Secondary BIND can't get update from primary

rawandnet
rawandnet used Ask the Experts™
on
I have a primary BIND server that runs without problem, I am trying to setup secondary BIND server. but the secondary server doesn’t receive any data from the primary server.

Primary server named.conf configuration:

options {
 directory "/var/named";
};
zone "." {
    type hint;
    file "named.root";
   };

zone "testme.org" in {
   type master;
   file "db.testme.org";
   allow-update { none; };
   //ip address of my secondary BINS server
   allow-transfer { 10.1.3.3; };  
   };

zone "3.1.10.in-addr.arpa" in{
  type slave;
  file "db.10.1.3";
  };

zone "localhost" in {
    type master;
    file "master.localhost";
    };


Secondary configuration:

options {
   directory "/var/named";
};
zone "." {
   type hint;
   file "named.root";
   };

zone "testme.org" in {
   type slave;
   file "bak.testme.org";
  //primary server IP address
   masters { 10.1.3.30; };
   };

zone "3.1.10.in-addr.arpa" in{
  type slave;
  file "db.10.1.3.sec";
  };

zone "localhost" in {
    type master;
    file "master.localhost";
    };

I have disabled firewall and SeLinux. I typed (server named restart) but still the secondary zone files are still empty.  Any idea why I am not receiving update from primary server?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2009
Commented:
ok check the permission for secondary zone file

you need the permission

chown named:named secondaryzone.zone


Most Valuable Expert 2015
Commented:
run "tcpdump host 10.1.3.30" on the slave, restart named and see if there is a two way conversation.

do the same on the master except "tcpdump host 10.1.3.3" after restarting the slave.

Author

Commented:
I have changed permission to named:named on all files. and even given 774, but still after restarting named service on primary server no update send to secondary.

tcpdump host 10.1.3.30 on secondary, and restarted named on primary server.  see A
tcpdump host 10.1.3.3 on primary, restart named on secondary See B

<A>

19:29:36.474909 IP 10.1.3.176.59731 > testauis.org.domain:  20298 [1au] SOA? testauis.org. (41)
19:29:36.475219 IP testauis.org.domain > 10.1.3.176.59731:  20298* 1/2/3 SOA[|domain]
19:29:36.498586 IP 10.1.3.176.55507 > testauis.org.domain: S 2610650591:2610650591(0) win 5840 <mss 1460,sackOK,timestamp 2944408 0,nop,wscale 5>
19:29:36.498605 IP testauis.org.domain > 10.1.3.176.55507: S 811851555:811851555(0) ack 2610650592 win 5792 <mss 1460,sackOK,timestamp 31263684 2944408,nop,wscale 7>
19:29:36.499345 IP 10.1.3.176.55507 > testauis.org.domain: . ack 1 win 183 <nop,nop,timestamp 2944409 31263684>
19:29:36.512688 IP 10.1.3.176.55507 > testauis.org.domain: P 1:3(2) ack 1 win 183 <nop,nop,timestamp 2944422 31263684>
19:29:36.512698 IP testauis.org.domain > 10.1.3.176.55507: . ack 3 win 46 <nop,nop,timestamp 31263688 2944422>
19:29:36.513279 IP 10.1.3.176.55507 > testauis.org.domain: P 3:33(30) ack 1 win 183 <nop,nop,timestamp 2944423 31263688> 0 [b2&3=0x1] [0q] [2164au] (28)
19:29:36.513285 IP testauis.org.domain > 10.1.3.176.55507: . ack 33 win 46 <nop,nop,timestamp 31263688 2944423>
19:29:36.513605 IP testauis.org.domain > 10.1.3.176.55507: P 1:378(377) ack 33 win 46 <nop,nop,timestamp 31263688 2944423> 47280* 15/0/0[|domain]
19:29:36.514723 IP 10.1.3.176.55507 > testauis.org.domain: . ack 378 win 216 <nop,nop,timestamp 2944424 31263688>
19:29:36.518878 IP 10.1.3.176.55507 > testauis.org.domain: F 33:33(0) ack 378 win 216 <nop,nop,timestamp 2944429 31263688>
19:29:36.519004 IP testauis.org.domain > 10.1.3.176.55507: F 378:378(0) ack 34 win 46 <nop,nop,timestamp 31263689 2944429>
19:29:36.519852 IP 10.1.3.176.55507 > testauis.org.domain: . ack 379 win 216 <nop,nop,timestamp 2944430 31263689>

