DNS zone transfers

Submitted by Shirehosting on Sat, 10/23/2010 - 18:39 Pro Licensee

Hi Guys,

Once again I have moved to a newly built DNS server for holding the slave zones, unfortunatly it only seems to transfer 2 zones for the rest I get the following in the log files

zone blah.com.au/IN: Transfer started. Oct 24 09:59:24 r2d2 named[787]: transfer of 'blah.com.au/IN' from xxx.xxx.xxx.xxx#53: connected using xxx.xxx.xxx.xxx#58838 Oct 24 09:59:24 r2d2 named[787]: transfer of 'blah.com.au/IN' from xxx.xxx.xxx.xxx#53: failed while receiving responses: REFUSED Oct 24 09:59:24 r2d2 named[787]: transfer of 'blah.com.au/IN' from xxx.xxx.xxx.xxx#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.076 secs (0 bytes/sec)

Oct 23 01:28:48 r2d2 named[787]: zone blah.com.au/IN: zone transfer deferred due to quota

I'm guessing that this is something that I need to turn off?

Status: 
Active

Comments

Submitted by JamieCameron on Sun, 10/24/2010 - 14:47

Sounds like the master server may not be configured to allow transfers from the new slave.

What gets logged to /var/log/messages on the master if you try to force a transfer on the slave? (by restarting BIND)

Also, in /etc/bind/named.conf.local on the master system in the allow-transfer block for one of the problem domains, what IPs are listed? The slave's IP should appear there ..

Submitted by Shirehosting on Sat, 11/06/2010 - 17:12 Pro Licensee

Ok I looked in /etc/bind/named.conf.local on the master server and the allow-transfer block for all the zones that were not transfering were missing the slave IP. Now short of inputing the IP manualy every time I add a new zone. Where can I enter it using the Webmin interface to make it part of the default allowed-transfer set?

Submitted by JamieCameron on Sun, 11/07/2010 - 00:46

Is the new server already configured in Virtualmin on the master system to have slave zones automatically added to it? If so, then the IP will be put in the allow-transfer block automatically.

If not, you can go to System Settings -> Server Templates -> Default Settings -> BIND DNS Domain, and enter the hostname of the slave server in the "Additional manually configured nameservers" box. This will apply to domains created from then on.

Submitted by JamieCameron on Sun, 11/07/2010 - 00:47

Is the new server already configured in Virtualmin on the master system to have slave zones automatically added to it? If so, then the IP will be put in the allow-transfer block automatically.

If not, you can go to System Settings -> Server Templates -> Default Settings -> BIND DNS Domain, and enter the hostname of the slave server in the "Additional manually configured nameservers" box. This will apply to domains created from then on.

Submitted by JamieCameron on Sun, 11/07/2010 - 00:48

Is the new server already configured in Virtualmin on the master system to have slave zones automatically added to it? If so, then the IP will be put in the allow-transfer block automatically.

If not, you can go to System Settings -> Server Templates -> Default Settings -> BIND DNS Domain, and enter the hostname of the slave server in the "Additional manually configured nameservers" box. This will apply to domains created from then on.

Submitted by Shirehosting on Sun, 11/07/2010 - 01:36 Pro Licensee

Yes the new server is, but I must say that every time I add a new sever to the DNS cluster, the zones create on the Slave but none of the records transfer over, I have had this issue as long as I have been using Virtualmin.

I can't for the life of me figure out why it happens, I am doing everything correctly when creating a slave...

I can't see what I could be doing wrong. and every time I check it's missing the slave server in the allow transfer part of the conf file for evry dns zone.

Submitted by JamieCameron on Sun, 11/07/2010 - 12:20

When you create a new zone, does the slave's IP address get put into the allow-transfer block on the master?

Submitted by JamieCameron on Sun, 11/07/2010 - 12:20

When you create a new zone, does the slave's IP address get put into the allow-transfer block on the master?

Submitted by JamieCameron on Sun, 11/07/2010 - 12:22

When you create a new zone, does the slave's IP address get put into the allow-transfer block on the master?

Submitted by Shirehosting on Mon, 11/08/2010 - 04:06 Pro Licensee

Well that's the problem, it dosn't :-(

Submitted by Locutus on Mon, 11/08/2010 - 05:27

Just a note, to clear things up, and make sure we're talking about the same functions here: The issue was entered under "Project: Webmin Core", but in the report you're talking about "Virtualmin". :)

Are you using Virtualmin's zone file creation functions, or Webmin's?

The following info might help too:

The default behavior of BIND, when no allow-transfer directives are present, is to allow transfer to all hosts. As soon as there is an allow-transfer present, either in the "Zone defaults" (i.e. the named.conf.options file) which apply globally to all zones, or in a specific zone (i.e. named.conf.local), only transfers to those IPs are allowed.

Webmin itself does not, as far as my tests show, automatically add the (cluster) slaves to an allow-transfer directive. You need to do that after creation, in the Zone Options for the respective zone, or globally in the Zone Defaults, if you use the same (few) cluster slave(s) for all your domains.

Virtualmin though does automatically create the proper allow-transfer directives, if the corresponding checkboxes in System Settings -> Server Templates -> {Template name} -> BIND DNS domain : Automatically add named.conf directives are active.

Submitted by JamieCameron on Mon, 11/08/2010 - 14:51

That's odd, new zones should get the IPs of nameservers you put into the "Additional manually configured nameservers" field. Assuming that the hostname you enter can actually be resolved to an IP address ..

Do those nameservers show up as NS records in the new domain's zone files?