.0.0.0:* 28428/named udp0 0 127.0.0.1:530.0.0.0:* 28428/named However, when I do nmap to the public ip, port 53 was not open. I already open port 53 TCP and UDP but still to no avail. I did query-source all port *; on named.conf but still keep on listening to 10.252.178.180. My suspect is it keeps on listening to 10.252.178.180 that's why I cannot connect to it. I'm using bind-9.5.0-P2. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: query-source to all
Problem solved. It was misconfigured on the AMAZON EC2. I have no access to it so I have to wait for the manager. Nelson Cathy Almond wrote: Nelson Serafica wrote: Is it possible to set query-source to all? I'm using AMAZON EC2 and I want to setup a DNS Server. I just notice it was bind to private ip address. Since the public ip address was not on the OS ( probably a NAT define by AMAZON), I cannot connect to it even just a telnet. When I do ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
does allow-transfer have cache
Currently I have primary (ns1) and secondary (ns2) dns on the same network. I'm now doing redundancy and planning to put secondary to another isp. I have now setup the new secondary dns on the another network. I change the allow-transfer { 1.2.3.4; localhost; }; to allow-transfer { 5.6.7.8; localhost; }; on the named.conf of the ns1 assuming 1.2.3.4 is ns2 old ip and 5.6.7.8 is ns2 new ip on the another network. However, ns1 still keeps on transferring to 1.2.3.4 but I can see it was denied since I have already change it to 5.6.7.8. I do rndc reload and /etc/init.d/named restart. My question is does allow-transfer has a cache that's why named keeps on transferring the request to 1.2.3.4 and not on 5.6.7.8 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
cache poisoning
Last year, there was a global threat about cache poisoning so I updated immediately my bind. I update it to BIND 9.5.0-P1 and did nothing to its named.conf Now, I'm setting up a secondary dns (in my previous emails) and I used BIND 9.6.1-P1. But when I do dig +short @NS2 IP porttest.dns-oarc.net txt, it is poor but when I do it on my ns1, it is great. ns2 is running the latest bind. I believe the fix for this is just update named to its new version. How come I'm still having poor when I'm running the new version of bind. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cache poisoning
Thanks Mark! it works. I change my query source to one of the entry below and it works. Mark Andrews wrote: query-source * port 53; // bad query-source 10.53.0.1; // ok query-source *; // ok (default) query-source-v6 * port 53; // bad query-source-v6 10.53.0.1; // ok query-source-v6 *; // ok (default) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cache poisoning
I need to set bind to listen to all address. I'm using AMAZON EC2 Maybe a strange question. Why did you have a query source statement in your configuration in the first place? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users