Re: Bind master keeps saying it is not authoritative
In article, Ben Croswell wrote: > Ensure that the allow-query clause on the master includes the slave. If the > slave can't query for the SOA on the zone it can't do an xfer. But it will be a different error than "Not authoritative". He has no "allow-query" option, so it defaults to allowing everyone to query. Which is normal for a non-hidden master. > > On Mar 2, 2017 6:34 AM, "Xavier Humbert" > wrote: > > > The whole configuration, comments removed : > > > > -- Master -- > > acl my-slaves { > > any;// DEBUG > > }; > > > > acl my-clients { > > any;// DEBUG > > }; > > > > options { > > // IP config > > listen-on port 53 {172.29.16.135; 127.0.0.1; }; > > listen-on-v6 port 53 {none; }; > > > > // Paths > > directory"/var/named"; > > dump-file "/var/named/data/cache_dump.db"; > > statistics-file "/var/named/data/named_stats.txt"; > > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > > > // Behaviour > > recursion no; > > allow-transfer{ my-slaves; }; > > }; > > > > // rndc key > > include "/etc/rndc.key"; > > > > controls { > > inet 127.0.0.1 port 953 > > allow { 127.0.0.1; } keys { "rndc-key"; }; > > }; > > > > // Logging > > // omitted > > > > zone "in.acv.orion.education.fr" { > > type master; > > file "/etc/named/internal/in.acv.orion.education.fr.db"; > > allow-transfer {my-slaves; }; > > }; > > > > -- Slave -- > > acl my-clients { > > localhost; > > any;//DEBUG > > }; > > > > options { > > // IP config > > listen-on port 53 {172.29.16.133; 127.0.0.1; }; > > listen-on-v6 port 53 {none; }; > > > > // Paths > > directory"/var/named"; > > dump-file "/var/named/data/cache_dump.db"; > > statistics-file "/var/named/data/named_stats.txt"; > > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > > > // Behaviour > > recursion no; > > allow-update{ 172.29.16.135; }; > > allow-transfer{ 172.29.16.135; }; > > > > }; > > > > // rndc key > > include "/etc/rndc.key"; > > > > // Logging > > // Omitted > > > > zone "in.acv.orion.education.gouv.fr" { > > type slave; > > file "/etc/named/in.acv.orion.education.gouv.fr.db"; > > masters {172.29.16.135; }; > > }; > > zone "." IN { > > type hint; > > file "named.ca"; > > }; > > > > include "/etc/named.rfc1912.zones"; > > include "/etc/named.root.key"; > > > > -- > > > > Really, reall basic ! > > Thanks > > > > -- > > Xavier Humbert > > CRT Supervision et Exploitation de Niveau 1 > > Rectorat de Nancy-Metz > > 03 83 86 27 39 > > > > > > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind master keeps saying it is not authoritative
Ensure that the allow-query clause on the master includes the slave. If the slave can't query for the SOA on the zone it can't do an xfer. On Mar 2, 2017 6:34 AM, "Xavier Humbert"wrote: > The whole configuration, comments removed : > > -- Master -- > acl my-slaves { > any;// DEBUG > }; > > acl my-clients { > any;// DEBUG > }; > > options { > // IP config > listen-on port 53 {172.29.16.135; 127.0.0.1; }; > listen-on-v6 port 53 {none; }; > > // Paths > directory"/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Behaviour > recursion no; > allow-transfer{ my-slaves; }; > }; > > // rndc key > include "/etc/rndc.key"; > > controls { > inet 127.0.0.1 port 953 > allow { 127.0.0.1; } keys { "rndc-key"; }; > }; > > // Logging > // omitted > > zone "in.acv.orion.education.fr" { > type master; > file "/etc/named/internal/in.acv.orion.education.fr.db"; > allow-transfer {my-slaves; }; > }; > > -- Slave -- > acl my-clients { > localhost; > any;//DEBUG > }; > > options { > // IP config > listen-on port 53 {172.29.16.133; 127.0.0.1; }; > listen-on-v6 port 53 {none; }; > > // Paths > directory"/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Behaviour > recursion no; > allow-update{ 172.29.16.135; }; > allow-transfer{ 172.29.16.135; }; > > }; > > // rndc key > include "/etc/rndc.key"; > > // Logging > // Omitted > > zone "in.acv.orion.education.gouv.fr" { > type slave; > file "/etc/named/in.acv.orion.education.gouv.fr.db"; > masters {172.29.16.135; }; > }; > zone "." IN { > type hint; > file "named.ca"; > }; > > include "/etc/named.rfc1912.zones"; > include "/etc/named.root.key"; > > -- > > Really, reall basic ! > Thanks > > -- > Xavier Humbert > CRT Supervision et Exploitation de Niveau 1 > Rectorat de Nancy-Metz > 03 83 86 27 39 > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind master keeps saying it is not authoritative
