I am having a trouble tranfering zone to secondary nameserver. I have set up 2 identical servers(OpenSuse 10.1) and everything seems to be working fine except zone transfer. My servers are set up on DMZ using none public address and I have all the port forwarding rules setup correctly on my firewall. Anybody have solution for this? Thanks, log from secondary nameserver Code: Sep 15 11:50:52 ns2 named[21231]: zone example.com/IN: Transfer started. Sep 15 11:51:41 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'xxx.xxx.xxx.in-addr.arpa': not authoritative Sep 15 11:51:42 ns2 named[21231]: client 192.168.1.100#33020: received notify for zone 'example.com' Sep 15 11:51:42 ns2 named[21231]: zone example.com/IN: refused notify from non-master: 192.168.1.100#33020 Sep 15 11:54:01 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: failed to connect: timed out Sep 15 11:54:01 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: end of transfer Sep 15 11:58:09 ns2 named[21231]: zone example.com/IN: refresh: retry limit for master xxx.xxx.xxx.xxx#53 exceeded (source 0.0.0.0#0) Sep 15 11:58:09 ns2 named[21231]: zone example.com/IN: Transfer started. Sep 15 12:01:18 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: failed to connect: timed out Sep 15 12:01:18 ns2 named[21231]: transfer of 'example.com/IN' from xxx.xxx.xxx.xxx#53: end of transfer Sep 15 12:09:06 ns2 proftpd[22487]: localhost (localhost[127.0.0.1]) - FTP session opened. Sep 15 12:09:06 ns2 proftpd[22487]: localhost (localhost[127.0.0.1]) - FTP session closed. Sep 15 12:09:10 ns2 proftpd[22498]: localhost (localhost[127.0.0.1]) - FTP session opened. Sep 15 12:09:10 ns2 proftpd[22498]: localhost (localhost[127.0.0.1]) - FTP session closed. Sep 15 12:09:21 ns2 kernel: Netfilter messages via NETLINK v0.30. Sep 15 12:09:21 ns2 kernel: ip_conntrack version 2.4 (6143 buckets, 49144 max) - 232 bytes per conntrack Sep 15 12:09:25 ns2 proftpd[22845]: localhost (localhost[127.0.0.1]) - FTP session opened. Sep 15 12:09:25 ns2 proftpd[22845]: localhost (localhost[127.0.0.1]) - FTP session closed. Sep 15 12:09:30 ns2 proftpd[22857]: localhost (localhost[127.0.0.1]) - FTP session opened. Sep 15 12:09:30 ns2 proftpd[22857]: localhost (localhost[127.0.0.1]) - FTP session closed. Sep 15 12:09:34 ns2 proftpd[22863]: localhost (localhost[127.0.0.1]) - FTP session opened. Sep 15 12:09:34 ns2 proftpd[22863]: localhost (localhost[127.0.0.1]) - FTP session closed. Sep 15 12:10:44 ns2 named[21231]: zone example.com/IN: refresh: retry limit for master xxx.xxx.xxx.xxx#53 exceeded (source 0.0.0.0#0) Sep 15 12:10:44 ns2 named[21231]: zone example.com/IN: Transfer started.
Fixed it, stupidly put wrong ip address. Now. I got permission denied errors. Can you tell me which files and folder to to set permission for openSuse 10.1? Thanks again! Code: Sep 18 11:13:35 ns2 named[20656]: zone example.com/IN: Transfer started. Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: connected using 192.168.1.110#46373 Sep 18 11:13:35 ns2 named[20656]: dumping master file: tmp-Ei61hpSYW7: open: permission denied Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: failed while receiving responses: permission denied Sep 18 11:13:35 ns2 named[20656]: transfer of 'example.com/IN' from 192.168.1.100#53: end of transfer
Yes... I did fellow all the steps from perfect setup for openSuse 10.1, everything seems to be working fine except for zone transfer.
What's the output of Code: ls -la /var/lib/named on both servers? What's in /etc/named.conf on both servers?
