HI All I'm working with the Debian Master/slave DNS system HOWTO I'm using Debian 3.1 and i'm using ftp.de.debian.org to source my files I'm having a number problems with the BIND9 Master/Slave System I get stuck in the begining after adding deb-src http://ftp.de.debian.org/debian testing main contrib non-free to my sources.list file and then running cd ~/lsb-base/ apt-get -y build-dep lsb-base apt-get source lsb-base -b dpkg-i lsb-base*.deb it has a problem in the apt-get -y build-dep lsb-base E: Build-Depends dependency for lsb cannot be satisfied because no available versions of package debhelper can satisfy version requirements and the second when i decided to leave those 2 steps outs (LSB-Base and BIND9) i just ran the apt-get install bind 9 and bind was installed but now after all that when i try to run /etc/init.d/bind9 restart after installoing on the master and the slave i get this error Stopping domain name service: namedrndc: connect failed: connection refused and i read that i need to change the settings on /etc/default/bind9 from the bind user to nobody and i did that and still no luck i still get the same error even after restarting the machine many a time and my other problem is that the zones are not copied from one machine to another could that be because of lsb-base not being installed correctly after including these 2 lines in /etc/bind/named.conf.options dnssec-enable yes; dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan and running the named-checkconf command i get this error /etc/bind/named.conf.options:22: unknown option 'dnssec-enable' /etc/bind/named.conf.options:23: unknown option 'dnssec-keygen' can anyone assist me as to what am i doing wrong!!!!
Have a look here: http://www.howtoforge.com/forums/showthread.php?t=6816 Check out the comments at the bottom of http://www.howtoforge.com/howto_bind_chroot_debian . It's a permissions problem.
dnssec-enable yes;dnssec-keygen -a hmac-md5 ... Thanks for the reply falko I'm still having trouble here though after including these 2 lines in /etc/bind/named.conf.options dnssec-enable yes; dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan and running the named-checkconf command i get this error /etc/bind/named.conf.options:22: unknown option 'dnssec-enable' /etc/bind/named.conf.options:23: unknown option 'dnssec-keygen'
dnssec error I included this to the end of /etc/bind/named.conf.options. and whenever i run named-checkconf i get an error on the line of that dnssec what must it be when i add these to the different files i get an error when i try to restart bind9 Add this in your /etc/bind/named.conf on master AND slave: key "TRANSFER" { algorithm hmac-md5; secret "---HASHKEY---"; }; On the master we add the slave ip to /etc/bind/named.conf: server 192.168.254.2 { keys { TRANSFER; }; }; And on the slave we add the master ip to /etc/bind/named.conf: server 192.168.254.1 { keys { TRANSFER; }; }; Add to /etc/bind/named.conf.local: zone "linux.lan" { type slave; file "/etc/bind/zones/slave_linux.lan"; masters { 192.168.254.1; }; allow-notify { 192.168.254.1; }; }; Final thing needed on BOTH hosts is to add this to /etc/bind/named.conf: include "/etc/bind/rndc.key"; i did some research and someone actually said that i should change the permissions on my /etc/default/bind9 file from the user bind to nobody and i tried that still no luck
When i copied the DNSSec and included it to the end of /etc/bind/named.conf.options and run named-checkconf this is the error that i get :~# named-checkconf /etc/bind/named.conf.options:23: unknown option 'dnssec-enable'
Did you install Bind exactly as described under "Installing Software" on http://www.howtoforge.com/debian_bind9_master_slave_system ?
hi, i noticed the problem to when trying my howto some days/week later :x you should go to backports for lsb package or just get every thing from them. eg. apt-get install bind9 -t sarge-backports the dnssec-enable option will not work with the bind9 version Sarge has, so thats why youre stuck now and need the version from testing
I have a question about the master/slave DNS system. What I want to ask is if I have to manually edit the named.conf file on the Slave DNS Server every time I add a new domain to my Master DNS Server. I understand that the zones file gets created automatically by the transfer process between the master and the server that bind does, but what about the named.conf file? In a short way, is the Slave DNS Server a set-and-forget thing or do I still have to login to it and manually edit the named.conf file every time I add a new domain? And a second question I would like to ask is if a DNS server can be a master for one zone and a slave for another zone at the same time. The reason I'm asking this is because I have some Plesk servers and using this script I fetch the DNS records from the Plesk servers. The script produces a file that has all the zone configuration from the Plesk servers, but configured as slave zones then transfers the zone files using the bind transfer system and finally it restarts named. I have added this script to my crontab and it runs every 15 minues. The only thing I needed to do was to add the generated filename as an include in named.conf the first time the script ran. So I want to ask if it's OK to host master zones and slave zones on the same machine. Thanks a lot, wintech2003
Yes, unless you use a control panel like ISPConfig on your slave. If you don't add something like this to the named.conf on the slave: Code: zone "example.com" { type slave; file "sec.example.com"; masters { 1.2.3.4; }; }; where 1.2.3.4 is the IP address of the master DNS server. Then restart Bind. Yes.