Is this the zone in question? master: zone "in.acv.orion.education.fr" { wrong on slave: zone "in.acv.orion.education.gouv.fr" { Regards, Edda Am 02.03.17 um 12:33 schrieb Xavier Humbert: The whole configuration, comments removed : -- Master -- acl my-slaves { any;// DEBUG }; acl my-clients { any;// DEBUG }; options { // IP config listen-on port 53 {172.29.16.135; 127.0.0.1; }; listen-on-v6 port 53 {none; }; // Paths directory"/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Behaviour recursion no; allow-transfer{ my-slaves; }; }; // rndc key include "/etc/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; // Logging // omitted zone "in.acv.orion.education.fr" { type master; file "/etc/named/internal/in.acv.orion.education.fr.db"; allow-transfer {my-slaves; }; }; -- Slave -- acl my-clients { localhost; any;//DEBUG }; options { // IP config listen-on port 53 {172.29.16.133; 127.0.0.1; }; listen-on-v6 port 53 {none; }; // Paths directory"/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Behaviour recursion no; allow-update{ 172.29.16.135; }; allow-transfer{ 172.29.16.135; }; }; // rndc key include "/etc/rndc.key"; // Logging // Omitted zone "in.acv.orion.education.gouv.fr" { type slave; file "/etc/named/in.acv.orion.education.gouv.fr.db"; masters {172.29.16.135; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; -- Really, reall basic ! Thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind master keeps saying it is not authoritative
The whole configuration, comments removed : -- Master -- acl my-slaves { any;// DEBUG }; acl my-clients { any;// DEBUG }; options { // IP config listen-on port 53 {172.29.16.135; 127.0.0.1; }; listen-on-v6 port 53 {none; }; // Paths directory"/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Behaviour recursion no; allow-transfer{ my-slaves; }; }; // rndc key include "/etc/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; // Logging // omitted zone "in.acv.orion.education.fr" { type master; file "/etc/named/internal/in.acv.orion.education.fr.db"; allow-transfer {my-slaves; }; }; -- Slave -- acl my-clients { localhost; any;//DEBUG }; options { // IP config listen-on port 53 {172.29.16.133; 127.0.0.1; }; listen-on-v6 port 53 {none; }; // Paths directory"/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // Behaviour recursion no; allow-update{ 172.29.16.135; }; allow-transfer{ 172.29.16.135; }; }; // rndc key include "/etc/rndc.key"; // Logging // Omitted zone "in.acv.orion.education.gouv.fr" { type slave; file "/etc/named/in.acv.orion.education.gouv.fr.db"; masters {172.29.16.135; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; -- Really, reall basic ! Thanks -- Xavier Humbert CRT Supervision et Exploitation de Niveau 1 Rectorat de Nancy-Metz 03 83 86 27 39 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind master keeps saying it is not authoritative
Xavier Humbertwrote: > > I'm really lost. I've configured dozens of DNSs with no such problems. > Did I miss something obvious ? I can't see anything obvious... Did you obfuscate the zone name so we can't see if there's a typo? Tony. -- f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode Fitzroy, Sole: South or southwest, becoming cyclonic later, 5 to 7, perhaps gale 8 later. Rough or very rough. Rain or thundery showers. Moderate or good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users