Re: reverse zone file in external view not transferring to slaveserver??
Thanks guys, sorry needed some down time to recharge my batteries - am
gona combine all answers into one lump mail :-)
Frank Pikelner wrote:
Do your bind logs give any clues as to what is going on? On the master
make sure you have read permission and the file is being loaded. On
the slave it should be attempting a transfer.
Frank Pikelner
On 2009-12-01, at 6:21 PM, Kaya Saman samank...@netscape.net wrote:
Unfortunately the only place I can find anything to do with Bind
log-wise is in /var/adm/messages there is no specific /var/log/bind
or named log like in Linux with my system or it is in such a weird place
I haven't found it yet! I've also tried looking for it several times but
never managed to find it.
What do you mean the Blastwave version?
I've got BIND 9.6.0-P1 running on Solaris 9 with patches that are
current as of Sept 2008... My version was, however, compiled on the
machine it is running on though. See domain hicks-net.net or
hicks-net.org... Two of my nameservers are external. I believe that
the 'external' view transfers...
Gregory,
http://www.blastwave.org/
pkg repo for Solaris/OpenSolaris, kind of similar to yum or apt-get for
Linux.
external views transfer but just not the reverse? But then since my
network only has 1 single WAN IP I am trying to transfer everything
internally through the intranet using local IP's and wondering if some
issues could be there?
type master;
allow-transfer { other.servers.ip.addresses; };
perhaps?
I tend to do
options {
...
allow-transfer {none;};
...
};
But this wouldn't explain why all the rest can transfer and the one zone
can't.
Have you made sure that the slaved copies for the internal view and the
external view go to DIFFERENT files? Otherwise they overwrite each
other and strange timing effects occur.
Just thoughts.
Joseph, yes definitely they are going to different files as I have 14
different zone files 7 in each 'view' - with 13 files getting
transferred..
I don't know if there's any way to start Bind verbosely or alternatively
a command that will check the zone transfers?
I only have these available to me:
bash-2.05# ls /opt/csw/sbin
dnssec-dsfromkey dnssec-signzone named
named-compilezonesasldblistusers2 wget.static
dnssec-keyfromlabel logwatch named-checkconf
rndc saslpasswd2
dnssec-keygenlwresd named-checkzone
rndc-confgen squid
Is one of these capable?
--Kaya
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slaveserver??
On Wed, Dec 02, 2009 at 10:02:45AM +0200, Kaya Saman wrote:
...
Joseph, yes definitely they are going to different files as I have 14
different zone files 7 in each 'view' - with 13 files getting
transferred..
...
This is good. But bad, in that would have been an easy solution.
This whole problem sounds vaguely familiar, but I just can't catch the
pointer to the memory and the solution ... just out of reach ...
...
I don't know if there's any way to start Bind verbosely or alternatively
a command that will check the zone transfers?
...
Look up the logging clause in named.conf. There's a lot, and I don't
remember anywhere near all of it, so referring you to the documentation
is best, but ask if you need help. E.g.:
// logging clause - who, what, where, why, when, how, how long?
logging {
channel querylog {
file /var/log/named/query.log versions 15 size 25m;
// severity debug;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel securlog {
file /var/log/named/security.log versions 15 size 25m;
// severity debug 9;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel all {
file /var/log/named/named.log versions 15 size 25m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries { querylog; };
category security { securlog; };
category lame-servers { null; };// ignore
category default { all; };
};
--
/*\
**
** Joe Yao j...@tux.org - Joseph S. D. Yao
**
\*/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slaveserver??
On Thu, Dec 03, 2009 at 12:59:51AM +0200, Kaya Saman wrote: ... I just hope this doesn't take up many CPU cycles and memory as the debug commands do in Cisco devices rendering them almost unusable in a fully setup network environment. ... I'm glad the logging helped! Query logging can take a lot of space - look up whether the default is for the server to not log queries, and how and why it switches over. I remember it can be done manually, but ISTM there are other reasons it switches. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slaveserver??
Joseph S D Yao wrote: On Thu, Dec 03, 2009 at 12:59:51AM +0200, Kaya Saman wrote: ... I just hope this doesn't take up many CPU cycles and memory as the debug commands do in Cisco devices rendering them almost unusable in a fully setup network environment. ... I'm glad the logging helped! Query logging can take a lot of space - look up whether the default is for the server to not log queries, and how and why it switches over. I remember it can be done manually, but ISTM there are other reasons it switches. Thank you so much for all the help!! I think however I should turn this off as I only have a 4.3GB HD in the machine.. The reality of the situation is that I need another WAN IP address. Without it I can't really do much as having a secondary DNS server is impossible. Am just holding off for now as I soon depending on how things go for myself I may move the whole network infrastructure to the country I am in no being Turkey, rather then keeping things going in UK. Few that's sorted and understood :-) Best Regards, Kaya ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse zone file in external view not transferring to slaveserver??
Major thanks Joseph
Added below:
// logging clause - who, what, where, why, when, how, how long?
logging {
channel querylog {
file /var/log/named/query.log versions 15 size 25m;
// severity debug;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel securlog {
file /var/log/named/security.log versions 15 size 25m;
// severity debug 9;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel all {
file /var/log/named/named.log versions 15 size 25m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category queries { querylog; };
category security { securlog; };
category lame-servers { null; };// ignore
category default { all; };
};
with addition of this:
category xfer-out {
default_syslog;
default_debug;
};
Inside the logging statement! The response I got below:
03-Dec-2009 00:52:20.105 general: info: zone
2.178.81.in-addr.arpa/IN/external: refresh: non-authoritative answer
from master 192.168.1.100#53 (source 0.0.0.0#0)
This is for my slave server! I think it's because the authoritative
answer is coming off my ISP, however though if the zone file is valid is
should be authoritative and irrelevant whoever else has the zone to my
understanding anyway. - oh hang on, on second thought of course it's
not authoritative due to the IP address that's sending the information!
I believe that's been my issue all along.
Now however I really do like the log output as I can actually see what's
going on :-)
I just hope this doesn't take up many CPU cycles and memory as the debug
commands do in Cisco devices rendering them almost unusable in a fully
setup network environment.
--Kaya
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
