Solved

ns3 and ns4 not updating

Posted on 2008-10-12
12
435 Views
Last Modified: 2009-03-17
We have had a master/slave bind dns setup running on debian for quite some time. Today, I went to add in ns3 and ns4.  I have the correct slave zone config on ns3 and ns4 - such as:

zone "example.com" { type slave; file "example.com"; masters { 209.213.xxx.xxx; }; };

The first first time I start bind on the slave, it pulls the updates correctly and all is well.  However, when I update a zone on the master - and then run: ndc reload example.com, only ns2 updates.  The ns3 and ns4 never reply to the master notify request.

Allow transfer is set correctly for the ip's of ns3 and ns4 - does anyone have any ideas why this is not working?
0
Comment
Question by:axman505
  • 5
  • 3
12 Comments
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 22700088
You wrote that you have "allow transfer" set, but what about your notify settings?

Try:

zone "example.com" { type slave; notify yes; file "example.com"; masters { 209.213.xxx.xxx; }; };


You'll need to be sure you have a configuration in place that shows you should send notify messages to the new name servers.

Depending on the level of logging you have enabled, you may see log entries indicating that a notify message was sent to the remote servers. If you enable more detailed logging to the point where you can see those entries, and you are not seeing the notifies go out, then it's a configuration problem on your main name server. If the messages are going out, but the slaves are not requesting zone transfers, then it could be an issue on the other end.

0
 
LVL 1

Author Comment

by:axman505
ID: 22700107
wouldn't notify have to go in the master zone file?  From what I read in the documentation, it's only valid for the master zones.

The weird thing is that the ns2 slave updates correctly with settings as is.  For some reason, the two additional slaves fail to update after their initial zone refresh.
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 22701922
The notify statement for bind can go into the global configuration, for example if you want to set "notify no" at a global level, and then only turn it on for the zones you wish to use notify with.

But yes, it would go into the master zone, not the slave side. I should have taken out the masters piece of the example. On your master side though, you should have control of who is being notified, and in normal situations, you only would send notifies to the name servers identified in your zone file.

Have you tried enabling the extra debug logging?
0
 
LVL 1

Author Comment

by:axman505
ID: 22708445
I have - and so far it confirms my findings.  It does not appear to talk to ns3 or ns4.  When I do a zone update from the master, the debug logs on ns3/ns4 do not show any method of contact whatsoever.  The debug logs on the master don't show any contact to those slaves either - only to ns2
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 13

Expert Comment

by:dhoffman_98
ID: 22711323
Try configuring an "also-notify" line like the following, but with your IPs for ns3 and ns4.

also-notify {10.0.0.3; 10.0.0.4;};

0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 23802308
Claiming that the problem was solved on your own after someone provided input multiple times over three days is not a valid reason for closing the case without awarding points. For that matter, the measly 20 points offered are an insult.
0
 
LVL 13

Expert Comment

by:dhoffman_98
ID: 23813465
modus,

I don't know if the three pieces of input that I provided led to the full solution or not. And without getting valid feedback from the asker, it's not possible to know if any of them contributed to an answer.

My last suggestion in ID 22711323 was made seven months ago, and the asker had never replied back to advise if the issue was resolved.

My suggestion... close the answer with no points refunded.
0
 
LVL 1

Accepted Solution

by:
axman505 earned 0 total points
ID: 23813640
The issue was related to the parent domain that the ns servers were in.  The ns3 and ns4 servers were not listed as valid ns servers in that domain - which was causing the problem.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now