I have a number of DNS zones set up on the primary server (let's say 1.1.1.1) on my multi-server ISPConfig3 setup. These all allow zone transfers to the slave DNS on the secondary server (2.2.2.2). I have not set up mirroring from the primary to the secondary server. Both servers are running Bind9, configured by ISPConfig. In order to configure the slave server I'd set up corresponding secondary zones for each zone in ISPConfig. These are configured as: Server: secondary.domain.tld DNS-Zone: clientdomain.tld NS: 1.1.1.1 Allow zone transfers to: 2.2.2.2 I'd noticed that some but not all zones were propagating to the secondary server with entries in named.conf.local and supporting files in /etc/bind/slave. I couldn't establish why only some were pulling through. Looking at the system logs some transfer fine, but the others give a 'non-authoritative' error. Using dig on the primary server gives a 'NOERROR' status. Using dig on the secondary server (via the primary) gives a 'REFUSED' status. I deleted the slave entries in named.conf.local and the supporting files. I can't figure out why this isn't working. It seems to be close but no cigar. Am I using the correct settings in the zones and secondary zones in ISPConfig? I'm assuming that if I fix whatever's causing the problem then the transfers will begin again and Bind9 on the slave will populate named.conf.local and the /etc/bind/slave folder, or will I need to reconfigure these in ISPConfig once it's fixed? Any help appreciated, I'm going mad here!
The "Allow zone transfers to: 2.2.2.2" should not be set for the slave zone. This setting is only used if you have a third dns server that shall mirror dns data from slave dns instead of master dns. Please do not delete any bind files manually, this will cause bind to fail as the system assumes that all files are still there so bind stops when they are missing and ispconfig will not recreate them as it also assumes that they exist already. You can try to recreate the missing files with the resync tool in ispconfig (tools > resync). Then wait a minute and check if the slave records have all been recreated again, especially that the slave zone directory that is referred to in named.conf.local for the slave zones exists and that it is writable by bind.
I realised after deleting them that I might have made a mistake. Resyncing doesn't seem to work. I might have a go at creating the entries manually.
Try to edit the slave records one by one, empty the allow transfer field and press save. This should recreate them on the slave in named.conf.local file. If this does not happen, then you might have a problem with the mysql connection between master and slave (ispconfig pulls changes from master trough a mysql connection every 60 seconds).
Thanks, that's recreated all the entries in named.conf.local and the files in /etc/bind/slave. Is the 'Allow zones to be transferred' field required in the secondary zone configuration?
