Zones are not getting updated at slave servers

Printable View

02-19-2011
pratapsingh

Zones are not getting updated at slave servers

Hello ,

I have configured master and slave Bind servers. Everything works fine . But whenever I add a new zone entry at master server it is not getting updated at slave server in logs I see this error
client 192.168.1.1#43428: view external: received notify for zone 'yourdomainname.com': not authoritative

At master server I do not see any error or warning message.

This error clearly indicates that named.conf file does not have zone entry in it or domain name is wrong. While checking the named.conf file I see that the zone entry has not been updated at slave server.
If I update it manually and reload named on slave then zone files (db files) are getting created without any issue and any modification at master server for the zone records are also getting updated.

My concern is why zone record is not getting appended at slave server in named.conf file.

Is there anything I am missing in the configuration.

I am pasting the steps which I have followed to configure my master and slave server

================================================== ==============
Configure Bind as master and slave server
Install Bind on your server
yum install bind
OR
sudu apt-get install bind9
Generate RNDC Key using the command
rndc-confgen -a -k rndc-key
it will stored in /etc/rndc-key file
Master Server IP 192.168.0.1
Slave Server IP 192.168.1.1
Master Server Configuration
========================
options
{
query-source port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-transfer { 192.168.1.1; }; # this ip address is for ns2 server so ns1 will transfer all zones to ns2
allow-notify { trusted; };
allow-recursion { trusted; };
};
//### added rndc-key into named.conf ###
key "rndc-key" {
algorithm hmac-md5;
secret "ceGhT/EC/dmxTPChlxmBMw==";
};
acl "trusted" {
192.168.1.1; // IP address of the slave name server
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1;192.168.1.1; } keys { "rndc-key"; };
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
allow-query-cache { any; };
// Disable lookups for any cached data and root hints
zone "yourdomainname.com" in {
allow-transfer { 192.168.1.1; };
type master;
file "/var/named/yourdomainname.com.db";
};
};
Slave Server Configuration
==================
options
{
// Those options should be used carefully because they disable port
// randomization
//query-source port 53;
// query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
allow-transfer { 192.168.0.1; }; # this ip address is ns1 ip address
transfer-format many-answers;
notify no;
//allow-recursion { trusted; };
recursion no;
};
key "rndc-key" {
algorithm hmac-md5;
secret "ceGhT/EC/dmxTPChlxmBMw==";
};
acl "trusted" {
192.168.0.1;192.168.1.1;127.0.0.1; // IP address of the name servers
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1;192.168.0.1; } keys { "rndc-key"; };
};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers
allow-query-cache { any; };
// Disable lookups for any cached data and root hints
// all views must contain the root hints zone:
// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:
zone "yourdomainname.com" in {
type slave;
file "/var/named/yourdomainname.com.db";
masters {192.168.0.1;};
allow-transfer { 192.168.0.1;};
};
};
================================================== ==============
02-20-2011
Lazydog

What OS are you running and are you running named in a chroot env.?
02-20-2011
pratapsingh

I am using Centos
cat /etc/redhat-release
CentOS release 5.5 (Final)

No it is not chroot .
02-20-2011
Lazydog

Sorry, it is getting late here so I'm doing this from memory. Might be a few mistakes in the following but you should be able to give it a try and see if it works.

Code:

options { directory "/var/named"; dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; version "not currently available"; allow-notify {192.168.0.1}; allow-transfer{"none"}; recursion no }; key "rndc-key" { algorithm hmac-md5; secret "ceGhT/EC/dmxTPChlxmBMw=="; }; view "external" zone "yourdomainname.com" in { type slave; file "/var/named/yourdomainname.com.db"; masters {192.168.0.1;}; allow-transfer { 192.168.0.1;};

You could always look HERE for information on configuring bind
02-20-2011
pratapsingh

I have the same entry as you suggested.
zone "yourdomainname.com" in {
type slave;
file "/var/named/yourdomainname.com.db";
masters {192.168.0.1;};
allow-transfer { 192.168.0.1;};
};

But my concern is If I am adding a new DNS record for a new domain on my master server then why slave server named.conf file is not getting updated with the zone entry for that domain name. Once I edit the slave server named.conf file manually and add the zone entry for the newly registered/created domain and reload named then db files are getting created without any issue.

Rest works fine after that. Again I am mentioning it here why zone record are not getting appended to named.conf at slave server when I add a new domain name at master server.
02-20-2011
Lazydog

Quote:

Originally Posted by pratapsingh

But my concern is If I am adding a new DNS record for a new domain on my master server then why slave server named.conf file is not getting updated with the zone entry for that domain name.

Are we talking Zone records or new zone file altogether here?

If you are talking about adding a new zone, i.e., mydomain2.com to the master then you must update the slave conf for it to know about it. this is not an automatic process. the reason behind this is because some people when certain zone on certain servers and not others.

Now if you have mydomain2.com on both servers and you are updating the records in that zone then you have to increment the serial number so that the slave knows the file has changed.

Quote:

Once I edit the slave server named.conf file manually and add the zone entry for the newly registered/created domain and reload named then db files are getting created without any issue.

And that is the way it is supposed to work.
02-20-2011
pratapsingh

Thanks for your reply.

Is there any way I can automate the update of zone in the named.conf file at slave server?

Because its an overhead process to do it all the time manually .
02-20-2011
Lazydog

In Bind, no, not that I am aware of. You only option would be to write a script for adding and deleting zone and have it automatically update both master and slave.