Slave Bind9 server do not retreive zone file from master.

[alex34]

Hello everyone,

I have a problem with my Bind9 slave server that cannot retreive the zone file from my master after some modifications.


The first time I create my dns zone on the master then restart both master and slave, it worked, the zone file on my slave was the exact copy.

But now, if I modify my master zone file (serial + one record) and then restart both process, the slave do not retreive the new zone file.
I need to delete the existing zone file on my slave before restarting both process. And even that do not work well cause only the serail number is updated, the added record is not preset.


Do you have any idea ?
Thanks.

[Lazydog]

How about giving us the config files to look at and some logs when it fails? The logs you attached show the transfer was done.

[zackwasa]

The slave updates its records from the master depending on the settings in the SOA and the TTL value

[Lazydog]

I understand how DNS works. And the slave updates its records according to the serial number only. Everything else just tells the slave how often to compare the serial numbers.

Now back to the question at hand.

What OS are you running bind on? Is it chrooted?

[alex34]

Hello,

Sorry for late reply, I was in holidays

The logs you attached show the transfer was done.

Yes the transfer is done but first I need to delete the zone file on the slave and even with that the transfered file is not the same as the master, it looks like an old version that come from I don't know where But the serial number is well modified !

Below is all conf file and info that could help :

OS = Debian Squeeze with bind9 and SSH server.

There is the tuto I used for chrooted Bind :
linuxmanage.com/master-and-slave-with-chrooted-bind9-on-debian-lenny.html


If you have any suggestions, I would really appreciate it.

Thanks Alex.

[alex34]

I can't post the conf file (not 15 messages yet)
So I joined the file.


Thanks.
Alex.

[Lazydog]

All files for Bind must be placed into the chroot environment. Bind must be started in the chroot environment in order for it to be jailed. All your config files should be in /var/cache/bind/etc but I cannot tell if that is where you have them in the file you attached. Did you follow this page word for word?

[alex34]

Thank you very much for your reply Lazydog,

I have nothing directly in /var/cache/bind

named.conf.local and named.conf.options are in /var/chrooted/bind/etc/bind
xxxxx@ns0:/var/chroot/bind/etc$ ls -l /var/chroot/bind/etc
total 4
drwxr-sr-x 2 root bind 4096 Aug 30 17:58 bind



myzone file is in /var/chroot/bind/var/cache/bind/
xxxxx@ns1:/var/chroot/bind/var/cache$ ls -l
total 4
drwxr-xr-x 2 bind bind 4096 Sep 28 12:57 bind



I had one of the name server that was not time synchronized, I fixed it but I still have the same problem :
the transferred file is not exactly the same as the master file, it looks like an old version (kind of temp file stored I don’t know where) but the serial number is well updated.

MASTER LOG :
Sep 30 14:26:31 ns0 named[22718]: received control channel command 'stop -p'
Sep 30 14:26:31 ns0 named[22718]: shutting down: flushing changes
Sep 30 14:26:31 ns0 named[22718]: stopping command channel on 127.0.0.1#953
Sep 30 14:26:31 ns0 named[22718]: stopping command channel on ::1#953
Sep 30 14:26:31 ns0 named[22718]: no longer listening on 127.0.0.1#53
Sep 30 14:26:31 ns0 named[22718]: no longer listening on 10.10.10.9#53
Sep 30 14:26:31 ns0 named[22718]: exiting
Sep 30 14:26:32 ns0 named[22787]: starting BIND 9.7.3 -u bind -t /var/chroot/bind
Sep 30 14:26:32 ns0 named[22787]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Sep 30 14:26:32 ns0 named[22787]: adjusted limit on open files from 1024 to 1048576
Sep 30 14:26:32 ns0 named[22787]: found 8 CPUs, using 8 worker threads
Sep 30 14:26:32 ns0 named[22787]: using up to 4096 sockets
Sep 30 14:26:32 ns0 named[22787]: loading configuration from '/etc/bind/named.conf'
Sep 30 14:26:32 ns0 named[22787]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Sep 30 14:26:32 ns0 named[22787]: using default UDP/IPv4 port range: [1024, 65535]
Sep 30 14:26:32 ns0 named[22787]: using default UDP/IPv6 port range: [1024, 65535]
Sep 30 14:26:32 ns0 named[22787]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 30 14:26:32 ns0 named[22787]: listening on IPv4 interface eth0, 10.10.10.9#53
Sep 30 14:26:32 ns0 named[22787]: generating session key for dynamic DNS
Sep 30 14:26:32 ns0 named[22787]: set up managed keys zone for view _default, file 'managed-keys.bind'
Sep 30 14:26:32 ns0 named[22787]: command channel listening on 127.0.0.1#953
Sep 30 14:26:32 ns0 named[22787]: command channel listening on ::1#953
Sep 30 14:26:32 ns0 named[22787]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 30 14:26:32 ns0 named[22787]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 30 14:26:32 ns0 named[22787]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 30 14:26:32 ns0 named[22787]: zone myzone/IN: loaded serial 2011093002
Sep 30 14:26:32 ns0 named[22787]: zone localhost/IN: loaded serial 2
Sep 30 14:26:32 ns0 named[22787]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Sep 30 14:26:32 ns0 named[22787]: managed-keys-zone ./IN: loaded serial 0
Sep 30 14:26:32 ns0 named[22787]: running
Sep 30 14:26:32 ns0 named[22787]: zone myzone/IN: sending notifies (serial 2011093002)
Sep 30 14:26:40 ns0 named[22787]: client 10.10.10.10#43502: transfer of 'myzone/IN': AXFR started
Sep 30 14:26:40 ns0 named[22787]: client 10.10.10.10#43502: transfer of 'myzone/IN': AXFR ended



