I would like to setup a slave with BIND. It should do nothing other then get all the dns data from MyDNS master. How should i configure the slave BIND? (i'm gonna use chrooted bind, which is simple enough) This is becuase i want to install a slave without any burden, like mysql etc, just want a plain slave thats all. Also i don't want to share the same mysql database since that would defeat the purpose of having it in the first place. If master goes down so will slave. If there is better way (lighter way ) please let me know. Thank you.
Have a look at this tutorial: http://www.howtoforge.com/traditional_dns_howto The slave configuration is also explained there.
Hi could you enlighten us on how you did it... My current situation: I attempted to create a "master" dns server in ISPconfig 3 using mydns and have it replicate to my ispconfig 2 bind dns. Both servers are being NATed behind respective firewalls. I updated the mydns.conf with the following options: allow-axfr = yes allow-update = yes notify-enabled = yes notify-source = (public NATed IP of mydns master) I created the zone on the master ispconfig 3 server (mydns) and created a slave zone on the ispconfig 2 (bind 9) server pointing to the master. The initial axfr goes through but any updates to the zone are not transferred with the following error in the log: I receive the following in the syslog of the ispconfig 2 bind server: Oct 31 10:03:30 (server) named[(PID)]: client (public.IP.of.mydns)#47075: received notify for zone '(domain).com' Oct 31 10:03:30 (server) named[(PID)]: zone .com/IN: Transfer started. Oct 31 10:03:30 (server) named[(PID)]: transfer of '(domain).com/IN' from (public.IP.of.mydns)#53: connected using (private.IP.of.bind)#35684 Oct 31 10:03:30 (server) named[(PID)]: transfer of '(domain).com/IN' from (public.IP.of.mydns)#53: failed while receiving responses: end of file Oct 31 10:03:30 (server) named[(PID)]: transfer of '(domain).com/IN' from (public.IP.of.mydns)#53: end of transfer Is the "failed while receiving responses: end of file" occurring because of the private ip being sent?? is "notify-source = " config option of mydns supposed to fix that? Any help would be appreciated. Thanks,
Having the exact same problem: 10-Jun-2010 13:01:10.140 general: info: zone mydomain.com/IN: Transfer started. 10-Jun-2010 13:01:10.175 xfer-in: info: transfer of 'mydomain.com/IN' from xx.xx.203.171#53: connected using xx.xx.104.26#56315 10-Jun-2010 13:01:10.236 xfer-in: error: transfer of 'mydomain.com/IN' from xx.xx.203.171#53: failed while receiving responses: end of file 10-Jun-2010 13:01:10.236 xfer-in: info: transfer of 'mydomain.com/IN' from xx.xx.203.171#53: end of transfer Any idea / suggestion most welcome Regards alex
Can you post your mydns.conf from the master and also the output of Code: iptables -L from the master?
Hi Config file: Code: ## ## /etc/mydns.conf ## For more information, see mydns.conf(5). ## # DATABASE INFORMATION db-host = localhost # SQL server hostname db-user = mydns # SQL server username db-password = c1543f1afa050b3f819c2e96ff8a1f89 # SQL server password database = mydns # MyDNS database name # GENERAL OPTIONS user = nobody # Run with the permissions of this user group = nobody # Run with the permissions of this group listen = * # Listen on these addresses ('*' for all) no-listen = # Do not listen on these addresses # CACHE OPTIONS zone-cache-size = 1024 # Maximum number of elements stored in the zone cache zone-cache-expire = 60 # Number of seconds after which cached zones expires reply-cache-size = 1024 # Maximum number of elements stored in the reply cache reply-cache-expire = 30 # Number of seconds after which cached replies expire # ESOTERICA log = LOG_DAEMON # Facility to use for program output (LOG_*/stdout/stderr) pidfile = /var/run/mydns.pid # Path to PID file timeout = 120 # Number of seconds after which queries time out multicpu = 1 # Number of CPUs installed on your system recursive = # Location of recursive resolver allow-axfr = no # Should AXFR be enabled? allow-tcp = yes # Should TCP be enabled? allow-update = no # Should DNS UPDATE be enabled? ignore-minimum = no # Ignore minimum TTL for zone? soa-table = soa # Name of table containing SOA records rr-table = rr # Name of table containing RR data soa-where = # Extra WHERE clause for SOA queries rr-where = # Extra WHERE clause for RR queries iptables on the master Code: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination iptables on the slave Code: iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Must say nothing stands out to my untrained eyes
Thanks for your help. Seeing some progress Code: 13-Jun-2010 21:09:28.905 general: info: zone mydomain.com/IN: Transfer started. 13-Jun-2010 21:09:28.992 xfer-in: info: transfer of 'mydomain.com/IN' from xxx.xxx.203.171#53: connected using yyy.yyy.104.26#52285 13-Jun-2010 21:09:29.067 general: error: zone mydomain.com/IN: has no NS records 13-Jun-2010 21:09:29.067 xfer-in: error: transfer of 'mydomain.com/IN' from xxx.xxx.203.171#53: failed while receiving responses: bad zone 13-Jun-2010 21:09:29.067 xfer-in: info: transfer of 'mydomain.com/IN' from xxx.xxx.203.171#53: end of transfer Not sure what wrong - obviously I entered NS records for mydomain.com... Any idea ?
