Broke my MyISPconfig3 DNS sync

Discussion in 'General' started by primesoftnz, Oct 16, 2012.

  1. primesoftnz

    primesoftnz Member

    I have a newly installed multiserver cluster setup with one master and two slave dns servers. (and a web, mail and database server)

    I attempted to load DNS with a zone import which was successful but with an unintended result. It did however initially sync the result of the import with the two slaves. All records ended up under the last zone of the import file instead of in a dozen different zones. Consequently I deleted the zone and the slaves appear to have deleted the records as well.

    I then re-imported a single zone and tested but neither of the slaves have updated.

    Under tools I attempted to resync dns with no success. (even though it says that the zone has been resynced)

    I've been using mysql from the command line for checking the dns_rr table for entries manually and find no records have been loaded on the slaves but are present on the master.

    I have somehow broken the mysql synchronisation.

    Any idea what I the remedy is?
     
    primesoftnz, Oct 16, 2012
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Oct 16, 2012
    #2
  3. primesoftnz

    primesoftnz Member

    I followed the instructions on setting higher debug level on both master and slave and tested using instructions http://www.faqforge.com/linux/debugg...-of-a-failure/

    The only output from running the server.sh script was that it had finished.

    I tailed the syslog on both servers while running the script but it also produced no output.

    I'm wondering if I should now move on to http://stackoverflow.com/questions/...er-and-slave-have-different-database-incase-o instructions for resyncing mysql databases?
     
    primesoftnz, Oct 16, 2012
    #3
  4. primesoftnz

    primesoftnz Member

    Never mind, My bad.
    I missed a critical setup of choosing the mirrored server.

    Now for some reason I can't do a lookup from outside the network the DNS servers are on.
    :-(

    syslog shows

    dns1 named[31920]: client xxx.xxx.xxx.xxx#36234: query (cache) 'www.mydomain.xx.xx/A/IN' denied
     
    primesoftnz, Oct 17, 2012
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the syslog and post the errors that you get when you restart named.
     
    till, Oct 17, 2012
    #5
  6. primesoftnz

    primesoftnz Member

    Output from named in syslog from a restart of bind9 on primary DNS server as follows:


    Oct 18 09:32:38 dns1 named[31920]: received control channel command 'stop -p'
    Oct 18 09:32:38 dns1 named[31920]: shutting down: flushing changes
    Oct 18 09:32:38 dns1 named[31920]: stopping command channel on 127.0.0.1#953
    Oct 18 09:32:38 dns1 named[31920]: stopping command channel on ::1#953
    Oct 18 09:32:38 dns1 named[31920]: no longer listening on ::#53
    Oct 18 09:32:38 dns1 named[31920]: no longer listening on 127.0.0.1#53
    Oct 18 09:32:38 dns1 named[31920]: no longer listening on 202.36.227.102#53
    Oct 18 09:32:38 dns1 named[31920]: exiting
    Oct 18 09:32:39 dns1 named[20852]: starting BIND 9.7.3 -u bind
    Oct 18 09:32:39 dns1 named[20852]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
    Oct 18 09:32:39 dns1 named[20852]: adjusted limit on open files from 1024 to 1048576
    Oct 18 09:32:39 dns1 named[20852]: found 2 CPUs, using 2 worker threads
    Oct 18 09:32:39 dns1 named[20852]: using up to 4096 sockets
    Oct 18 09:32:39 dns1 named[20852]: loading configuration from '/etc/bind/named.conf'
    Oct 18 09:32:39 dns1 named[20852]: reading built-in trusted keys from file '/etc/bind/bind.keys'
    Oct 18 09:32:39 dns1 named[20852]: using default UDP/IPv4 port range: [1024, 65535]
    Oct 18 09:32:39 dns1 named[20852]: using default UDP/IPv6 port range: [1024, 65535]
    Oct 18 09:32:39 dns1 named[20852]: listening on IPv6 interfaces, port 53
    Oct 18 09:32:39 dns1 named[20852]: listening on IPv4 interface lo, 127.0.0.1#53
    Oct 18 09:32:39 dns1 named[20852]: listening on IPv4 interface eth0, 202.36.227.102#53
    Oct 18 09:32:39 dns1 named[20852]: generating session key for dynamic DNS
    Oct 18 09:32:39 dns1 named[20852]: set up managed keys zone for view _default, file 'managed-keys.bind'
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 254.169.IN-ADDR.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: D.F.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 8.E.F.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 9.E.F.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: A.E.F.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: B.E.F.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
    Oct 18 09:32:39 dns1 named[20852]: command channel listening on 127.0.0.1#953
    Oct 18 09:32:39 dns1 named[20852]: command channel listening on ::1#953
    Oct 18 09:32:39 dns1 named[20852]: zone 0.in-addr.arpa/IN: loaded serial 1
    Oct 18 09:32:39 dns1 named[20852]: zone 127.in-addr.arpa/IN: loaded serial 1
    Oct 18 09:32:39 dns1 named[20852]: zone 255.in-addr.arpa/IN: loaded serial 1
    Oct 18 09:32:39 dns1 named[20852]: zone localhost/IN: loaded serial 2
    Oct 18 09:32:39 dns1 named[20852]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
    Oct 18 09:32:39 dns1 named[20852]: managed-keys-zone ./IN: loaded serial 0
    Oct 18 09:32:39 dns1 named[20852]: running

    I got rid of the only error of file not found through

    touch /var/cache/bind/managed-keys.bind
    chown bind:bind /var/cache/bind/managed-keys.bind

    Original issue regarding named not allowing a query from outside the network still exists.
     
    Last edited: Oct 17, 2012
    primesoftnz, Oct 17, 2012
    #6
  7. primesoftnz

    primesoftnz Member

    I found a fix that works but I'm not sure what it opens up as far as security risk.
    My DNS servers are intended to be authoritative so I added

    allow-query { any; };

    to named.conf.options and restarted bind9 on each of my three DNS servers in the cluster.

    Seems to answer queries from outside my network now for records both on the servers and external to them. I guess this provides recursion as well?
     
    primesoftnz, Oct 18, 2012
    #7
  8. falko

    falko Super Moderator Howtoforge Staff

    No, to enable recursion, you need

    Code:
    recursion yes;
    in the options.
     
    falko, Oct 18, 2012
    #8

Share This Page