Help with DNS configuration (master and slave server)

Hello.

I like to set up 2 dns servers and got some problems.
It seems like the slave server dont get the data transfered from my master.

Master has ip 213.88.xxx.zzz
slave has has ip 213.88.xxx.yyy

In the log of the master server I can se:
Nov  5 08:10:48 hubba named[24393]: client 213.88.xxx.yyy #63610: query (cache) denied

Here is the configuration for the master:

key "key" {
        algorithm       hmac-md5;
        secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

controls {
    inet 127.0.0.1 allow { any; } keys { "key"; };
};


options {
        directory "/var/named";
        forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
        allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
        forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
        allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };


        // query-source address * port 53;
};

logging {
        category lame-servers { null; };
        category update { null; };
};

zone "." {
        type hint;
        file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};


zone "hubba.com" {
        notify no;
         allow-query { any; };
         allow-transfer { 213.88.xxx.yyy; localhost; };

       type master;
        file "named-hubba";
}



and for the slave:

// generated by named-bootconf.pl


// secret must be the same as in /etc/rndc.conf
key "key" {
        algorithm       hmac-md5;
        secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

controls {
    inet 127.0.0.1 allow { any; } keys { "key"; };
};


options {
        pid-file "/var/run/named/named.pid";
        forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
        allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
        allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
        allow-transfer { 213.88.xxx.zzz; localhost; };

        directory "/var/named";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        // query-source address * port 53;
};



logging {
        category lame-servers { null; };
        category update { null; };
};
zone "." {
        type hint;
        file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};

zone "hubba.com" {
        type slave;
        allow-query { any; };
        allow-transfer { 213.88.xxx.zzz; localhost; };

        file "named-hubba";
        masters { 213.88.xxx.zzz; };
};
LVL 2
wqclatreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

paullamhkgCommented:
try change the master name.conf as below

zone "hubba.com" {
        notify no;
       type master;
        file "named-hubba";
         allow-query { any; };
         allow-transfer { 213.88.xxx.yyy; };

and change the slave name.conf as below

zone "hubba.com" in {
        type slave;
        file "named-hubba";
        masters { 213.88.xxx.zzz; };
        allow-query { any; };
};

and try again
0
wqclatreAuthor Commented:
Still dont transfer the items
0
brabardCommented:
And what is in the named-huba file ?
0
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

wqclatreAuthor Commented:
For the master or the slave?
0
brabardCommented:
For the master
0
GigaPooCommented:
##Slave:

options {
        transfer-source 127.master.ip.addy;
        port 53;
        pid-file "named.pid";
        listen-on { 127.slave.ip.addy; };
        listen-on-v6 { none; };
        recursion yes;
        notify yes;
};

#sample slave zone

zone "yourdomain.com" {
        type slave;
        masters { 127.master.ip.addy; };
        file "yourdomain.com.sec";
        allow-transfer { any; };
};

## Master:

   zone "yourdomain.com" {
      type master;
      file "/path/to/yourdomain.db";
   };


Start with that. Then add on layers of security, i.e. allowing IPs and using key files. If something stops working in the process, you know exactly where.
0
wqclatreAuthor Commented:
Tried that.. it don't transfer eaven with your simple configuration
0
paullamhkgCommented:
I think you already know howto setup the DNS, here is a reference http://www.siliconvalleyccie.com/linux-hn/dns-static.htm#_Toc57734053 for you to review your setting.

BTW after you change the above have you restart the named service "/etc/init.d/named restart" this will restart the named service and execute with the amented config file.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.