Re: trouble with a pair of bind9 servers

2006-09-08 Thread David Robillard 

the trouble im having is, that my slave (5.5-p3) will not transfer the zone
from the master (6.1-p4).  my /var/log/messages is filled with these:

Sep  7 21:50:24 fbsd55-2 named[1847]: exiting
Sep  7 21:50:26 fbsd55-2 named[1924]: starting BIND 9.3.2 -t /var/named -u bind
Sep  7 21:50:26 fbsd55-2 named[1924]: /etc/namedb/named.conf:40: option 
'allow-update' is not allowed in 'slave' zone 'dlptest.com'


Hi Jonathan,

First, I would recommend you to send this question to the BIND mailing
list at [EMAIL PROTECTED]. See ISC's website for more subscribing
at http://www.isc.org/index.pl?/sw/bind/bind-lists.php and the
archives at http://marc.theaimsgroup.com/?l=bind-users

Now, this first error is self explanatory: you can't use
'allow-update' in a slave zone, only in the master. It makes sense,
because if the slave had updates, then it would not be able to tell
the master about those updates and the zones would become inconsistent
between your machines (resulting in quite a mess). The other way
around is better: update the master which will then send notifiiy
messages to your slave who in turn will download the updates.

So just remove 'allow-update' in the slave's named.conf(5).



Sep  7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has 0 SOA 
records
Sep  7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has no NS 
records


These point to a bad zone file. You should double check your
/etc/namedb/dlptest.com.i.hosts file. Make sure you have both SOA and
NS records in them. Consider using the named-checkzone(8) command to
check your zone files. See the man page for named-checkzone(8) for
more info.

Hummm, I know it's not my business, but may I suggest you another name
for your zone files? I personally use db.dlptest.com.internal and
db.dlptest.com.external for the master files. For the slave, I use
bak.dlptest.com.internal and bak.dlptest.com.external. IMHO it's a
little more clear whether you're working on a internal slave file or
an external master file :)



Sep  7 21:50:26 fbsd55-2 named[1924]: running
Sep  7 21:50:27 fbsd55-2 named[1924]: dumping master
file: /etc/namedb/tmp-UZF5mCCxZP: open: permission denied
Sep  7 21:50:27 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from
192.168.125.91#53: failed while receiving responses: permission denied
Sep  7 21:51:20 fbsd55-2 named[1924]: dumping master
file: /etc/namedb/tmp-SaWWYxV06u: open: permission denied
Sep  7 21:51:20 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from
192.168.125.91#53: failed while receiving responses: permission denied

this was giving me the impression that the bind user was not able to write
to /var/named/etc/namedb, but every time i make a chmod or chown adjustment,
it just gets changed back:

fbsd55-2# /etc/rc.d/named restart
Stopping named.
etc/namedb changed
user expected 0 found 53 modified
Starting named.
fbsd55-2#


I'm afraid I'm not quite sure this problem is? Maybe check your
fstab(5) for special options such as noexec or nosuid and friends.
Check the mount(8) man page if you find anything. Also have you played
with chflags(1) ?  Finally, I would check the ISC's BIND mailing list
archives to see if you can come up with something.

Good luck,

David


ive been dinking around with this for a few hours now, and im about to pull
what little hair i have left out.  can someone shed light on this for me
please?  any help at all would be much appreciated!

cheers,
jonathan


--
David Robillard
UNIX systems administrator  Oracle DBA
CISSP, RHCE  Sun Certified Security Administrator
Montreal: +1 514 966 0122
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

trouble with a pair of bind9 servers

2006-09-07 Thread Jonathan Horne 
i have 2 servers im working with for a test im doing with bind9.  a 6.1-p4, 
and a 5.5-p3.  both have bind9-9.3.2.1 from ports, without replace base 
version checked.  both are responding correctly for general lookups of hosts 
out on the internet, even based on the querying clients ip vs the acl on the 
zones.

the trouble im having is, that my slave (5.5-p3) will not transfer the zone 
from the master (6.1-p4).  my /var/log/messages is filled with these:

Sep  7 21:50:24 fbsd55-2 named[1847]: exiting
Sep  7 21:50:26 fbsd55-2 named[1924]: starting BIND 9.3.2 -t /var/named -u 
bind
Sep  7 21:50:26 fbsd55-2 named[1924]: /etc/namedb/named.conf:40: 
option 'allow-update' is not allowed in 'slave' zone 'dlptest.com'
Sep  7 21:50:26 fbsd55-2 named[1924]: command channel listening on 
127.0.0.1#953
Sep  7 21:50:26 fbsd55-2 named[1924]: command channel listening on ::1#953
Sep  7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has 0 SOA 
records
Sep  7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has no NS 
records
Sep  7 21:50:26 fbsd55-2 named[1924]: running
Sep  7 21:50:27 fbsd55-2 named[1924]: dumping master 
file: /etc/namedb/tmp-UZF5mCCxZP: open: permission denied
Sep  7 21:50:27 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from 
192.168.125.91#53: failed while receiving responses: permission denied
Sep  7 21:51:20 fbsd55-2 named[1924]: dumping master 
file: /etc/namedb/tmp-SaWWYxV06u: open: permission denied
Sep  7 21:51:20 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from 
192.168.125.91#53: failed while receiving responses: permission denied

this was giving me the impression that the bind user was not able to write 
to /var/named/etc/namedb, but every time i make a chmod or chown adjustment, 
it just gets changed back:

fbsd55-2# /etc/rc.d/named restart
Stopping named.
etc/namedb changed
user expected 0 found 53 modified
Starting named.
fbsd55-2#

here are my 2 config files (first the master, then the slave)

acl dlpnets {
192.168.125.64/26;
127.0.0.1;
};
options {
directory   /etc/namedb;
pid-file/var/run/named/pid;
dump-file   /var/dump/named_dump.db;
statistics-file /var/stats/named.stats;
listen-on   { 192.168.125.91; 127.0.0.1; };
};
view internal {
match-clients { dlpnets; };
recursion yes;
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file master/localhost.rev;
};
zone dlptest.com {
type master;
file /etc/namedb/dlptest.com.i.hosts;
allow-transfer { any; };
also-notify { 192.168.125.91; };
notify yes;
};
};
view external {
match-clients { any; };
recursion no;
zone dlptest.com {
type master;
file /etc/namedb/dlptest.com.e.hosts;
};
};



(begin the slave named.conf)
acl dlpnets {
192.168.125.0/26;
192.168.125.91;
127.0.0.1;
};

options {
directory   /etc/namedb;
pid-file/var/run/named/pid;
dump-file   /var/dump/named_dump.db;
statistics-file /var/stats/named.stats;
listen-on   { 127.0.0.1; 192.168.125.93; };
};
view internal {
match-clients { dlpnets; };
recursion yes;
zone . {
type hint;
file named.root;
};
zone 0.0.127.IN-ADDR.ARPA {
type master;
file master/localhost.rev;
};
zone dlptest.com {
type slave;
masters { 192.168.125.91; };
file /etc/namedb/dlptest.com.i-slave.hosts;
transfer-source 192.168.125.93;
allow-transfer { any; };
allow-update { 192.168.125.91; };
};
};

ive been dinking around with this for a few hours now, and im about to pull 
what little hair i have left out.  can someone shed light on this for me 
please?  any help at all would be much appreciated!

cheers,
jonathan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]