ISPConfig3 MyDNS-ng master axfr zone transfer to bind9 slave

Discussion in 'Installation/Configuration' started by lucani, Dec 2, 2009.

  1. lucani

    lucani Member HowtoForge Supporter

    Hello!

    It's 3rd day when I'm fighting with zone transfers from MyDNS to bind server. I read hundreds of pages from this forum and from google but it still doesn't work.

    Firstly, I set IPs in "allow zone transfers" in DNS tab in ISPConfig,
    secondly, I recompile fixed mydns-ng (http://www.howtoforge.com/forums/showthread.php?t=32145&page=2),
    next I edit config MyDNS config file (mydns.conf):

    Code:
    log = LOG_DAEMON        # Facility to use for program output (LOG_*/stdout/stder
    pidfile = /var/run/mydns.pid    # Path to PID file
    timeout = 120   # Number of seconds after which queries time out
    multicpu = 1    # Number of CPUs installed on your system
    recursive =                      # Location of recursive resolver
    allow-axfr = yes # Should AXFR be enabled?
    allow-tcp = no  # Should TCP be enabled? [COLOR="Red"]I'm not sure[/COLOR]
    allow-update = yes       # Should DNS UPDATE be enabled?
    ignore-minimum = no     # Ignore minimum TTL for zone?
    soa-table = dns_soa     # Name of table containing SOA records
    rr-table = dns_rr       # Name of table containing RR data
    soa-where = server_id = 1               # Extra WHERE clause for SOA queries
    rr-where =  server_id = 1               # Extra WHERE clause for RR queries
    use-soa-active = yes # To fix bug 295 where active or inactive status is ignored
    use-rr-active = yes# To fix bug 295 where active or inactive status is ignored.
    notify-enabled = yes
    notify-source xxx.xxx.xxx.xxx
    
    and also bind config :
    (named.conf.options):
    Code:
    options {
            directory "/var/cache/bind";
    
            allow-transfer {xxx.xxx.xxx.xxx;};
            dnssec-enable yes; // [COLOR="Red"]I'm not sure[/COLOR]
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
            request-ixfr no;
    };
    
    (named.conf):
    Code:
    zone "zone1.com" IN {
    type slave;
    file "/var/cache/bind/zone1.com.conf";
    masters { xxx.xxx.xxx.xxx; };
    allow-notify { xxx.xxx.xxx.xxx; };
    };
    With this config it's trying to work, but not at all:

    When zone file in /var/cache/bind is deleted, I restart bind and full zone is transfered by axfr to slave server. But then it's freezing. When I change anything on primary server (=generate new serial in SOA) nothing happens. Slave should be notified, but it doesn't. I want also say that in nslookup and dig @xxx.xxx.xxx.xxx axfr zone1.com everything is all right.

    Could You help me with this problem?
     
    Last edited: Dec 2, 2009
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Does zone transfers initiated with the dig command work? Do you use the latest mydns-ng version?
     
  3. lucani

    lucani Member HowtoForge Supporter

    Yes, I use MyDNS-NG (mydns-1.2.8.27) downloaded from sourceforge, how can I init zone transfer using dig?
     
    Last edited: Dec 4, 2009
  4. lucani

    lucani Member HowtoForge Supporter

    refresh ... it still doesnt work : /
     
  5. falko

    falko Super Moderator Howtoforge Staff

    Are there any BIND errors in the logs on the slave?
     
  6. kurv

    kurv New Member

    have problem too
    make sex 4 day with google,mydns and bind
    it's not worked because mydns don't send amxr information (IMHO)
    then install mydns-1.2.8.27, and when add new Zone in ISPconfig in to the bottom write IP for my slave dns-server
    restart mydns and bind - bingo! all transfering without trubles
    PS sorry my bad english (=
     
  7. lucani

    lucani Member HowtoForge Supporter

    Yes, slave logs are empty, it didnt received any informations about changes in master!

    Sorry, but I didn't understand. What did you do, that it started working?
     
  8. kurv

    kurv New Member

  9. lucani

    lucani Member HowtoForge Supporter

    Ok, but I have already done it. It was first thing which I did.
     
  10. kurv

    kurv New Member

    my config-files
    maybe it help

    named.conf
    Code:
    include "/etc/bind/named.conf.options";
    
    zone "." {
            type hint;
            file "/etc/bind/db.root";
    };
    
    //zone "localhost" {
    //      type master;
    //      file "/etc/bind/db.local";
    //};
    
    zone "127.in-addr.arpa" {
            type master;
            file "/etc/bind/db.127";
            allow-update { none; };
    };
    
    //zone "0.in-addr.arpa" {
    //      type master;
    //      file "/etc/bind/db.0";
    //};
    
    //zone "255.in-addr.arpa" {
    //      type master;
    //      file "/etc/bind/db.255";
    //};
    
    include "/etc/bind/named.conf.local";
    
    zone "my.domain" {
            type slave;
            file "/etc/bind/zones/db.my.domain";
            masters {IP master server;};
    };
    
    named.conf.options
    Code:
    options {
            directory "/var/cache/bind";
    
            allow-transfer {77.88.207.78;};
            dnssec-enable yes; // I'm not sure
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
    };
    
    mydns.conf
    Code:
    db-host = localhost
    db-user = ispconfig
    db-password = my pass heare
    database = dbispconfig
    user = nobody
    group = nogroup
    listen = *         
    no-listen =   
    zone-cache-size = 2048
    zone-cache-expire = 60 
    reply-cache-size = 2048 
    reply-cache-expire = 30
    log = LOG_DAEMON 
    pidfile = /var/run/mydns.pid 
    timeout = 120 
    multicpu = 1   
    recursive =   
    allow-axfr = yes 
    allow-tcp = yes  
    allow-update = yes 
    ignore-minimum = no 
    soa-table = dns_soa 
    rr-table = dns_rr      
    soa-where = server_id = 1 
    rr-where =  server_id = 1   
    use-soa-active = yes 
    use-rr-active = yes
    notify-enabled = yes
    notify-source = IP slave server
    
     
  11. JerryJones

    JerryJones New Member

    ispconfig3/mydns as slave - ispconfig2/bind master

    Hi,
    sorry that i'm starting here with my question, but everybody talks only about transfers for bind as slave and mydns as master.

    herre my situation:
    both configs based on Centos 5.2,5.3 32bit
    as in the title my configs was
    1th dns master ispconfig2/bind
    2th dns slave ispconfig2/bind
    and now the last one:
    config based on Centos 5.4 64bit
    1th dns master ispconfig3/mydns

    i cannot find any manual how its discribed how i can setup a secondary zone on the mydns via the gui. sorry with ispconfig 2 it was allready simple.

    pleasy give me help, i think iths the soft way to make a slow migration to a modern tool like ispconfig 3

    kindest regards Jerry
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    MyDNS does not support to be the slave for a bind master, thats why there is no such function in the ispconfig interface.
     
  13. xxfog

    xxfog Member HowtoForge Supporter

    Hi folks,

    what do i have to enter in the notify-source field ?

    My Domain-Provider uses 3 SLAVE-DNS-Servers with powerdns running on.
    But I don`t get them running as slave like I need it.
    I always get messages like "Zonetranfer unsuccessfull"

    The Provider just tried to start AXFR manually and got this message:

    How do I have to put more than just 1 secondary DNS-server in the XFER Field of ISPConfig>Zones?
    Do they have to be sperated with "," or with ";" or what sign do I have to use for seperation? The german language file says "-" as seperator and the english one says ",".

    I found out that the notify section is missing in my conf-file, do I have to add it too?
    If yes, can I transfer the IP-Adresses I entered in ISPConfig in XFER-Field to use them as notify-IP somehow too?

    Sorry for my bad english.

    What I really don`t understand: if I use another (older) SLAVE Server (I guess with bind running on) than it seems to work :-(
    So I thought, that the error has to be on the 3 new Nameservers of my Provider. But these new servers are there main servers and if it would be like I mentioned than 1000nds of users would be very angry. So I guess what they say is right and the error seems to be on my server / configuration :-/

    My configuration file says:
    .
    .
    allow-axfr = yes
    allow-tcp = yes
    allow-update = no
    ignore-minimum = no
    .
    .
    but notify-enabled = yes and notify-source are missing

    So please tell me, how can I add all XFER IPs there out of the database?

    thanks and best greetings
     
  14. lucani

    lucani Member HowtoForge Supporter

  15. till

    till Super Moderator Staff Member ISPConfig Developer

    No, dont apply this. This fix is for a outdated version of mydns. Instead install the latest mydns-ng that includes the fix already! If you apply this on a recent version of ispconfig and mydns, zone transfers will stop.
     
  16. lucani

    lucani Member HowtoForge Supporter

    Yeah... ; / But tell me what does it mean "recent", in sourceforge I see this

    If its corrected version it means that ixfr works ? What about axfr ? I saw code and it seems that it still doesnt edited because I done it manually.

    Anyway, what should I do now ? Do I have to reinstall all ? ; /
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    Nobody said that you should reinstall anything ;)

    I'am pretty sure that there was a mydns-1.2.8.28 available which fixed this issue, seems as if it had been removed.

    In this case you are right that the mydns sources would have to be patched or you change the ispconfig sources. But as its a mydns bug (I explained thst in detail in the thread), it might be better to change the mydns sources.
     
  18. lucani

    lucani Member HowtoForge Supporter

    Yes, I heard about release in last July (?). Someone saids that zonetransfers works good, have you got copy in local disks or maybe links to mirrors ?
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    I've searched the net and checked my vm images that I use for testing but I was not able to find it. Lets hope that the mydns project releases a fixed version soon. With the upcoming ISPConfig 3.0.2, there will also be BIND and powerdns available as alternatives.
     
  20. manarak

    manarak Member

    that's good news, because I too was unable to find a newer version of mydns, and was unable to get the zone transfers to work.
     

Share This Page