Here's the content of first server:ns1 Code: ns1:~ # ls -la /var/lib/named/ total 64 drwxr-xr-x 9 root root 4096 Sep 15 14:01 . drwxr-xr-x 28 root root 4096 Sep 18 15:30 .. -rw-r--r-- 1 root root 192 Jul 4 2001 127.0.0.zone drwxr-xr-x 2 root root 4096 Sep 14 16:21 dev drwxr-xr-x 2 named named 4096 May 2 04:33 dyn drwxr-xr-x 3 root root 4096 Sep 18 13:26 etc -rw-r--r-- 1 root root 158 Jul 4 2001 localhost.zone drwxr-xr-x 2 named named 4096 May 2 04:33 log drwxr-xr-x 2 root root 4096 May 2 04:33 master -rw-r--r-- 1 named named 704 Sep 15 14:02 pri.xxx.xxx.xxx.in-addr.arpa -rw-r--r-- 1 named named 673 Sep 15 14:02 pri.xxx.xxx.xxx.in-addr.arpa~ -rw-r--r-- 1 named named 814 Sep 18 13:26 pri.example.com -rw-r--r-- 1 named named 843 Sep 18 13:26 pri.example.com~ -rw-r--r-- 1 root root 2517 May 2 04:33 root.hint drwxr-xr-x 2 named named 4096 May 2 04:33 slave drwxr-xr-x 4 root root 4096 Sep 8 11:39 var ns1:~ # /etc/named options { pid-file "/var/lib/named/var/run/named/named.pid"; directory "/var/lib/named"; auth-nxdomain no; allow-recursion { localhost; }; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." { type hint; file "root.hint"; }; zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.zone"; }; zone "xxx.xxx.xxx.in-addr.arpa" { type master; file "pri.xxx.xxx.xxx.in-addr.arpa"; }; zone "example.com" { type master; file "pri.example.com"; }; //// MAKE MANUAL ENTRIES BELOW THIS LINE! //// And content of second server: ns2 Code: ns2:~ # ls -la /var/lib/named/ total 48 drwxr-xr-x 9 root root 4096 Sep 18 11:13 . drwxr-xr-x 28 root root 4096 Sep 18 17:30 .. -rw-r--r-- 1 root root 192 Jul 4 2001 127.0.0.zone drwxr-xr-x 2 root root 4096 Sep 14 13:22 dev drwxr-xr-x 2 named named 4096 May 2 04:33 dyn drwxr-xr-x 3 root root 4096 Sep 18 11:13 etc -rw-r--r-- 1 root root 158 Jul 4 2001 localhost.zone drwxr-xr-x 2 named named 4096 May 2 04:33 log drwxr-xr-x 2 root root 4096 May 2 04:33 master -rw-r--r-- 1 root root 2517 May 2 04:33 root.hint drwxr-xr-x 2 named named 4096 May 2 04:33 slave drwxr-xr-x 4 root root 4096 Sep 12 23:17 var ns2:~ # /etc/named options { pid-file "/var/lib/named/var/run/named/named.pid"; directory "/var/lib/named"; auth-nxdomain no; allow-recursion { localhost; }; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." { type hint; file "root.hint"; }; zone "0.0.127.in-addr.arpa" { type master; file "127.0.0.zone"; }; zone "example.com" { type slave; file "sec.example.com"; masters { 192.168.1.100; }; }; //// MAKE MANUAL ENTRIES BELOW THIS LINE! //// Thanks!
I've googled and found a solution to this. Code: zone "example.com" { type slave; file "slave/sec.example.com"; masters { 192.168.1.100; }; };
I did create the slave record on dns manager, but "slave/..." did not get added when I created slave record. It could've been buggy yast2 in openSuse 10.1 issue. It's my first time playing around with openSuse distro, and I am impressed by its ablility to support my old Symbios Scsi cards & HP netRaid cards right out of the box, but i am not so found of yast2 so far. I had to manually add update source in yast2 and I still can't find a way to add install sources on 2 servers. I had to use y2pmsh to manually install all the required programs. Anyway... Now everything is running extremly well and thanks for creating wonderful ISPConfig Package!