<B>
19:29:36.474909 IP 10.1.3.176.59731 > testauis.org.domain:  20298 [1au] SOA? testauis.org. (41)
19:29:36.475219 IP testauis.org.domain > 10.1.3.176.59731:  20298* 1/2/3 SOA[|domain]
19:29:36.498586 IP 10.1.3.176.55507 > testauis.org.domain: S 2610650591:2610650591(0) win 5840 <mss 1460,sackOK,timestamp 2944408 0,nop,wscale 5>
19:29:36.498605 IP testauis.org.domain > 10.1.3.176.55507: S 811851555:811851555(0) ack 2610650592 win 5792 <mss 1460,sackOK,timestamp 31263684 2944408,nop,wscale 7>
19:29:36.499345 IP 10.1.3.176.55507 > testauis.org.domain: . ack 1 win 183 <nop,nop,timestamp 2944409 31263684>
19:29:36.512688 IP 10.1.3.176.55507 > testauis.org.domain: P 1:3(2) ack 1 win 183 <nop,nop,timestamp 2944422 31263684>
19:29:36.512698 IP testauis.org.domain > 10.1.3.176.55507: . ack 3 win 46 <nop,nop,timestamp 31263688 2944422>
19:29:36.513279 IP 10.1.3.176.55507 > testauis.org.domain: P 3:33(30) ack 1 win 183 <nop,nop,timestamp 2944423 31263688> 0 [b2&3=0x1] [0q] [2164au] (28)
19:29:36.513285 IP testauis.org.domain > 10.1.3.176.55507: . ack 33 win 46 <nop,nop,timestamp 31263688 2944423>
19:29:36.513605 IP testauis.org.domain > 10.1.3.176.55507: P 1:378(377) ack 33 win 46 <nop,nop,timestamp 31263688 2944423> 47280* 15/0/0[|domain]
19:29:36.514723 IP 10.1.3.176.55507 > testauis.org.domain: . ack 378 win 216 <nop,nop,timestamp 2944424 31263688>
19:29:36.518878 IP 10.1.3.176.55507 > testauis.org.domain: F 33:33(0) ack 378 win 216 <nop,nop,timestamp 2944429 31263688>
19:29:36.519004 IP testauis.org.domain > 10.1.3.176.55507: F 378:378(0) ack 34 win 46 <nop,nop,timestamp 31263689 2944429>
19:29:36.519852 IP 10.1.3.176.55507 > testauis.org.domain: . ack 379 win 216 <nop,nop,timestamp 2944430 31263689>

Open in new window

Most Valuable Expert 2015
Commented:
what is this IP:  10.1.3.176

Author

Commented:
the code wan't correct have a look at this one

tcpdump host 10.1.3.30 on secondary, and restarted named on primary server.  see A
tcpdump host 10.1.3.3 on primary, restart named on secondary See B
<A>
19:35:50.982975 IP testauis.org.45773 > 10.1.3.3.domain:  29239 notify [b2&3=0x2400] [1a] SOA? testauis.org. (76)
19:35:50.983582 IP 10.1.3.3.domain > testauis.org.45773:  29239 notify* 0/0/0 (30)
19:35:50.983952 IP 10.1.3.3.62623 > testauis.org.domain:  49560 [1au] SOA? testauis.org. (41)
19:35:50.984705 IP testauis.org.domain > 10.1.3.3.62623:  49560* 1/2/3 SOA[|domain]
19:35:50.985139 IP 10.1.3.3.58097 > testauis.org.domain: S 2964865674:2964865674(0) win 5840 <mss 1460,sackOK,timestamp 3279520 0,nop,wscale 5>
19:35:50.985588 IP testauis.org.domain > 10.1.3.3.58097: S 1169774011:1169774011(0) ack 2964865675 win 5792 <mss 1460,sackOK,timestamp 31347461 3279520,nop,wscale 7>
19:35:50.985600 IP 10.1.3.3.58097 > testauis.org.domain: . ack 1 win 183 <nop,nop,timestamp 3279521 31347461>
19:35:50.985904 IP 10.1.3.3.58097 > testauis.org.domain: P 1:3(2) ack 1 win 183 <nop,nop,timestamp 3279521 31347461>
19:35:50.986331 IP testauis.org.domain > 10.1.3.3.58097: . ack 3 win 46 <nop,nop,timestamp 31347461 3279521>
19:35:50.986340 IP 10.1.3.3.58097 > testauis.org.domain: P 3:33(30) ack 1 win 183 <nop,nop,timestamp 3279521 31347461> 0 [b2&3=0x1] [0q] [2164au] (28)
19:35:50.986637 IP testauis.org.domain > 10.1.3.3.58097: . ack 33 win 46 <nop,nop,timestamp 31347462 3279521>
19:35:50.986980 IP testauis.org.domain > 10.1.3.3.58097: P 1:378(377) ack 33 win 46 <nop,nop,timestamp 31347462 3279521> 61547* 15/0/0[|domain]
19:35:50.986988 IP 10.1.3.3.58097 > testauis.org.domain: . ack 378 win 216 <nop,nop,timestamp 3279522 31347462>
19:35:50.987690 IP 10.1.3.3.58097 > testauis.org.domain: F 33:33(0) ack 378 win 216 <nop,nop,timestamp 3279523 31347462>
19:35:50.988077 IP testauis.org.domain > 10.1.3.3.58097: F 378:378(0) ack 34 win 46 <nop,nop,timestamp 31347462 3279523>
19:35:50.988088 IP 10.1.3.3.58097 > testauis.org.domain: . ack 379 win 216 <nop,nop,timestamp 3279523 31347462>



