- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Secondary DNS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 06:13 AM
12-19-2006 06:13 AM
I’ve loaded Fedora FC6 with BIND 9.3.2 on a temporary box,
I am able to get BIND 9.3.2 to start and RNDC sees the zone files,
I have it setup in the /var/named/chroot with a symbolic link from the /var/named/chroot/etc/named.conf to /etc/named.conf
I do an RNDC STATUS and see it is reading the zone files,
number of zones: 239
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 2
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
when I query the zone via NSLOOKUP or DIG I get a SERVFAIL
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10654
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
My primary server named.conf has the allow-transfer { secondary; secondary-temp; }: directives..
My temp named.conf has the following info in the header:
options {
directory "/etc";
allow-transfer { primary-address; };
allow-query { any; };
// query-source address * port 53;
};
controls {
Here is what is being seen in the /var/log/messages
Dec 19 13:39:50 esutemp kernel: audit(1166553590.778:6905): avc: denied { write } for pid=19878 comm="named" name="secondary" dev=dm-0 ino=6547817 scontext=root:system_r:named_t:s0 tcontext=root:object_r:named_conf_t:s0 tclass=dir
Dec 19 13:39:50 esutemp named[19877]: zone waterloo/IN: loading master file secondary/waterloo: permission denied
…
Dec 19 13:59:10 esutemp named[20107]: zone ben.esu3.k12.ne.us/IN: ben_node85.ben.esu3.k12.ne.us/A: bad owner name (check-names)
..
..
Dec 19 13:59:14 esutemp named[20107]: zone 236.202.205.in-addr.arpa/IN: zone transfer deferred due to quota
On ad naseum.
Any insight appreciated..
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 06:29 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 06:46 AM
12-19-2006 06:46 AM
Re: Secondary DNS
;; connection timed out; no servers could be reached
Dec 19 14:48:32 nstemp named[20352]: secondary/azonefile.org:236: dcw_node89.azonefile.org: bad owner name (check-names)
the quota and permission denied errors went away but DIG and NSLOOKUP's fail, also the checkname stuff is filling the messages log.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 07:14 AM
12-19-2006 07:14 AM
Re: Secondary DNS
You need to setup forwarder to dig msn.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 07:17 AM
12-19-2006 07:17 AM
Re: Secondary DNS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 07:29 AM
12-19-2006 07:29 AM
Re: Secondary DNS
I shut Shutoff selinux
here is the output, 1st from the working primary and second from the temporary secondary.. I've checked the named.boot it seems to be running through the zones files, getting bad checkname errors..
> [root@esutemp ~]# dig www.esu3.org @205.202.253.1
; <<>> DiG 9.3.2 <<>> www.esu3.org @205.202.253.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.esu3.org. IN A
;; ANSWER SECTION:
www.esu3.org. 86400 IN A 205.202.241.39
;; AUTHORITY SECTION:
esu3.org. 86400 IN NS ns2.esu3.org.
esu3.org. 86400 IN NS ns1.esu3.org.
;; ADDITIONAL SECTION:
ns1.esu3.org. 86400 IN A 205.202.253.1
ns2.esu3.org. 86400 IN A 205.202.253.3
;; Query time: 7 msec
;; SERVER: 205.202.253.1#53(205.202.253.1)
;; WHEN: Tue Dec 19 15:30:57 2006
;; MSG SIZE rcvd: 114
> e^H[root@esutemp ~]# dig www.esu3.org @205.202.253.1
; <<>> DiG 9.3.2 <<>> www.esu3.org @205.202.253.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.esu3.org. IN A
;; ANSWER SECTION:
www.esu3.org. 86400 IN A 205.202.241.39
;; AUTHORITY SECTION:
esu3.org. 86400 IN NS ns2.esu3.org.
esu3.org. 86400 IN NS ns1.esu3.org.
