Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

bind9 Getting error between master servers as follows: "...named general: info: zone ... refresh: non-authoritative..."

Hello Experts!

I have 2 DNS servers and each is both a master and slave to the other.

For some reason this error only shows up on one of the servers and I cant' figure out why.

It actually shows up in the logs of the one I call mydomain2 or master2 in the attached files.

To make the configuration files easier to read I combined all the include files into one big file for each server and you will see them attached.

You can see when a portion of the configuration was in an included file because you will see the include statement commented out above the configuration block that was formally in an include file.

Your help much appreciated!

Here's the full error and happens for every domain on server master1/mydomain1 (used interchangeably):
mydomain2 named[18986]: general: info: zone one-of-the-zones.com/IN/public: refresh: non-authoritative answer from master nnn.nnn.nn.nnn#53 (source 0.0.0.0#0
master2-named.conf.txt
master1-named.conf.txt
0
RegProctor
Asked:
RegProctor
  • 3
  • 3
1 Solution
 
Jan SpringerCommented:
It would be helpful if you could provide the domain name.
0
 
RegProctorAuthor Commented:
There are dozens of domain names as I said however if you want one to look at: seowebsales.com.
0
 
Jan SpringerCommented:
I am seeing a zone in the private view and none in the public view.

I also see two IP specified for each server.  Are these errors on the internal or external server?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
RegProctorAuthor Commented:
The servers have both a private and a public IP, each on their own interface (i.e. each has 2 physical cat 6 cables) so you will see two IP's.

One IP will be 192.168.... and the other public. The public interface has a tight lock down through the server's firewall and is connected directly to the internet, the private IP passes through the server firewall almost unchecked so there is no restrictions on LAN communications and is connected to a local router (the router takes care of Internet facing firewall needs of course and is locked down tight).

Having a public and private IP on a server is normal practice for a server facing the Internet and a LAN, it's the cleanest way to handle the different security needs of the LAN vs. public Internet connection.

On server1 there are dozens of zones in the public and private views.

On server2 there are a few zones in the public view and none in the private view.

For here to keep the files small/manageable/readable I copied one or two zones over instead of the dozens and if it shows anything different than I mentioned above for server's 1 & 2 then I made a mistake copying and pasting for here. I also sanitized the zones by making them just names like domain1.com, domain2.com etc.

Please assume as such if it looks different to you but when I looked that's what I saw so I'm not sure what you are seeing when you say no public zones.
0
 
Jan SpringerCommented:
You should only be allowing the transfer of the zones using the public IPs since those are the IPs registered.
0
 
RegProctorAuthor Commented:
It makes no difference, the error occurs whether I allow one IP, the other IP or both IP's so whether that is true or not isn't relevant to the problem.

I do not allow sharing of any private zones however for the obvious reason that they are specific to the server they are on.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now