subject:"Re\: \[CentOS\] Proper configuration for DNS slaves and masters"

Re: [CentOS] Proper configuration for DNS slaves and masters

2009-11-03 Thread Les Mikesell

James B. Byrne wrote:
> I have the following layout
> 
> DNS01 - Master
> DNS02 - Remote slave
> DNS03 - Local network slave
> 
> The master is configured so:
> 
> acl HLLnetworks {
>   209.47.176/24;
>   216.185.71/24;
>   };
> 
> options {
>   allow-query {
>   any;
>   };
>   allow-recursion {
>   HLLnetworks;
>   };
>   allow-transfer {
>   HLLnetworks;
>   };
>   directory "/var/named";
>   dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
>   query-source address 216.185.71.33;
>   listen-on {
>   216.185.71.33;
>   };
>   notify yes;
> };
> 
> 
> The slaves are configured this way (appropriately modified for each
> ip address:
> 
> acl HLLnetworks {
>   209.47.176/24;
>   216.185.71/24;
>   };
> 
> options {
>   allow-query {
>   any;
>   };
>   allow-recursion {
>   HLLnetworks;
>   };
>   allow-transfer {
>   HLLnetworks;
>   };
>   directory "/var/named";
>   dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
>   notify no;  // this is a slave server
>   query-source address 209.47.176.33;
>   listen-on {
>   127.0.0.1;
>   };
>   listen-on {
>   209.47.176.33;
>   };
>   forwarders {
>   216.185.71.33;
>   };
> };
> 
> Now, what I am seeing on one of the slaves when I change a zone in
> the master and reload is this:
> 
> Nov  3 12:47:49 inet06 named[9597]: received notify for zone
> 'byrnejb.ca'
> 
> but on the other I see this:
> 
> Nov  3 12:47:50 inet04 named[18368]: client 216.185.71.27#33829:
> received notify for zone 'byrnejb.ca'
> Nov  3 12:47:50 inet04 named[18368]: zone byrnejb.ca/IN: refused
> notify from non-master: 216.185.71.27#33829
> 
> The master configuration for byrnejb.ca is
> 
> zone "byrnejb.ca" {
>   type master;
>   file "/var/named/masters/byrnejb.ca.hosts";
>   };
> 
> On inet06 the slave zone configuration is:
> 
> zone "byrnejb.ca" {
>   type slave;
>   masters {
>   216.185.71.33;
>   };
>   file "/var/named/slaves/byrnejb.ca.hosts";
>   };
> 
> and on inet04 it is:
> 
> zone "byrnejb.ca" {
>   type slave;
>   masters {
>   216.185.71.33;
>   };
>   file "/var/named/slaves/byrnejb.ca.hosts";
>   };
> 
> Which is, as far as I can see, identical.
> 
> In any case, the real problem is that neither slave actually
> transfers the updated zone file and I cannot figure out why not.  I
> have verified that the master zone file serial number is greater
> than that of the slave zones.
> 
> So, I have two questions:
> 
> 1. Why is the source address 216.185.71.27 when the bind named
> listens on 216.185.71.33 and answers queries from the same address.
> Admittedly, 216.185.71.33 is a virtual ip hosted on 216.185.71.27
> but  we have been doing this for over a decade now and I have never
> seen this behaviour before.
> 
> 2. Why are the notifies ignored?  Again, we have had this set up for
> over a decade and none of these problems until now, and the only
> thing that has happened on the dns side of things recently were the
> CentOS updates last week.
> 
> I am not a DNS specialist, I set this up several years ago and I am
> perplexed as to why it is now giving me these difficulties.  Any
> help would be gratefully appreciated.

If you want the master to use a certain one of several possible source 
addresses for notify operations you should probably set 'notify-source'.

-- 
   Les Mikesell
lesmikes...@gmail.com





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Proper configuration for DNS slaves and masters

2009-11-03 Thread Craig White

On Tue, 2009-11-03 at 13:34 -0500, James B. Byrne wrote:

> 
> zone "byrnejb.ca" {
>   type slave;
>   masters {
>   216.185.71.33;
>   };
>   file "/var/named/slaves/byrnejb.ca.hosts";
>   };
> 
> Which is, as far as I can see, identical.
> 
> In any case, the real problem is that neither slave actually
> transfers the updated zone file and I cannot figure out why not.  I
> have verified that the master zone file serial number is greater
> than that of the slave zones.
> 
> So, I have two questions:
> 
> 1. Why is the source address 216.185.71.27 when the bind named
> listens on 216.185.71.33 and answers queries from the same address.
> Admittedly, 216.185.71.33 is a virtual ip hosted on 216.185.71.27
> but  we have been doing this for over a decade now and I have never
> seen this behaviour before.
> 
> 2. Why are the notifies ignored?  Again, we have had this set up for
> over a decade and none of these problems until now, and the only
> thing that has happened on the dns side of things recently were the
> CentOS updates last week.
> 
> I am not a DNS specialist, I set this up several years ago and I am
> perplexed as to why it is now giving me these difficulties.  Any
> help would be gratefully appreciated.

why not add the other ip address just in case on the slaves...

masters {
216.185.71.33;
216.185.71.27;
};

you might also want to specifically add them to allow update...

acl HLLmasters {
216.185.71.33;
216.185.71.27;
};

allow-update {
   HLLmasters;
   };

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Proper configuration for DNS slaves and masters

Re: [CentOS] Proper configuration for DNS slaves and masters

2 matches

Site Navigation

Mail list logo

Footer information