Force dns zone transfer

Something happened and I'm not sure what. My dns secondary server (slave) has lost all info related to the zones transferred from the primary.

Of course, my local PC uses the secondary to resolve addresses so I can't use virtualmin directly from the browser. Nor can I use my email because it requires addresses that are in the primary zones!

I need to have the primary DNS re-transfer all the domains to the slave DNS. I have modified the serial numbers in all the *.hosts files in the named directory.

I have tried (on the slave) doing rndc ez-ms.com and it returns without error. But no ez-ms.com.hosts file exists in the slaves subdirectory for named. Subseuqnet digs fail with SERVFAIL.

Doing a dig www.ez-ms.com returns a SERVFAIL error when executed on the slave system. I can do a dig @ns3.ez-merchant-hosting.com www.ez-ms.com. on the slave system which forces it to use the primary server and that works without failure.

How can I force the primary to resend the zone info to the slave? Or force the slave to pull the zone info from the primary?

I need to be able to do this from the command line versus the browser interface.

Status: 
Active

Comments

Have you tries the command rndc reload ez-ms.com on the slave ? That should trigger a zone transfer from the master.

If it doesn't, check the log file /var/log/messages on the slave system to see what errors get logged when you try that command.

No, I had not done that command. I did a rndc retransfer ez-ms.com and it returned with nothing and no error messages.

i executed rndc reload ez-ms.com and the messages file contains: May 26 13:20:17 linux1 named[2052]: zone ez-ms.com/IN: Transfer started. May 26 13:20:17 linux1 named[2052]: transfer of 'ez-ms.com/IN' from 72.3.238.60#53: connected using 192.168.101.2#37683 May 26 13:20:17 linux1 named[2052]: transfer of 'ez-ms.com/IN' from 72.3.238.60#53: failed while receiving responses: REFUSED May 26 13:20:17 linux1 named[2052]: transfer of 'ez-ms.com/IN' from 72.3.238.60#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.204 secs (0 bytes/sec)

Not sure why it's being REFUSED... The IP address is correct for the primary. It was all originally setup and working correctly until I had a power outage here (where the slave is located).

Looks like the primary isn't allowing zone transfers for the slave.

Make sure that the slave's IP is in the list of those allowed to transfer on the master. This can be set at Services -> DNS Domain -> Zone Options -> Allow transfers from.

I thought I/we had been through this before.... I had thought (and it seemed to be working until the slave went down from power fail) we had set things up so that anytime a new zone is created on the primary, it is sent to the slave (via webmin) and configured to be transferred from there.

I certainly don't want to have to go into a domain specific configuration and add dns slave IP each time a new zone is created.

How is this configured globally?

So normally for each new zone, the master is configured to allow transfers from any slaves that virtualmin also sets up.

When your slave went down, was it replaced by a new machine with a different IP address?

No, everything was the same. It just ended up basically doing a reboot and fsck. But nothing on the master (primary) was changed at all so I'm confused as to why the request is being REFUSED. Where can I check the webmin IP/User/Password that is being used? Also, what would cause the access permissions on the primary to change?

I would like a few things: 1) Every zone created on the primary to be communicated to the slave(s) so they can do their thing in requesting zone reloads. 2) When a zone changes (serial number), the slave is notified to reload the zone. 3) Ability to 'reload' any zone on the slave regardless of whether the zone's serial number has been modified or not (rndc retransfer).

Webmin authentication isn't used for zone transfers - instead, BIND just checks a system's IP address to see if it is allowed.

Assuming that the IP is allowed, all the things you asked for in comment #7 should work.

Is the slave's IP in that list of IPs allowed for transfers?

No it is not. Where can I set this globally rather than having to enter it for each zone/domain?

You can set it globally at Webmin -> Servers -> BIND DNS Server -> Zone Defaults -> Allow transfers from.

However, this only takes effect if the per-zone "Allow transfers from" field is set to "Default".

Set the "Allow transfers from" to the IP of the slave. Restarted 'named' on the primary. Did 'rndc reload ez-ms.com'. Said that refresh was queued. Looked at /var/log/messages and it still fails with REFUSED.

In Virtualmin (ez-ms.com) -> Services -> DNS Domain, there is no 'default' setting for 'Allow transfers from'. It is a textarea with 127.0.0.1 and localnet in the text box. The only radio buttons on the page are for Check names? and Notify slaves of changes?. Both are set to "default".

Where does webmin put this IP address so I can verify that the underlying system is updated correctly?

Ok, in that case you should just remove 127.0.0.1 and localnet from that box, save, and then restart BIND.

Or add the master IP to the list - that's what Virtualmin will do for new domains.

Removed 127.0.0.1 and localnet from the textarea, saved and then /etc/init.d/named restart. Shutdown/restart both OK.

Went to slave and did rdnc reload ez-ms.com. No change, still getting REFUSED.

Am I going to have to delete these entries manually for each domain on the primary that I want to be loaded on the slave?

Where in the Linux environment are these setting kept so I don't have to go to each server in Virtualmin. But I would like to get it working for one domain first!

Removed 127.0.0.1 and localnet from the textarea, saved and then /etc/init.d/named restart. Shutdown/restart both OK.

Went to slave and did rdnc reload ez-ms.com. No change, still getting REFUSED.

Am I going to have to delete these entries manually for each domain on the primary that I want to be loaded on the slave?

Where in the Linux environment are these setting kept so I don't have to go to each server in Virtualmin. But I would like to get it working for one domain first!

Okay, found where named.conf lives. Edited the file to get rid of "allow-transfer"s for localhost and localnets.

Will watch to see if things are working correctly. Ensured that 'notify's are to the slave IP and that allow-transfer's are also set to the slave IP.

Ok, let us know how it goes ..