Did you create NS records for mydomain.com on the master? What's the output of Code: dig @localhost NS mydomain.com on the master?
Hi Yes I believe there are NS records for the domain Code: mydomain.com. A yyy.yyy.10.175 0 86400 [Delete] mail.mydomain.com. A yyy.yyy.10.175 0 86400 [Delete] ns.mydomain.com. A zzz.zzz.203.171 0 86400 [Delete] ns.mydomain.com. NS zzz.zzz.203.171 0 86400 [Delete] ns1.mydomain.com. A xxx.xxx.104.26 0 86400 [Delete] ns1.mydomain.com. NS xxx.xxx.104.26 0 86400 [Delete] www.mydomain.com. A xxx.xxx.104.26 0 86400 [Delete] I'm using a rPath based lochDNS VM which apparently does not contain a dig command... Regards alex
Hello many thanks for your help I have updated the entries as follows: Code: mydomain.com. A yyy.yyy.10.175 0 86400 [Delete] mail.mydomain.com. A yyy.yyy.10.175 0 86400 [Delete] ns.mydomain.com. A zzz.zzz.203.171 0 86400 [Delete] ns.mydomain.com. NS ns.mydomain.com. 0 86400 [Delete] ns1.mydomain.com. A xxx.xxx.104.26 0 86400 [Delete] ns1.mydomain.com. NS ns1.mydomain.com. 0 86400 [Delete] www.mydomain.com. A xxx.xxx.104.26 0 86400 [Delete] no apparent change (the slave BIND server reports no NS records). Any further suggestion ?!
Hi again Code: ; <<>> DiG 9.4.2-P2.1 <<>> @localhost ns mydomain.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49585 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mydomain.com. IN NS ;; Query time: 6 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jun 21 15:03:46 2010 ;; MSG SIZE rcvd: 29
I've just realized that your NS records are as follows: Code: [COLOR="Red"]ns.[/COLOR]mydomain.com. NS ns.mydomain.com. 0 86400 [Delete] [COLOR="Red"]ns1.[/COLOR]mydomain.com. NS ns1.mydomain.com. 0 86400 [Delete] but they should be like this: Code: mydomain.com. NS ns.mydomain.com. 0 86400 [Delete] mydomain.com. NS ns1.mydomain.com. 0 86400 [Delete]
Thanks - good catch ! Geting closer but still not working... Now I see this: Code: 24-Jun-2010 00:11:25.785 general: info: zone mydomain.com/IN: Transfer started. 24-Jun-2010 00:11:25.818 xfer-in: info: transfer of 'mydomain.com/IN' from xxx.xxx.203.171#53: connected using 88.191.104.26#49301 24-Jun-2010 00:11:25.880 general: error: dumping master file: tmp-WvNAfyMNBz: open: permission denied 24-Jun-2010 00:11:25.880 xfer-in: error: transfer of 'mydomain.com/IN' from xxx.xxx.203.171#53: failed while receiving responses: permission denied 24-Jun-2010 00:11:25.880 xfer-in: info: transfer of 'mydomain.com/IN' from xxx.xxx.203.171#53: end of transfer thanks for you patience ! Regards alex
