Solved

Netware Primary DNS, Linux Secondary

Posted on 2006-11-15
8
995 Views
Last Modified: 2008-01-09
Hello,

I have a NW6.5 server running our internal dns currently. Since we only have one netware server, I don't want that to service our external domain because there would be no fault tolerance. I would like to use one of our linux servers (ubuntu dapper) as a secondary dns server which pulls zones from the netware server. I think I have bind configured correctly on my linux server, the configuration is:

 "/etc/bind/db.<mydomain>.com"
        masters { <master IP>; };
        forwarders { };
        allow-query { internals; };
        allow-transfer { internals; };

What do I change in netware to allow zone transfers to this server?

Thanks in advance,

-jkorz
0
Comment
Question by:jkorz
8 Comments
 
LVL 30

Expert Comment

by:pgm554
ID: 17949516
Any particular reason you are running only one NW server?

With 6.5 you can have as many servers as you want in the tree.

Having a second 6.5 server gives you redundancy for your Edir as well  DNS and DHCP.(you can cluster it too)
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 17951925
I second the second (and third...) 6.5 server.  You should have at least 2 (3 is recommended) just for eDirectory redundancy/fault tolerance.

DNS is stored in eDirectory so you don't have to set up zone transfers between two NetWare DNS servers - just designate one as primary and the other as secondary.  Non-authoritative cache is not stored in eDirectory, just the DNS zone records.  Any NetWare server in your tree configured as a DNS server can be made primary without skipping a beat.  >That's< fault-tolerance!

If you're unsure on how NetWare 6.x licensing works let us know and we'll help you through the details.

It's as free as Ubuntu yet is as manageable as NetWare ;)

Regarding the Question itself, in the DNS/DHCP Java console (or in iManager with the DNS/DHCP plugins) you go into the zone properties and add the IP and netmask of the secondary server for the zone in the Zone Out Filter.  Then go to the SOA information tab and make note of the zone master, interval values and serial number.  You may need to set some values to match in the bind info on your ubuntu name daemon config.
0
 
LVL 8

Author Comment

by:jkorz
ID: 17956024
PGM:

I only need one NW server. It runs file services, groupwise and iprint. My firewall / spam filter / proxy cache all run on linux (because spam and content filters that run on netware are EXPENSIVE and on linux they are free and IMHO better). My Win2k3 server has edirectory installed for replication (although it doesn't have any other Novell software to take advantage of it).

Since I don't have any use for another NW server, it doesn't make sense for me to build one just to handle dns. Now, don't get me wrong, I LOVE the edir integrated dns concept (I wish they could have brought that over to SLES, it may have been the deciding factor for me when picking my distro), but the only thing that SLES could do (that I was interested in at least) that ubuntu couldn't is edirectory support.

ShineOn:

I am familiar with how the edir integrated dns & dhcp works as well as the licensing model (we have an SLA so pretty much anything goes). At one time I did have my firewall / proxy as an NW/BM box. It was unreliable at best and the content filtering plugin was outrageously expensive. When I had this setup, my dns & dhcp worked flawlessly. Fortunately I learned linux over the last couple months and migrated all that stuff over to ubuntu (which now works like a dream). I kind of want to cheat the system though by managing my dns through the java console, but have it propagate to my ubuntu server to be used as my secondary (which IMHO should be out of the box functionality for SLES).

I am at a different location today, but I will be back monday to try it out. I will let you know how it goes then.

Thanks for both of your responses.

-jkorz
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 35

Accepted Solution

by:
ShineOn earned 250 total points
ID: 17961199
SLES has BIND on it too, and would work just fine as a secondary to NW NAMED.    It should, anyway.  I'll test it on my test SLES10...

Yes, it works on SLES10 with an asterisk, and that may be because I'm running an older NAMED.NLM than you (v 5.12.07) seeing that I'm on NetWare 6.0SP5.

The reverse-lookup zone transferred cleanly, but I'm getting "bad name" and "bad owner name" errors.  Otherwise, the zone-in worked quite nicely.  It even self-discovered the serial number on the zone master.  It used to be that you had to sync the serial number on the slave/secondary to the zone master in order for it to get its first zone-in, IIRC.

The secret is setting those entries on the zones for the zone-out filter on the NetWare side.  NetWare DNS doesn't let just anyone ask for a zone-in; you have to tell it what IP/netmask is OK.  Kind of like the auth settings on Linux NAMED, only you specify both the IP and netmask instead of just saying "local network" or whatever...


0
 
LVL 35

Expert Comment

by:ShineOn
ID: 17961234
On the other thing, if you have a spare desktop-class PC with 512MB RAM and a fast P3 or a P4 or the equivalent AMD, you could easily set up a second NetWare server on it.  If you then got a cheap NAS device to store your user data on and used iSCSI to connect the 2 servers to it, you could failover-cluster them for high-availability of most, if not all of the services you're running on your lone NetWare server...

Just sayin'...

And, if you've got upgrade protection with your license agreement, you should be able to upgrade to OES and do OES/Linux on your secondary failover cheapie-box, 'cause OES/NetWare and OES/Linux can be set up as a failover cluster with each other.

Just sayin'...

;)
0
 

Assisted Solution

by:N3tb0ss
N3tb0ss earned 250 total points
ID: 18009297
Single Netware Server aside, if you have bind configured correctly you should not have to change anything in Netware, iirc.
However, a couple things you can check.  In the DNS/DHCP Manager, highlight the zone you want to Xfer and select the
Control List tab.  Verify settings in that tab.  Also select the Advanced Tab and verify your also-notify and allow-update
settings there.  One other thing to check is that the zone file you have is set role Designated Primary.  One other place
you can check for Xfer options is to select the DNS server at the bottom of the DNS/DHCP utility and again check the
tabs across the top for the required settings you need, ie. allow-notify, and notify.
Lastly, check the serial number of the zone file and be sure the secondary server does not have a higher serial than
the netware DNS server.

Best of Luck
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
We have come a long way with backup and data protection — from backing up to floppies, external drives, CDs, Blu-ray, flash drives, SSD drives, and now to the cloud.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now