SLAVE LOG :
Sep 30 14:26:39 ns1 named[20064]: received control channel command 'stop -p'
Sep 30 14:26:39 ns1 named[20064]: shutting down: flushing changes
Sep 30 14:26:39 ns1 named[20064]: stopping command channel on 127.0.0.1#953
Sep 30 14:26:39 ns1 named[20064]: stopping command channel on ::1#953
Sep 30 14:26:39 ns1 named[20064]: no longer listening on 127.0.0.1#53
Sep 30 14:26:39 ns1 named[20064]: no longer listening on 10.10.10.10#53
Sep 30 14:26:39 ns1 named[20064]: exiting
Sep 30 14:26:40 ns1 named[20118]: starting BIND 9.7.3 -u bind -t /var/chroot/bind
Sep 30 14:26:40 ns1 named[20118]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Sep 30 14:26:40 ns1 named[20118]: adjusted limit on open files from 1024 to 1048576
Sep 30 14:26:40 ns1 named[20118]: found 8 CPUs, using 8 worker threads
Sep 30 14:26:40 ns1 named[20118]: using up to 4096 sockets
Sep 30 14:26:40 ns1 named[20118]: loading configuration from '/etc/bind/named.conf'
Sep 30 14:26:40 ns1 named[20118]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Sep 30 14:26:40 ns1 named[20118]: using default UDP/IPv4 port range: [1024, 65535]
Sep 30 14:26:40 ns1 named[20118]: using default UDP/IPv6 port range: [1024, 65535]
Sep 30 14:26:40 ns1 named[20118]: listening on IPv4 interface lo, 127.0.0.1#53
Sep 30 14:26:40 ns1 named[20118]: listening on IPv4 interface eth0, 10.10.10.10#53
Sep 30 14:26:40 ns1 named[20118]: generating session key for dynamic DNS
Sep 30 14:26:40 ns1 named[20118]: set up managed keys zone for view _default, file 'managed-keys.bind'
Sep 30 14:26:40 ns1 named[20118]: command channel listening on 127.0.0.1#953
Sep 30 14:26:40 ns1 named[20118]: command channel listening on ::1#953
Sep 30 14:26:40 ns1 named[20118]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 30 14:26:40 ns1 named[20118]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 30 14:26:40 ns1 named[20118]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 30 14:26:40 ns1 named[20118]: zone localhost/IN: loaded serial 2
Sep 30 14:26:40 ns1 named[20118]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Sep 30 14:26:40 ns1 named[20118]: managed-keys-zone ./IN: loaded serial 0
Sep 30 14:26:40 ns1 named[20118]: running
Sep 30 14:26:40 ns1 named[20118]: zone myzone/IN: Transfer started.
Sep 30 14:26:40 ns1 named[20118]: transfer of 'myzone/IN' from 10.10.10.9#53: connected using 10.10.10.10#43502
Sep 30 14:26:40 ns1 named[20118]: zone myzone/IN: transferred serial 2011093002
Sep 30 14:26:40 ns1 named[20118]: transfer of 'myzone/IN' from 10.10.10.9#53: Transfer completed: 1 messages, 14 records, 328 bytes, 0.001 secs (328000 bytes/sec)


And yes I followed exatly the page word for word but I may have made a mistake.

Thanks.
Alex.

[Lazydog]

/var/cache/bind/etc

Should have read:

/var/chroot/bind/etc/

Sorry

[Lazydog]

After you make changes to the zone file on the master are you updating the serial numbers of the zone?
How are you informing Bind that you have made changes to the zone file?