Myles Capen
asked on
Update of DNS BIND9 Doesn't seem to be working
Running BIND9 on FreeBSD. rndc status says server is running. However, after a rndc freeze, I edited a zone file and removed some no longer needed entries. I updated the serial number so it would update the secondary server. I received an out of range error when I tried to reload the zone....and even if I try to rndc thaw the zone...I get the same out of range error. After research on the web, It was recommended to delete the jnl file associated to the zone. Again even after that step, the reload returned an out of range error. Very cautious with updating the DNS as it's the primary for our network....
Please help. Also...It does NOT seem that my DNS is updating the secondary server.
Thank you
Please help. Also...It does NOT seem that my DNS is updating the secondary server.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you ALSO update the SOA serial number? 3rd parameter after SOA.
google.com. 42 IN SOA ns1.google.com. dns-admin.google.com. 232849336 900 900 1800 60
It needs to be AT least one higher than the current one. (Might be more if DNSSEC is involved).
The update sequence is:
rndc freeze
edit file (don't forget to increment SOA serial).
rndc thaw
The slave will update IF the slave is notified (also-notify { slave1-ip; slave2-ip; }; )
and the slave is allowed to to transfers (allow-transfer { slave1-ip; slave2-ip; }; )
A better way may be:
declare a:
#
master slaves {
slave1-ip;
slave2-ip;
};
#
# and in zone use:
also-notify { slaves; };
allow-transfer {slaves; };
The SOA is a 32bit integer... so you can stuff 8 digits in it easy.
a widely used custom was to format it like a data: yyyymmddxx
where yyyy = year, mm = monthe, dd = day and xx is incremented each time during that day.
google.com. 42 IN SOA ns1.google.com. dns-admin.google.com. 232849336 900 900 1800 60
It needs to be AT least one higher than the current one. (Might be more if DNSSEC is involved).
The update sequence is:
rndc freeze
edit file (don't forget to increment SOA serial).
rndc thaw
The slave will update IF the slave is notified (also-notify { slave1-ip; slave2-ip; }; )
and the slave is allowed to to transfers (allow-transfer { slave1-ip; slave2-ip; }; )
A better way may be:
declare a:
#
master slaves {
slave1-ip;
slave2-ip;
};
#
# and in zone use:
also-notify { slaves; };
allow-transfer {slaves; };
The SOA is a 32bit integer... so you can stuff 8 digits in it easy.
a widely used custom was to format it like a data: yyyymmddxx
where yyyy = year, mm = monthe, dd = day and xx is incremented each time during that day.
ASKER
Thanks for your help!!!!!
Myles