If you have to add slave/, this means that the permissions of /var/lib/named are not ok, because otherwise the zones would be created in /var/lib/named instead of /var/lib/named/slave.
Hi, first of all thanks for this magnificent job. searching in the howto and the forum i have resolved all, also i have installed the remote framework.... but i have a problem con dns the same of this thread in slave dns, therefore ispconfig 2 / ns2 named.conf has: zone "example.com" { type slave; file "sec.example.com"; masters { XXXXXXXXXXX; }; (1) }; (1) IP ns1 but i do not see the file sec.example.com therefore in syslog May 31 07:50:42 ns2 named[14074]: zone example.com/IN: Transfer started. May 31 07:53:51 ns2 named[14074]: transfer of 'example.com/IN' from XX.XX.XX.XX#53: failed to connect: timed ou need other information? as can i make works the transfer? Thank for all p.s. i have used howto "How To Run Your Own Name Servers With ISPConfig And GoDaddy"
Please make sure that the firewall on ns1 doesn't block port 53 (TCP and UDP). Is named running on ns1? Are there any named errors in the ns1 logs?
Yes named on ns1 running, this a bit di syslog: Code: Jun 1 13:27:41 example named[32710]: starting BIND 9.3.4 -u bind -t /var/lib/named Jun 1 13:27:41 example named[32710]: found 1 CPU, using 1 worker thread Jun 1 13:27:41 example named[32710]: loading configuration from '/etc/bind/named.conf' Jun 1 13:27:41 example named[32710]: no IPv6 interfaces found Jun 1 13:27:41 example named[32710]: listening on IPv4 interface lo, 127.0.0.1#53 Jun 1 13:27:41 example named[32710]: listening on IPv4 interface venet0:0, XX.XX.XXX.XX#53 Jun 1 13:27:41 example named[32710]: command channel listening on 127.0.0.1#953 Jun 1 13:27:41 example named[32710]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1 Jun 1 13:27:41 example named[32710]: zone 146.XX.XX.in-addr.arpa/IN: loaded serial 2007053001 Jun 1 13:27:41 example named[32710]: zone example.com/IN: loaded serial 2007060101 Jun 1 13:27:41 example named[32710]: running Jun 1 13:27:41 example named[32710]: zone 146.XX.XX.in-addr.arpa/IN: sending notifies (serial 2007053001) Jun 1 13:27:41 example named[32710]: zone example.com/IN: sending notifies (serial 2007060101) I do not see errors firewall on ns1 and ns2 is that of ispconfig with 53 tcp and upd open I must add that today (10:30) I have reboot the real server Host (ns1 and ns2 are two vps with two external IPs and firewall on Host is open on 53 tcp udp) and file sec.example.com it has been created, but after the transfert it is blocked syslog on ns2: Code: Jun 1 16:31:08 ns2 named[7336]: zone example.com/IN: Transfer started. Jun 1 16:34:17 ns2 named[7336]: transfer of 'example.com/IN' from XX.XXX.XXX.XX#53: failed to connect: timed out Jun 1 16:34:17 ns2 named[7336]: transfer of 'example.com/IN' from XX.XX.XX.XX#53: end of transfer I do not succeed to understand, however thanks
and trasfer of record is successful..... after it is blocked another time, now transfer is blocked infact on dns stuff: The serial numbers reported by each DNS server are: XX.XXX.XX.XX: 2007060101 XX.XXX.XXX.XXX: 2007053008 some idea?
What's in sec.example.com (on ns2) and pri.example.com (on ns1)? Any errors in your logs (on both ns1 and ns2)?
I have resolved after much job and tests, thanks first the firewall on Host master (physical server) closed the transfert from ns1 (vps1) to ns2 (vps2) strange because iptables it was opened on all from and towards the two IP (TPC and UDP) after on ns2 syslog gave this line: refused notify from non-master therefore I have added on ns2 named.conf allow-notify { IP ns2; }; now work... even if I must arrange better firewall on physical server Hello boys, when I can to back, if i I will be able to contribute in some way.... thanks for the yours job. This is the best free hosting panel and i have tested all on the web in the sector, also something to payment. P.s. excuse me for my poor english
