Submitted by admin@curatebee.com on Wed, 09/24/2014 - 07:24
I have a Ubuntu 12.04 server with virtualmin pro and about 15 domains hosted on it. I am trying to setup a second server with Ubuntu 14.04 as a slave DNS and this has webmin installed on it. This was created after all the virtualmin servers were created.
I added the slave webmin server on the master ok and they seem to talk, I can see the dns zones on the slave which have come from the master but they are green in colour and have no addresses or other entries under them.
I followed the details in the automatic setup for master slave but appear to only have it partly working with address entries. If it goto a zone and do the test zone transfer it fails with this error .. from 103.15.178.172 : Failed : Missing dig command
Status:
Closed (fixed)
Comments
Submitted by andreychek on Wed, 09/24/2014 - 09:39 Comment #1
Howdy -- hmm, it sounds like you may be close! The IP address "103.15.178.172" -- is that your primary Virtualmin server, or is that the server you're working to setup as a slave DNS server?
Submitted by admin@curatebee.com on Wed, 09/24/2014 - 17:29 Comment #2
"103.15.178.172" is the primary virtualmin server, the master DNS.
Submitted by andreychek on Wed, 09/24/2014 - 21:26 Comment #3
Okay, it sounds like your Virtualmin server doesn't have the "dig" command installed, which comes with the " dnsutils" package.
Try running this command:
apt-get install dnsutilsOnce you do that, does your DNS begin working as expected?
Submitted by admin@curatebee.com on Wed, 09/24/2014 - 22:11 Comment #4
OK so the zone transfer shows it transfered 11 records for the zone I picked but still don't see any addresses added to the slave dns server.
Also using an external tool to test I get this result
information T+0.00s Doing SOA checks across nameservers information T+0.00s Querying ns1.hernet.com.au for SOA for ARRC.COM.AU information T+0.82s Querying ns2.hernet.com.au for SOA for ARRC.COM.AU cross T+1.63s WARNING: lame delegation! ns2.hernet.com.au is not authoritative for ARRC.COM.AU
cross T+1.63s WARNING: the primary server NS1.HERNET.COM.AU did not return an SOA record, therefore we can only check for serial number consistency among the secondaries
information T+1.63s DNS server ns1.hernet.com.au has serial number 1411453441 cross T+1.63s Got no SOA from DNS server ns2.hernet.com.au, skipping SOA check
tick T+1.63s All the specified DNS servers for ARRC.COM.AU have the same serial number
Submitted by andreychek on Thu, 09/25/2014 - 21:17 Comment #5
If you restart BIND on your Virtualmin server, using this command:
/etc/init.d/bind9 restartDo you see any errors listed in the logfiles on either your primary or slave server? The BIND logs typically show up in /var/log/syslog.
I'm wondering if maybe something is preventing the records from properly being transferred; such an error will often show up in the logfile.
