HPE Community
Operating System - Linux
1829121 Members
2031 Online
109986 Solutions
New Discussion

DNS SLAVE problem

 
SOLVED
Go to solution
'chris'
Super Advisor

‎11-28-2005 10:46 PM

‎11-28-2005 10:46 PM

DNS SLAVE problem

hi

on my linux DNS master for ch.domain.net,
I've created a SLAVE ZONE for the root domain: domain.net

zone "domain.net" {
type slave;
file "/var/cache/bind/domain.net.hosts";
masters {
212.X.X.25;
212.X.X.26;
};
};

it works well, the root Zone will be synchronized, but I have following problem:

the master dns servers will be reached over the vpn tunnel.
if the vpn tunnel goes down, I cannot nslookup any server from this Zone.

howto make this zone available when the vpn tunnel is down ?

I have BIND 9.2.4

kind regards
chris
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎11-28-2005 11:39 PM

‎11-28-2005 11:39 PM

Re: DNS SLAVE problem

Shalom Chris,

On the master server:

Do you have this code in named.conf ??

options {
directory "/var/named";
// query-source address * port 53;
allow-transfer { localhost; 10.1.10.1;};

The slave servers may not be getting any information.

For the slave server to work while the vpn tunnel is down, it must have the allow-transfer options correct and it must be reachable while the vpn tunnel is down.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

‎11-29-2005 12:11 AM

‎11-29-2005 12:11 AM

Solution

Re: DNS SLAVE problem

Your slave nameserver is going to be *constantly* trying to contact the Internet root servers. When you have "forward only" enabled, then the nameserver will use the
forwarders to get the root server information.
So, you should just add "forward only;" to the options { } section of your named.conf on slave machine.

Regards,
Sergejs
Reply
Ivan Ferreira
Honored Contributor

‎11-29-2005 05:30 AM

‎11-29-2005 05:30 AM

Re: DNS SLAVE problem

What is the error when you do nslookup or dig to query the slave server?

Do you have the slaves listed as DNS servers on the client configuration?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
'chris'
Super Advisor

‎11-29-2005 09:56 AM

‎11-29-2005 09:56 AM

Re: DNS SLAVE problem

Master DNS is WIN2000

Slave is linux

I changed on the SLAVE from:

forwarders { 83.X.X.10; 83.X.X.11; 83.X.X.12; };
forward first;

to:

forwarders { 83.X.X.10; 83.X.X.11; 83.X.X.12; };
forward only;


is it correct now ?

SLAVE DNS servers are listed on the client configuration

greetings
chris
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-29-2005 08:42 PM

‎11-29-2005 08:42 PM

Re: DNS SLAVE problem

Chris,

How you are doing it is not how we're doing it in my shop.

That doesn't mean it won't work, just that I'm not totally familiar with your methodology.

A typical slave configuration by me:


zone "blah.com" {
type slave;
file "blah.com.zone";
masters {
10.xx.xx.xx;
};
};

I suggest at this point you test.

BIND 9.2

My setup is different as both DNS servers sit in a DMZ and serve the public internet and transfer data to a server inside the firewall.

Good Luck.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Ivan Ferreira
Honored Contributor

‎11-29-2005 10:42 PM

‎11-29-2005 10:42 PM

Re: DNS SLAVE problem

Also, ensure that in the Windows DNS console, you have enabled the "BIND Secondaries" option.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.