;; ADDITIONAL SECTION:
ns1.esu3.org. 86400 IN A 205.202.253.1
ns2.esu3.org. 86400 IN A 205.202.253.3
;; Query time: 7 msec
;; SERVER: 205.202.253.1#53(205.202.253.1)
;; WHEN: Tue Dec 19 15:30:57 2006
;; MSG SIZE rcvd: 114
[root@esutemp ~]# dig www.esu3.org @205.202.253.2
; <<>> DiG 9.3.2 <<>> www.esu3.org @205.202.253.2
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
; <<>> DiG 9.3.2 <<>> www.esu3.org @205.202.253.2
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 07:51 AM
12-19-2006 07:51 AM
Re: Secondary DNS
ps -ef|grep named
and netstat -an|grep 53
Would like to turn off iptables/ipchains too on this host when tetsing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 08:01 AM
12-19-2006 08:01 AM
Re: Secondary DNS
When I do a /etc/named start, restart or stop it is taking a LONGGG time to finish now.. I am thinking I will reload the OS and make sure I disable SELINUX and Firewall setting on load. I stopped iptables/ipchains same result slow start of named.
Our old DNS server had all files in /etc/namedb as named root
within the directory structure is a "/secondary where the zone files exist..
The /var/log/message file is filling up with bad check-name junk..
I am going back to scratch will post after I get things back in place..
Starting named is taking way longer then with the primary. I will check back after I get the OS rebuilt and zone files in place and ownership defined to named.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 08:04 AM
12-19-2006 08:04 AM
Re: Secondary DNS
After everything works, suggest to use chroot.
Also, SOA files needs to be changed.
Good Luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2006 08:53 AM
12-19-2006 08:53 AM
Re: Secondary DNS
I have it rebuilt from scratch with SELINUX and IPTABLES disabled..
I've done the following:
Copied my existing secondary files over placed them in /var/named/chroot/etc
the following files are listed:
rw-r--r-- 1 root named 195 Dec 19 15:44 localhost.zone
-rw-r--r-- 1 root root 1279 Dec 19 15:35 localtime
-rw-r--r-- 1 root named 21066 Dec 19 15:44 named.boot
-rw-r--r-- 1 root named 2133 Dec 19 15:44 named.ca
-rw-r----- 1 root named 1100 Sep 11 04:13 named.caching-nameserver.conf
-rw-r--r-- 1 root named 30339 Dec 19 15:46 named.conf
-rw-r--r-- 1 root named 251 Dec 19 15:44 named.local
-rw-r----- 1 root named 955 Sep 11 04:13 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Dec 19 15:32 rndc.key
drwxrwxrwx 2 root named 20480 Dec 15 08:12 secondary
drwxr-xr-x 2 root named 4096 Jun 13 1999 src
Getting Check-names errors in log:
Getting Permission Denied errors in the log:
Dec 19 15:46:43 esutemp named[2332]: zone 109.3.10.in-addr.arpa/IN: loading mast
er file secondary/109.3.10.in-addr.arpa: permission denied
The top of my named.conf looks like this:
// generated by named-bootconf.pl
options {
directory "/etc";
allow-transfer { 205.202.253.1; };
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
Bottom has an include for /etc/rndc.key which is a symlink to /var/named/chroot/etc/rndc.key
named.boot is still on the system, however I thought this was deprecated with v8?
the file look as such from the top:
;
; named.boot
;
; Description: The named.boot file is required to boot a BIND name server.
;
; Syntax: directory
; ;[comment]
; primary
; secondary
; cache
; slave
; forwarders
;
;
; ;[comment] text following the ';' character is ignored
; domain For a secondary or primary line, the name of the BIND
; domain for which the server is a secondary or primary
; server. For a cache line, the name of the domain for
; which the file,
; host For a secondary line, the IP address of a primary or
; secondary server distributing the database for domain,
;
; to which queries should be forwarded.
; file For a secondary line, the name of the file in which the
; data of domain,
; specified can be dumped. For a primary line, the file from
; which to read the master copy of the domain data. For a
; cache line, the name of the file in which the cache is
; stored.
;
directory /etc/namedb
;
secondary esu3.k12.ne.us 205.202.253.1 secondary/esu3.k12.ne.us
secondary esu3.net 205.202.253.1 secondary/esu3.net
secondary esu3.org 205.202.253.1 secondary/esu3.org
;
;
primary 0.0.127.in-addr.arpa named.local
;
;
; School district domains
;
secondary arl.esu3.k12.ne.us 205.202.253.1 secondary/arl.esu3.k12.ne.us
I am beyond baffled as to what to look at next..