<B>
19:36:40.109550 IP 10.1.3.3.54731 > testauis.org.domain:  16660 [1au] SOA? testauis.org. (41)
19:36:40.109748 IP testauis.org.domain > 10.1.3.3.54731:  16660* 1/2/3 SOA[|domain]
19:36:40.152765 IP 10.1.3.3.54652 > testauis.org.domain: S 3076678925:3076678925(0) win 5840 <mss 1460,sackOK,timestamp 3368042 0,nop,wscale 5>
19:36:40.152783 IP testauis.org.domain > 10.1.3.3.54652: S 1265981543:1265981543(0) ack 3076678926 win 5792 <mss 1460,sackOK,timestamp 31369591 3368042,nop,wscale 7>
19:36:40.153037 IP 10.1.3.3.54652 > testauis.org.domain: . ack 1 win 183 <nop,nop,timestamp 3368042 31369591>
19:36:40.153387 IP 10.1.3.3.54652 > testauis.org.domain: P 1:3(2) ack 1 win 183 <nop,nop,timestamp 3368043 31369591>
19:36:40.153396 IP testauis.org.domain > 10.1.3.3.54652: . ack 3 win 46 <nop,nop,timestamp 31369591 3368043>
19:36:40.153629 IP 10.1.3.3.54652 > testauis.org.domain: P 3:33(30) ack 1 win 183 <nop,nop,timestamp 3368043 31369591> 0 [b2&3=0x1] [0q] [2164au] (28)
19:36:40.153633 IP testauis.org.domain > 10.1.3.3.54652: . ack 33 win 46 <nop,nop,timestamp 31369591 3368043>
19:36:40.153903 IP testauis.org.domain > 10.1.3.3.54652: P 1:378(377) ack 33 win 46 <nop,nop,timestamp 31369591 3368043> 39535* 15/0/0[|domain]
19:36:40.154703 IP 10.1.3.3.54652 > testauis.org.domain: . ack 378 win 216 <nop,nop,timestamp 3368044 31369591>
19:36:40.154708 IP 10.1.3.3.54652 > testauis.org.domain: F 33:33(0) ack 378 win 216 <nop,nop,timestamp 3368044 31369591>
19:36:40.154781 IP testauis.org.domain > 10.1.3.3.54652: F 378:378(0) ack 34 win 46 <nop,nop,timestamp 31369591 3368044>
19:36:40.155040 IP 10.1.3.3.54652 > testauis.org.domain: . ack 379 win 216 <nop,nop,timestamp 3368044 31369591>

Open in new window

Author

Commented:
ignore that IP this is correct one
Most Valuable Expert 2015
Commented:
grep named /var/log/messages

The error will be in there, and:

ls -lR /var/named/chroot/var/

Author

Commented:
that is correct, from slave i check message after restarting BIND on master, the message was premisison denied.


Jul  6 19:47:31 BINDt-test named[3966]: client 10.1.3.30#39923: received notify for zone 'testauis.org'
Jul  6 19:47:31 BINDt-test named[3966]: zone testauis.org/IN: Transfer started.
Jul  6 19:47:31 BINDt-test named[3966]: transfer of 'testauis.org/IN' from 10.1.3.30#53: connected using 10.1.3.3#42693
Jul  6 19:47:31 BINDt-test named[3966]: dumping master file: tmp-VeBb6UdR0S: open: permission denied
Jul  6 19:47:31 BINDt-test named[3966]: transfer of 'testauis.org/IN' from 10.1.3.30#53: failed while receiving responses : permission denied
Jul  6 19:47:31 BINDt-test named[3966]: transfer of 'testauis.org/IN' from 10.1.3.30#53: end of transfer

Open in new window

Author

Commented:
I will be leaving now, at the same time if you have solution please replay.

thanks for your continual help jesper
Most Valuable Expert 2015

Commented:
ls -ld /var/named/chroot/var/named

ls -Z /var/named/chroot/var/named

Author

Commented:
I have given 770 and named:named permission to  /var/named/chroot/var/named folder, it works now.  is this permission OK or I should give less than that?  
Top Expert 2009

Commented:
Directory permission should be 750 and file permission on zone file should be 640

but you should not touch the directory permission anyway, just the file permission and ownership

Author

Commented:
thanks for your help, the problem i had was file permisison and selinux, SOLVED.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial