0

I setup my master and slave using FreeBSD. I'm currently running the Bind 9.X version, so far everything is working successfully. Just one small problem.

I can't get the master copy of my DNS to transfer it to the slave server. I included transfer-allow {192.168.1.111;}; // this is the slave server's IP

I ran the rndc reload command to check but I don't see the copy in the /etc/named/master/?

Any help would be appreciated and if you would like the layout of my DNS, I can provide that too.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
  • 3
    Try incrementing the zone's serial number and then doing an rndc reload. – John Gardeniers Apr 12 '10 at 00:38
  • What John said. You need to bump the serial number every time you make a change anyway (to trigger the update messages), and when the slaves get the update they will also get the new serial number. – voretaq7 Apr 12 '10 at 04:35
  • 1
    Then just compare the serial numbers to see if master and slave are in sync. You might also enable the transfer log to help debug it if the transfer still doesn't happen. – John Gardeniers Apr 12 '10 at 10:53
  • Maybe DNS (udp or tcp) traffic is blocked/dropped between master and slave. – lg. Apr 12 '10 at 11:01
  • Another thought: Make sure there is an NS record for your slave in the master zone (otherwise BIND won't send the NOTIFY messages telling the slave that the zone is changed: you'll be waiting around until the refresh time is up) – voretaq7 Apr 12 '10 at 14:44
  • 1
    John Gardeniers: Why not add this as an answers rather than a comment? – Richard Holloway Apr 12 '10 at 21:09
  • @Richard Holloway, what I wrote hardly qualifies as an answer. :) – John Gardeniers Apr 28 '10 at 21:57

2 Answers2

1

BIND 9 master servers will send out NOTIFY messages to each of the NS records you have, when the zone is loaded. This would be any host you have NS records for. For example:

example.com. NS ns1.example.org.
example.com. NS ns2.example.info.

In this case, if ''ns1.example.org'' was the master, it would send a NOTIFY to ''ns2.example.info'' when a new zone version was loaded.

To ensure that this happens, you must increment the serial number in the SOA record for your domain each time you edit it.

You can check all NS servers at once if you use host -C example.com

You may also want to run dig commands from one server to another. Try: dig @otherserver example.com. soa +norec If you see nothing, your machines are likely having firewalls get in the way.

Lastly, check the log files. There is usually something in there if things go wrong.

Michael Graff
  • 6,668
  • 1
  • 24
  • 36
0

First test that you can pull the domain on the slave:

dig @MASTERIP example.com AXFR

If this doesn't work you've got a network or permissions problem.

Either way turn up the log level for bind on both the master and the slave and see what it tells you. http://www.zytrax.com/books/dns/ch7/logging.html

Craig
  • 611
  • 3
  • 5