Master Server Bind i's OK but Slave NO

Question

I install two dns server (BIND 9) was the first master, the second is slave.

In Master Server:

The file /etc/bind/named.conf.local

zone "globaltic.tk" {
    type master;
    file "/etc/bind/db.globaltic.tk";
    notify no;
    allow-transfer { 192.168.1.2; };

};

  zone "1.168.192.in-addr.arpa" {
    type master;
    notify no;
    file "/etc/bind/db.1.168.192.in-addr.arpa";
    allow-transfer { 192.168.1.2; };

};

NOW THE FILE ZONE:db.globaltic.tk

$TTL 604800
@  IN      SOA     NS1.globaltic.tk.      root.globaltic.tk. (
                                                    ** 1 ;serial **
                                                    3600 ;refresh
                                                    3600 ;retry
                                                    **2419200 ;expire**
                                                    3600 ;minimum TTL)
 @           IN      NS      NS1.globaltic.tk.
 @           IN      NS      NS2.globaltic.tk.
 @           IN      MX  10  mail.globaltic.tk.
 NS1         IN      A       192.168.1.1
 NS2         IN      A       192.168.1.2
 mail        IN      A       192.168.1.2
 www         IN      A       192.168.1.3

In Slave Server The file /etc/named.conf.local :

//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "globaltic.tk" {
    type slave;
    file "/var/cache/bind/db.globaltic.tk";
    masters { 192.168.1.1; };

};

zone "1.168.192.in-addr.arpa" {
    type slave;
    file "/var/cache/bind/db.1.168.192.in-addr.arpa";
    masters { 192.168.1.1; };

};

The file /var/cache/bind/db.globaltic.tk

$ORIGIN .
$TTL 604800     ; 1 week

globaltic.tk            IN SOA  NS1.globaltic.tk. root.globaltic.tk. (
                            **2011041410 ; serial**
                            3600       ; refresh (1 hour)
                            3600       ; retry (1 hour)
                            **3600       ; expire (1 hour)**
                            3600       ; minimum (1 hour)
                            )
                    NS      NS1.globaltic.tk.
                    NS      NS2.globaltic.tk.
                    MX      10 mail.globaltic.tk.

$ORIGIN globaltic.tk.
mail                    A       192.168.1.2
NS1                     A       192.168.1.1
NS2                     A       192.168.1.2
www                     A       192.168.1.3

the contents of / etc / resolv.conf in the master NS1 search globaltic.tk nameserver 192.168.1.1 the contents of / etc / resolv.conf in the Slave NS2 search globaltic.tk nameserver 192.168.1.1 nameserver 192.168.1.2

the problem is:

-the update can not be made between the master and slave, although I restart bind and reboot each server.

-when I did nslookup nslookup ns1 mail or on the Master server it works, but in the Slave it gives me this message:

  ;; connection timed out; No servers Could Be Reached

Can you use host/dig from your slave and get a good zone transfer? — Zoredache, May 23 '11 at 21:20

score 1 · Accepted Answer · answered May 23 '11 at 20:57

1

There are at least two problems. (1) As highlighted in your post, something got messed up with the serial numbers. The slave has a greater serial number than the master so it will not update its zone data when it receives a notify from the master. Assuming you are using the YYYYMMDDNN convention for serial numbers, update the master zone file to 2011052300. (2) You have notify no; set so the master won't send notifications. Remove that (in both places). After that restarting named on the master should allow the slave to start updating.

As for the timeout running nslookup there may be a firewall blocking access from ns2 to ns1 or you have some acls in your named.conf that you aren't showing.

answered May 23 '11 at 20:57

Mark Wagner

18,019
2
32
47

the same thing, I deleted (notify no;) in the configuration. then I change the serial in the two files (/ etc / bind / master & db.globaltic.tk in / var / cache / bind / db.globaltic.tk in Slavic). I gave the serial "1" I even reboot both systems. and the same thing:-( – tmedtcom May 23 '11 at 22:27
Is netfilter enabled on these servers? To debug you could start a packet capture on both hosts, delete `/var/cache/bind/db.globaltic.tk` on the slave and restart named on the slave. – Mark Wagner May 23 '11 at 22:38
I deleted the file (/ var / cache / bind / db.globaltic.tk). and I reboot the system (slave). in / var / cache / bind any files. the slave has not made the update, well, this whole setup I did before she walks very well on both servers, but the only change I made is the installation of the package (IRedMail the slave (NS2)) I believe that IRedMail contains some configuration netfiltrer. quesque I should do? to test the netfilter and if there is a rule give me please. – tmedtcom May 23 '11 at 22:59
(from Slave)#telnet @ip_Master 53 Trying 192.168.1.1... telnet: Unable to connect to remote host: Connection timed out – tmedtcom May 23 '11 at 23:38
# tail -f /var/log/syslog May 24 00:32:19 NS2 named[1684]: zone globaltic.tk/IN: refresh: retry limit for master 192.168.1.1#53 exceeded (source 0.0.0.0#0) May 24 00:32:19 NS2 named[1684]: zone globaltic.tk/IN: Transfer started. May 24 00:32:39 NS2 named[1684]: zone 1.168.192.in-addr.arpa/IN: refresh: retry limit for master 192.168.1.1#53 exceeded (source 0.0.0.0#0) May 24 00:32:39 NS2 named[1684]: zone 1.168.192.in-addr.arpa/IN: Transfer started. – tmedtcom May 24 '11 at 00:09
May 24 00:32:40 NS2 named[1684]: transfer of 'globaltic.tk/IN' from 192.168.1.1#53: failed to connect: timed out May 24 00:32:40 NS2 named[1684]: transfer of 'globaltic.tk/IN' from 192.168.1.1#53: Transfer completed: 0 messages, 0 records, 0 bytes, 20.999 secs (0 bytes/sec) May 24 00:33:00 NS2 named[1684]: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.1#53: failed to connect: timed out – tmedtcom May 24 '11 at 00:09
ns2 cannot communicate with ns1. (1) Is ns1 listening correctly: `lsof -i | grep named`. (2) Is there a firewall on ns1: `iptables -L -v -n`. – Mark Wagner May 24 '11 at 01:15
root@NS1:~# lsof -i | grep named named 778 bind 20u IPv6 3543 0t0 TCP *:domain (LISTEN) named 778 bind 21u IPv4 3548 0t0 TCP localhost:domain (LISTEN) named 778 bind 22u IPv4 3550 0t0 TCP ns1.globaltic.tk:domain (LISTEN) named 778 bind 23u IPv4 3582 0t0 TCP localhost:953 (LISTEN) named 778 bind 24u IPv6 3583 0t0 TCP localhost:953 (LISTEN) named 778 bind 512u IPv6 3542 0t0 UDP *:domain – tmedtcom May 24 '11 at 18:25
>> named 778 bind 513u IPv4 3547 0t0 UDP localhost:domain >> named 778 bind 514u IPv4 3549 0t0 UDP ns1.globaltic.tk:domain – tmedtcom May 24 '11 at 18:26
root@NS1:~# iptables -L -v -n Chain INPUT (policy DROP 116 packets, 8049 bytes) pkts bytes target prot opt in out source destination 755 38759 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,25,465,110,995,143,993,587,465,22 554 33284 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 – tmedtcom May 24 '11 at 18:26
icmp type 8 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1445 packets, 93218 bytes) pkts bytes target prot opt in out source destination – tmedtcom May 24 '11 at 18:27

Master Server Bind i's OK but Slave NO

1 Answers1