wqclatre
asked on
Help with DNS configuration (master and slave server)
Hello.
I like to set up 2 dns servers and got some problems.
It seems like the slave server dont get the data transfered from my master.
Master has ip 213.88.xxx.zzz
slave has has ip 213.88.xxx.yyy
In the log of the master server I can se:
Nov 5 08:10:48 hubba named[24393]: client 213.88.xxx.yyy #63610: query (cache) denied
Here is the configuration for the master:
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgY SBtYW4gYnV 0IG1hZGUgZ m9yIGEgd29 tYW4K";
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
directory "/var/named";
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
// query-source address * port 53;
};
logging {
category lame-servers { null; };
category update { null; };
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "hubba.com" {
notify no;
allow-query { any; };
allow-transfer { 213.88.xxx.yyy; localhost; };
type master;
file "named-hubba";
}
and for the slave:
// generated by named-bootconf.pl
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgY SBtYW4gYnV 0IG1hZGUgZ m9yIGEgd29 tYW4K";
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
pid-file "/var/run/named/named.pid" ;
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
allow-transfer { 213.88.xxx.zzz; localhost; };
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
logging {
category lame-servers { null; };
category update { null; };
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "hubba.com" {
type slave;
allow-query { any; };
allow-transfer { 213.88.xxx.zzz; localhost; };
file "named-hubba";
masters { 213.88.xxx.zzz; };
};
I like to set up 2 dns servers and got some problems.
It seems like the slave server dont get the data transfered from my master.
Master has ip 213.88.xxx.zzz
slave has has ip 213.88.xxx.yyy
In the log of the master server I can se:
Nov 5 08:10:48 hubba named[24393]: client 213.88.xxx.yyy #63610: query (cache) denied
Here is the configuration for the master:
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgY
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
directory "/var/named";
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
// query-source address * port 53;
};
logging {
category lame-servers { null; };
category update { null; };
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "hubba.com" {
notify no;
allow-query { any; };
allow-transfer { 213.88.xxx.yyy; localhost; };
type master;
file "named-hubba";
}
and for the slave:
// generated by named-bootconf.pl
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgY
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
pid-file "/var/run/named/named.pid"
forwarders { xxx.yy.z.bb; xxx.yyy.z.cc; };
allow-query { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
allow-recursion { 213.88.xxx.aaa/29; 192.168.1.0/24; localhost; };
allow-transfer { 213.88.xxx.zzz; localhost; };
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
logging {
category lame-servers { null; };
category update { null; };
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "hubba.com" {
type slave;
allow-query { any; };
allow-transfer { 213.88.xxx.zzz; localhost; };
file "named-hubba";
masters { 213.88.xxx.zzz; };
};
ASKER
Still dont transfer the items
And what is in the named-huba file ?
ASKER
For the master or the slave?
For the master
##Slave:
options {
transfer-source 127.master.ip.addy;
port 53;
pid-file "named.pid";
listen-on { 127.slave.ip.addy; };
listen-on-v6 { none; };
recursion yes;
notify yes;
};
#sample slave zone
zone "yourdomain.com" {
type slave;
masters { 127.master.ip.addy; };
file "yourdomain.com.sec";
allow-transfer { any; };
};
## Master:
zone "yourdomain.com" {
type master;
file "/path/to/yourdomain.db";
};
Start with that. Then add on layers of security, i.e. allowing IPs and using key files. If something stops working in the process, you know exactly where.
options {
transfer-source 127.master.ip.addy;
port 53;
pid-file "named.pid";
listen-on { 127.slave.ip.addy; };
listen-on-v6 { none; };
recursion yes;
notify yes;
};
#sample slave zone
zone "yourdomain.com" {
type slave;
masters { 127.master.ip.addy; };
file "yourdomain.com.sec";
allow-transfer { any; };
};
## Master:
zone "yourdomain.com" {
type master;
file "/path/to/yourdomain.db";
};
Start with that. Then add on layers of security, i.e. allowing IPs and using key files. If something stops working in the process, you know exactly where.
ASKER
Tried that.. it don't transfer eaven with your simple configuration
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
zone "hubba.com" {
notify no;
type master;
file "named-hubba";
allow-query { any; };
allow-transfer { 213.88.xxx.yyy; };
and change the slave name.conf as below
zone "hubba.com" in {
type slave;
file "named-hubba";
masters { 213.88.xxx.zzz; };
allow-query { any; };
};
and try again