Ok I have been running myDNS for a couple of months now with no problems. However yesterday we had a server crash that was running MyDNS. It was not MyDNS fault a NIC went bad. That stopped DNS though since we have a slave DNS server running BIND I thought all was well. I had entered in Zone Transfers the approiate IP and since things were working great before switching to MyDNS I just assumed things were working. They were not. Here are some of the error messages I am getting in the logs of the slave box. Code: transfer of 'example1.com/IN' from 192.168.1.122#53: failed while receiving responses: bad zone transfer of 'example1.com/IN' from 192.168.1.122#53: end of transfer zone example2.net/IN: refresh: unexpected rcode (REFUSED) from master 192.168.1.122#53 zone example3.com/IN: has no NS records transfer of 'example3.com/IN' from 192.168.1.122#53: failed while receiving responses: bad zone dumping master file: tmp-XXXXC4edYW: open: permission denied transfer of 'example4.net/IN' from 192.168.1.122#53: failed while receiving responses: permission denied transfer of 'example4.net/IN' from 192.168.1.122#53: end of transfer Any ideas on how to fix this or what the heck is going on?
The secondary DNS is trying to get the zones from the primary, but this doesn't work because it's down. Repair your primary DNS server and boot it, and these errors should go away. For now, you can ignore them.
The server is fixed and it is running DNS. The secondary server was never getting transfers. Do the transfers go over another port other than 53 with MyDNS? This is a weird one to me.
You must open port 53 TCP and UDP on your primary DNS. In /etc/mydns.conf, you must have Code: allow-axfr = yes
Went back and double checked those things and everything looks great. Any other things that I should check?
What's in your /etc/mydns.conf? What's the output of Code: iptables -L on the primary? Do you see any errors in the primary's logs related to your problem?
Here is the output of mydns.conf. Code: [root@index ~]# cat /etc/mydns.conf ## ## /etc/mydns.conf ## Mon Mar 6 11:15:54 2006 ## For more information, see mydns.conf(5). ## # DATABASE INFORMATION db-host = localhost # SQL server hostname db-user = mydns # SQL server username db-password = password # SQL server password database = database # MyDNS database name # GENERAL OPTIONS user = nobody # Run with the permissions of this user group = nobody # Run with the permissions of this group listen = 192.168.1.122 # Listen on these addresses ('*' for all) # CACHE OPTIONS zone-cache-size = 1024 # Maximum number of elements stored in the zone cache zone-cache-expire = 60 # Number of seconds after which cached zones expires reply-cache-size = 1024 # Maximum number of elements stored in the reply cache reply-cache-expire = 30 # Number of seconds after which cached replies expire # ESOTERICA log = LOG_DAEMON # Facility to use for program output (LOG_*/stdout/stderr) pidfile = /var/run/mydns.pid # Path to PID file timeout = 120 # Number of seconds after which queries time out multicpu = 1 # Number of CPUs installed on your system allow-axfr = yes # Should AXFR be enabled? allow-tcp = yes # Should TCP be enabled? ignore-minimum = no # Ignore minimum TTL for zone? soa-table = soa # Name of table containing SOA records rr-table = rr # Name of table containing RR data Here is the revlent part of iptables -L Code: ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain The only thing I see is success on the primary machine. So I am not sure where the hangup is.
Tried that it did not work. This box has three interfaces. On one of the other interfaces djbdns is running as a caching only DNS. When I put in Code: listen = * That caused some problems with mydns restarting and djbdns running.
I was finally able to test it with out the firewall on, still the same bad zone responces. Any more ideas or am I stuck?
Is 192.168.1.122 the IP address of your primare DNS? Are both name servers in the same 192.168.1.x net?
Yes that is the IP of the primary DNS, the other server is not on the same subnet. The primary machine is acting as a firewall with 3 interfaces the internet, the LAN and a DMZ. The slave DNS is in the DMZ connected via a cross over cable. The 192.168.1.122 IP is the internet interface of the primary DNS. On the LAN interface there is a caching DNS server running.
Fixed It In the listen directive in in my DNS config I added my DMZ IP address. That fixed the problem. Thanks for your help on this falko!
