Solved

Bind9 slave refresh question

Posted on 2010-09-23
6
1,361 Views
Last Modified: 2012-05-10
I have 1 master (dns01) dns server and 2 (dns2,dns3) slaves running on centos 5.4 and bind-9.3.6-4.P1.el5_4.2.  The master is set to notify the slaves of changes for all zones under options on dns01.  On the master I update a record/change serial and run rndc reload and the change is applied to dns02 but not dns03.  

If I update a record and DO NOT run rndc reload the slave servers never update even though the serial number is different than what they have. I have the refresh set for 2 hrs.  rndc reload on the slaves doesn't update the record either. Neither does rndc refresh  "zone-name"

My questions are:

1. Wil lthe slaves eventually expire the zone because they are not refreshing from the master?  I have expire set for 2 weeks
2. Is there a way to force the slaves to refresh from the master?
3. Where can i look to see the last time the slave tried to contact the master?  This should happen every two hours. I actually changed it to 15 minutes for testing but didn't see any change.
4. What could be causing dns02 to update but not dns03.  The have the exact named.conf.  They also have the exact config in the master in named.conf.

A few notes:
Servers are in the same vlan on the same switch
I've tried this with iptables on and off on all servers
when I run rndc reload on the slaves I can see the packet hit the master via tcpdump
when I run rndc reload on the master it only updates slave dns02 not dns03. On dns03 I don't see anything come from dns01 on tcpdump.  I see all kinds of dns traffic on dns02.

Configs
dns01 (master)

include "/etc/rndc.key";

logging{
  channel default_syslog {
    syslog daemon;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default {
    default_syslog;
};
};

acl internal-hosts {
        127.0.0.1;
        10.17.65.10/32;                  //dns01
        10.17.65.11/32;                  //dns02
        10.17.65.12/32;                  //dns03
};

options {
        version "";
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        notify yes ;
        allow-transfer {
                        127.0.0.1;
                        10.17.65.10;    //dns01
                        10.17.65.11;    //dns02
                        10.17.65.12;    //dns03
                        };
        allow-notify {
                        10.17.65.10;    //dns01
                        10.17.65.11;    //dns02
                        10.17.65.12;    //dns03
                        };
        allow-recursion {
                        internal-hosts;
                        };
        allow-query {
                        internal-hosts;
                        };
};

zone "test.net" {
        type master;
        file "/var/named/test.net";
        allow-transfer { 10.17.65.10;      //dns01
                         10.17.65.11;      //dns02
                         10.17.65.12;      //dns03
                        };
        allow-query { any; };
        };

zone "test.com" {
        type master;
        file "/var/named/test.com";
        allow-transfer { 10.17.65.10;      //dns01
                         10.17.65.11;      //dns02
                         10.17.65.12;      //dns03
                         };
        allow-query { any; };
        };
(I deleted all of the reverse zones here for brevity)

};

dns2/dns3 (slaves)
include "/etc/rndc.key";

logging{
  channel default_syslog {
    syslog daemon;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default {
    default_syslog;
};
};

acl internal-hosts {
        10.17.65.10/32;                  //dns01            //dendns01 (master)
        10.17.65.11/32;                  //dns02
        10.17.65.12/32;                  //dns03
};

options {
        version "";
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        allow-notify {
                        10.17.65.10;    //dendns01 (master)
                        };
        allow-recursion {
                        internal-hosts;
                        };
        allow-query {
                        internal-hosts;
                        };
        allow-transfer {
                        10.17.65.10;    //dendns01 (master)
                        };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/var/named/data/db.root";
};

// Setup authoritative zones
zone "test.net" {
        type slave;
        masters { 10.17.65.10; };            //dendns01 (master)
        file "/var/named/data/test.net";
        allow-query { any; };
        };

zone "test.com" {
        type slave;
        masters { 10.17.65.10; };            //dendns01 (master)
        file "/var/named/data/test.com";
        allow-query { any; };
        };
            
(I deleted all of the reverse zones here for brevity)
};

any help will be greatly appreciated
0
Comment
Question by:bevege
6 Comments
 
LVL 40

Expert Comment

by:noci
ID: 33752270
CAn you also show the SOA RR's all servers give?
0
 
LVL 77

Expert Comment

by:arnold
ID: 33753228
Not sure why you are defining per zone allow-transfer when you have the exact same rule of the allow-transfer defined globally.

The issue for notify depends on the NS records that are defined in the ZONEs.
Alternatively, you should use also-notify versus allow-notify in the options on dns1
also-notify {
                        10.17.65.11;    //dns02
                        10.17.65.12;    //dns03
                 };
http://www.zytrax.com/books/dns/ch7/xfer.html

Also-notify generates a notify event whether or not dns02,dns03 are referenced as NS records within the zone.
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 33755535
I think the above will do it. Allow-notify tells it to accept inbound notifications from the defined addresses. Also-notify tells it WHO to notify. And I agree, you don't need it in the global options and the zone-specific options.

But, you don't need it at all if the slaves are listed in NS records.

You haven't provided any zone data so we can't see whether dns03 is listed in a NS record but I suspect it's missing.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:bevege
ID: 33772813
Thank you all for replying.  I think I was just looking at this the wrong way.  If you do not run RNDC reload the new updates in the zone file are not read into memory.  When the slaves do a refresh they think it is the same info which it is, even though the files on disk are updated.  

When you actually run rndc reload the notifies are sent to the slaves and all servers are up to date.  If the slave does a refresh then it sees that nothing has changed.

I was thinking that the refresh on the slaves would pull down updates from the master even if rndc reload had not been run, which doesn't make sense.  Refresh looks at the serial of whatever the master has in memory not the actual file on disk.  It turns out that you really only need to do notifies.  The refresh really doesn't do anything if your notifies are working.  Refresh only comes into play if your masters are totally down or the slaves cannot reach the master for some reason.

I will look at my config a little closer and make sure that my notifies are setup correctly and award some points there.

Thanks

0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 33773275
The serial has to be updated on any change or the slaves will not retrieve and load the zone since based on the serial number of the zone on the master server no changes have been made.


Even if a notify is received, as long as the serial did not increment, the slave will not update the zone.
0
 
LVL 40

Expert Comment

by:noci
ID: 33774441
And the zones do need to be reloaded at the master using rndc (preferred) or restart of server.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
server DNS address could not be found 22 134
gdb doesn't stop on breakpoint 2 51
Hacked File Timestamps 4 51
How to install Ubuntu 16 in DELL venue 8 pro 20 56
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now