I have configured secondary nameserver for failover if primary nameserver is down. Problem is that even after zone files are transfered successfully and it even resolves internal domain queries but it wont resolve external domain queries for eg. if i give dig gmail.com @192.168.1.3 it will give message as ";; connection timed out; no servers could be reached" and sometimes it return information like dig gmail.com @192.168.1.3 ;; Warning: ID mismatch: expected ID 56182, got 61246 ;; Warning: ID mismatch: expected ID 56182, got 61246 ;; Warning: ID mismatch: expected ID 56182, got 61246 ; <<>> DiG 9.3.4-P1 <<>> gmail.com @192.168.1.3 ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56182 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;gmail.com. IN A ;; Query time: 3753 msec ;; SERVER: 192.168.1.3#53(192.168.1.3) ;; WHEN: Fri Feb 8 09:57:22 2013 ;; MSG SIZE rcvd: 27 Because of that it seems i am not able to send or receive mails using secondary nameserver when my primary nameserver is down. primary nameserver: 192.168.1.2 secondary ns : 192.168.1.3 Putting up primary and secondary named.conf file Master options { directory "/var/named"; allow-transfer { 192.168.1.3; }; auth-nxdomain yes; }; logging { channel default_log{ file "named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "agt.com" IN { type master; file "agt.com"; allow-update { none; }; notify yes; }; zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1"; allow-update { none; }; notify yes; }; Secondary slave options { directory "/var/named/slaves"; listen-on port 53 { any; }; allow-query { 192.168.1.0/24; localhost; }; }; logging { channel example_log{ file "/var/named/slaves/example.log"; severity info; print-severity yes; print-time yes; print-category yes; }; category default{ example_log; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type slave; masters { 192.168.1.2; }; file "slave.localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type slave; masters { 192.168.1.2; }; file "slave.named.local"; }; zone "agt.com" IN { type slave; masters { 192.168.1.2; }; file "slave.agt.com"; notify yes; }; zone "1.168.192.in-addr.arpa" IN { type slave; masters { 192.168.1.2; }; file "slave.192.168.1"; notify yes; }; Resolv.conf file in clients, my mail server and other servers. search agt.com domain agt.com nameserver 192.168.1.3 nameserver 192.168.1.2 Message i get in log while zone is transfered. Messages in log file of slave info: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700 06-Feb-2013 18:10:21.510 general: info: zone 1.168.192.in-addr.arpa/IN: loaded serial 254 06-Feb-2013 18:10:21.511 general: info: zone agt.com/IN: loaded serial 260 06-Feb-2013 18:10:21.511 general: info: zone localhost/IN: loaded serial 42 06-Feb-2013 18:10:21.512 general: notice: running 06-Feb-2013 18:10:21.512 notify: info: zone agt.com/IN: sending notifies (serial 260) 06-Feb-2013 18:10:21.512 notify: info: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 254) 06-Feb-2013 18:17:24.519 general: info: zone agt.com/IN: Transfer started. 06-Feb-2013 18:17:24.519 xfer-in: info: transfer of 'agt.com/IN' from 192.168.1.2#53: connected using 192.168.1.3#41971 06-Feb-2013 18:17:24.527 general: info: zone agt.com/IN: transferred serial 262 06-Feb-2013 18:17:24.527 xfer-in: info: transfer of 'agt.com/IN' from 192.168.1.2#53: end of transfer 06-Feb-2013 18:17:24.527 notify: info: zone agt.com/IN: sending notifies (serial 262) I have used allow-recursion but still result is same. I tried earlier also dig gmail.com @192.168.1.3 (it gives message, ";; connection timed out; no servers could be reached") but as i said earlier its not returning me info from any external domain, it only works for internal domain. Do we have to make any changes at mail server to point to this nameserver (though resolv.conf is having both nameservers and i have kept slave nameserver first in order) besides that any other records needs to be changed on mail server. I think may be it has to do with zone files in my case slave.agt.com and slave.192.168.1.com? I think if problem of external query is solved i think it might run well. May be its not redirecting mail queries to gateway or something. Not sure where the mistake is, if primary is down slave is not able to solve the external domain query. Any advice? Thanks Regards Mitch
