asked on

Help with DNS configuration (master and slave server)

Hello.

I like to set up 2 dns servers and got some problems.
It seems like the slave server dont get the data transfered from my master.

Master has ip 213.88.xxx.zzz
slave has has ip 213.88.xxx.yyy

In the log of the master server I can se:
Nov 5 08:10:48 hubba named[24393]: client 213.88.xxx.yyy #63610: query (cache) denied

Here is the configuration for the master:

key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};

options {
directory "/var/named";
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };

// query-source address * port 53;
};

logging {
category lame-servers { null; };
category update { null; };
};

zone "." {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};

zone "hubba.com" {
notify no;
allow-query { any; };
allow-transfer { 213.88.xxx.yyy; localhost; };

type master;
file "named-hubba";
}

and for the slave:

// generated by named-bootconf.pl

// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};

options {
pid-file "/var/run/named/named.pid";
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
allow-transfer { 213.88.xxx.zzz; localhost; };

directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

logging {
category lame-servers { null; };
category update { null; };
};
zone "." {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};

zone "hubba.com" {
type slave;
allow-query { any; };
allow-transfer { 213.88.xxx.zzz; localhost; };

file "named-hubba";
masters { 213.88.xxx.zzz; };
};

paullamhkg

try change the master name.conf as below

zone "hubba.com" {
notify no;
type master;
file "named-hubba";
allow-query { any; };
allow-transfer { 213.88.xxx.yyy; };

and change the slave name.conf as below

zone "hubba.com" in {
type slave;
file "named-hubba";
masters { 213.88.xxx.zzz; };
allow-query { any; };
};

and try again

wqclatre

ASKER

Still dont transfer the items

brabard

And what is in the named-huba file ?

wqclatre

ASKER

For the master or the slave?

brabard

For the master

GigaPoo

##Slave:

options {
transfer-source 127.master.ip.addy;
port 53;
pid-file "named.pid";
listen-on { 127.slave.ip.addy; };
listen-on-v6 { none; };
recursion yes;
notify yes;
};

#sample slave zone

zone "yourdomain.com" {
type slave;
masters { 127.master.ip.addy; };
file "yourdomain.com.sec";
allow-transfer { any; };
};

## Master:

zone "yourdomain.com" {
type master;
file "/path/to/yourdomain.db";
};

Start with that. Then add on layers of security, i.e. allowing IPs and using key files. If something stops working in the process, you know exactly where.

wqclatre

ASKER

Tried that.. it don't transfer eaven with your simple configuration

ASKER CERTIFIED SOLUTION

paullamhkg

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial