[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ns3 and ns4 not updating

Posted on 2008-10-12
12
Medium Priority
?
470 Views
Last Modified: 2009-03-17
We have had a master/slave bind dns setup running on debian for quite some time. Today, I went to add in ns3 and ns4.  I have the correct slave zone config on ns3 and ns4 - such as:

zone "example.com" { type slave; file "example.com"; masters { 209.213.xxx.xxx; }; };

The first first time I start bind on the slave, it pulls the updates correctly and all is well.  However, when I update a zone on the master - and then run: ndc reload example.com, only ns2 updates.  The ns3 and ns4 never reply to the master notify request.

Allow transfer is set correctly for the ip's of ns3 and ns4 - does anyone have any ideas why this is not working?
0
Comment
Question by:axman505
  • 5
  • 3
8 Comments
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 22700088
You wrote that you have "allow transfer" set, but what about your notify settings?

Try:

zone "example.com" { type slave; notify yes; file "example.com"; masters { 209.213.xxx.xxx; }; };


You'll need to be sure you have a configuration in place that shows you should send notify messages to the new name servers.

Depending on the level of logging you have enabled, you may see log entries indicating that a notify message was sent to the remote servers. If you enable more detailed logging to the point where you can see those entries, and you are not seeing the notifies go out, then it's a configuration problem on your main name server. If the messages are going out, but the slaves are not requesting zone transfers, then it could be an issue on the other end.

0
 
LVL 1

Author Comment

by:axman505
ID: 22700107
wouldn't notify have to go in the master zone file?  From what I read in the documentation, it's only valid for the master zones.

The weird thing is that the ns2 slave updates correctly with settings as is.  For some reason, the two additional slaves fail to update after their initial zone refresh.
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 22701922
The notify statement for bind can go into the global configuration, for example if you want to set "notify no" at a global level, and then only turn it on for the zones you wish to use notify with.

But yes, it would go into the master zone, not the slave side. I should have taken out the masters piece of the example. On your master side though, you should have control of who is being notified, and in normal situations, you only would send notifies to the name servers identified in your zone file.

Have you tried enabling the extra debug logging?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 1

Author Comment

by:axman505
ID: 22708445
I have - and so far it confirms my findings.  It does not appear to talk to ns3 or ns4.  When I do a zone update from the master, the debug logs on ns3/ns4 do not show any method of contact whatsoever.  The debug logs on the master don't show any contact to those slaves either - only to ns2
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 22711323
Try configuring an "also-notify" line like the following, but with your IPs for ns3 and ns4.

also-notify {10.0.0.3; 10.0.0.4;};

0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 23802308
Claiming that the problem was solved on your own after someone provided input multiple times over three days is not a valid reason for closing the case without awarding points. For that matter, the measly 20 points offered are an insult.
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 23813465
modus,

I don't know if the three pieces of input that I provided led to the full solution or not. And without getting valid feedback from the asker, it's not possible to know if any of them contributed to an answer.

My last suggestion in ID 22711323 was made seven months ago, and the asker had never replied back to advise if the issue was resolved.

My suggestion... close the answer with no points refunded.
0
 
LVL 1

Accepted Solution

by:
axman505 earned 0 total points
ID: 23813640
The issue was related to the parent domain that the ns servers were in.  The ns3 and ns4 servers were not listed as valid ns servers in that domain - which was causing the problem.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Integration Management Part 2
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question