Redhat Linux DNS - Master not Syncing with Slave

Hello Everyone:

Please forgive me, I am a novice when it comes to Redhat Linux, however I am a quick learner.  :-)

I have two Redhat Linux DNS servers in my DMZ.  One is a Master and the other is a Slave.  The sync between the two have never worked, but I would like to get the sync working now.

I am able to successfully perform a telnet to port 53 from the Slave to the Master, but when I perform a  dig -t axfr domain.com 192.168.1.20

I receive the following:

;; global options: +cmd
; Transfer failed.
; Transfer failed.

192.168.1.20 is the Master Linux DNS Server

Any assistance or suggestions would be greatly appreciated!
rmessing171ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
Do you have an ACL that has a list of IPs that are allowed to transfer?  Have you applied that ACL to your zone in the named.conf?
0
Dan CraciunIT ConsultantCommented:
Suggestion 1: please post the contents of the relevant zone files, so we can check for problems.
Suggestion 2: please post the allow-transfer directive (from named.conf.options)

HTH,
Dan
0
rmessing171ConsultantAuthor Commented:
Thank you for your replies Dan and Jan.

I have attached the files you requested.  If there is any additional info or files you require, please feel free to ask me.

Master DNS Server: dns1.test.com  - 192.168.1.25
Slave DNS Server: dns2.test.com - 192.168.1.26

Thank you for taking time out of your busy day to assist me with this!

Thank you very much for your assistance!
named.conf_MASTER.txt
named.conf_SLAVE.txt
domain.de.zone.txt
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Dan CraciunIT ConsultantCommented:
So... where is the "test.de" zone in the slave?

I expected something like:

zone "test.de" {
        type slave;
        masters { 192.168.1.25; };
        file "/etc/named/primary/domain.de.zone";
};
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rmessing171ConsultantAuthor Commented:
Wouldn't that occur when the successful syncing occurs between the Master and Slave?  The syncing has never occurred.
0
Dan CraciunIT ConsultantCommented:
Nope. The syncing only occurs for the zones you specify.

The servers only sync zone files, not zone settings.
0
rmessing171ConsultantAuthor Commented:
OK.  So it sounds like I have a lot of work ahead of me on updating the slave's named.conf file.

Just curious to why the  dig -t axfr domain.com 192.168.1.25 command provided me a Transfer failed?
0
Dan CraciunIT ConsultantCommented:
Why you receive the message "Transfer failed": because of this line
allow-transfer { 192.168.1.26; };

dig axfr will attempt a zone transfer. From any IP other than 192.168.1.26, that transfer will fail.

PS: I deleted the previous explanation, as it was incorrect.
The master only notifies the slave that it has a zone with the name xxx and serial yyy. It's the slave's job to decide if it wants to transfer the zone, the master can't "push" zones.
0
rmessing171ConsultantAuthor Commented:
Dan - Thank you for sticking with me through this!

With your assistance, and updating the Linux - DNS Slave's /etc/named.conf file and each zone specified with masters "{ 192.168.1.25; }; the zone files are now being transfer to the /var/named/slaves directory.

I have one more issue that I am hoping is an easy one.

It seems when I point to the Slave DNS server or if I update the Slave /etc/resolv.conf file with only nameserver 192.168.127.26 (IP of Slave) and try to perform a nslookup of one of the zones, I am getting the following:

nslookup test.ca

;; connection timed out; trying next origin
;; connection timed out; no servers could be reached

Any thoughts or ideas to why I am unable to resolve against the DNS Slave server?

Thank you again for all of your patience and assistance!
0
Dan CraciunIT ConsultantCommented:
try
dig test.ca @192.168.127.26

then paste the response.
0
rmessing171ConsultantAuthor Commented:
Thanks Dan!

I performed the following:

dig test.ca @192.168.127.26

I received the following:

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> test.ca @192.168.127.26
;; global options: +cmd
;; connection timed out; no servers could be reached


I am able to ping the 192.168.127.26 from the master DNS Server, as well as I can ping itself when I am on it's console.

What are your thoughts?
0
Dan CraciunIT ConsultantCommented:
listen-on port 53 { 127.0.0.1; 192.168.1.25; 192.168.1.26; };

Why would you listen on 192.168.1.25 if that IP is not on that server??
0
rmessing171ConsultantAuthor Commented:
I had seen this type of configuration on internet and I thought I needed it.

Should i remove it?  What are your thoughts that I can not obtain DNS from the Slave DNS server?
0
Dan CraciunIT ConsultantCommented:
I suspect it's because bind is not listening on 192.168.1.26:53 or the firewall is blocking connections on port 53.

192.168.1.25 is not needed. It's probably why the server is not listening, as that IP has nothing to do with that server.
0
Dan CraciunIT ConsultantCommented:
BTW, don't configure DNS using Internet tutorials.
Get the book, read it and then configure it properly: http://shop.oreilly.com/product/9780596100575.do
0
rmessing171ConsultantAuthor Commented:
Hi Dan - You were correct, it was the "listen-on port" IP address was the issue.

I am able to transfer zones successfully from the Master DNS to the Slave and they are both seen on the internet.

Thank your for referencing the DNS and Bind book!

Thank you for all of your assistance and patience!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.