Link to home
Start Free TrialLog in
Avatar of kiwistag
kiwistagFlag for New Zealand

asked on

DNS server issues - BIND and master/server relationships to the world

We had our master DNS server go down last night for our domain (RAID failure). Technically our secondary DNS server should have picked up the slack, however for one domain where our DNS server holds the records for an externally hosted mail server of ours, it was unresponsive until we made NS2 our master server.

The biggest issue is why a secondary server would not show as responsible until becoming a master whereas other services on our network were fine...

Any ideas why this would be the case?
CentOS 7 - BIND.
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

You don't say what the SOA was for that zone and how long the authoritative server was down before configuring it as master on the slave.

The zone records could have expired.
Avatar of kiwistag

ASKER

Precedence of our nameservers
ns3 = master
ns2 = slave (which was promoted to master)
ns1 = slave

NS1 used to be the slave however for some reason outside of our network it's not fully responsive. This is a separate issue we are aware of but requires a visit to our firewalling which was tightened up after attempted DDOS attacks.

I had a look at ns2's config (since ns3 is back online) and with ns2 as slave it was showing ns1 as the SOA.
I've not corrected this.

The authoritative server was down 10 hours before I set the secondary as the master.
"ns1" for the soa is not the answer that I expected.  I was especially interested in the numbers that followed.
$ORIGIN .
$TTL 4800       ; 1 hour 20 minutes
xxxxxxx.co.nz            IN SOA  ns1.xxxxxxx.nz. bevan.xxxxxxx.nz. (
                                1480460656 ; serial
                                3800       ; refresh (1 hour 3 minutes 20 seconds)                                                                                                                                                             s)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                38400      ; minimum (10 hours 40 minutes)
                                )
                        NS      ns1.xxxxxxx.nz.
                        NS      ns2.xxxxxxx.nz.
                        NS      ns3.xxxxxxx.nz.

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Has the author determined whether the servers are answering authoritatively as they should?  Has the author checked the registrar name servers listed?
Turns out that some issues between the Nameservers was due to firewall and routing. This caused all sort of inconsistencies.