Submitted by admin@curatebee.com on Fri, 09/26/2014 - 00:37 Comment #6
I restarted bind9 and here is the output from the log file filtered by "named"
Sep 26 15:30:39 ns1 named[1177]: received control channel command 'stop -p' Sep 26 15:30:39 ns1 named[1177]: shutting down: flushing changes Sep 26 15:30:39 ns1 named[1177]: stopping command channel on 127.0.0.1#953 Sep 26 15:30:39 ns1 named[1177]: stopping command channel on ::1#953 Sep 26 15:30:39 ns1 named[1177]: no longer listening on ::#53 Sep 26 15:30:39 ns1 named[1177]: no longer listening on 127.0.0.1#53 Sep 26 15:30:39 ns1 named[1177]: no longer listening on 103.15.178.172#53 Sep 26 15:30:40 ns1 named[1177]: exiting Sep 26 15:30:41 ns1 named[21757]: starting BIND 9.8.1-P1 -u bind Sep 26 15:30:41 ns1 named[21757]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' Sep 26 15:30:41 ns1 named[21757]: adjusted limit on open files from 4096 to 1048576 Sep 26 15:30:41 ns1 named[21757]: found 4 CPUs, using 4 worker threads Sep 26 15:30:41 ns1 named[21757]: using up to 4096 sockets Sep 26 15:30:41 ns1 named[21757]: loading configuration from '/etc/bind/named.conf' Sep 26 15:30:41 ns1 named[21757]: reading built-in trusted keys from file '/etc/bind/bind.keys' Sep 26 15:30:41 ns1 named[21757]: using default UDP/IPv4 port range: [1024, 65535] Sep 26 15:30:41 ns1 named[21757]: using default UDP/IPv6 port range: [1024, 65535] Sep 26 15:30:41 ns1 named[21757]: listening on IPv6 interfaces, port 53 Sep 26 15:30:41 ns1 named[21757]: listening on IPv4 interface lo, 127.0.0.1#53 Sep 26 15:30:41 ns1 named[21757]: listening on IPv4 interface eth0, 103.15.178.172#53 Sep 26 15:30:41 ns1 named[21757]: generating session key for dynamic DNS Sep 26 15:30:41 ns1 named[21757]: sizing zone task pool based on 20 zones Sep 26 15:30:41 ns1 named[21757]: using built-in root key for view _default Sep 26 15:30:41 ns1 named[21757]: set up managed keys zone for view _default, file 'managed-keys.bind' Sep 26 15:30:41 ns1 named[21757]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 254.169.IN-ADDR.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: D.F.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 8.E.F.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 9.E.F.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: A.E.F.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: B.E.F.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Sep 26 15:30:41 ns1 named[21757]: command channel listening on 127.0.0.1#953 Sep 26 15:30:41 ns1 named[21757]: command channel listening on ::1#953 Sep 26 15:30:41 ns1 named[21757]: zone 0.in-addr.arpa/IN: loaded serial 1 Sep 26 15:30:41 ns1 named[21757]: zone 127.in-addr.arpa/IN: loaded serial 1 Sep 26 15:30:41 ns1 named[21757]: zone 255.in-addr.arpa/IN: loaded serial 1 Sep 26 15:30:41 ns1 named[21757]: zone arrc.com.au/IN: loaded serial 1411453441 Sep 26 15:30:41 ns1 named[21757]: zone australianriverrestorationcentre.com.au/IN: loaded serial 1411453441 Sep 26 15:30:41 ns1 named[21757]: zone cleverfinance.com.au/IN: loaded serial 1409810180 Sep 26 15:30:41 ns1 named[21757]: zone curatebee.com.au/IN: curatebee.com.au/MX 'mail.curatebee.com.au' has no address records (A or AAAA) Sep 26 15:30:41 ns1 named[21757]: zone curatebee.com.au/IN: loaded serial 1410778765 Sep 26 15:30:41 ns1 named[21757]: zone finterest.com.au/IN: loaded serial 1410415726 Sep 26 15:30:41 ns1 named[21757]: zone hernet.com.au/IN: hernet.com.au/MX 'mail.hernet.com.au' has no address records (A or AAAA) Sep 26 15:30:41 ns1 named[21757]: zone hernet.com.au/IN: loaded serial 1406242214 Sep 26 15:30:41 ns1 named[21757]: zone riverspace.com.au/IN: loaded serial 1410160144 Sep 26 15:30:41 ns1 named[21757]: zone truetales.com.au/IN: loaded serial 1408578578 Sep 26 15:30:41 ns1 named[21757]: zone riversofcarbon.org.au/IN: loaded serial 1407278883 Sep 26 15:30:41 ns1 named[21757]: zone tinywings.org.au/IN: loaded serial 1406543940 Sep 26 15:30:41 ns1 named[21757]: zone curatebee.com/IN: loaded serial 1410778376 Sep 26 15:30:41 ns1 named[21757]: zone iwanttoachieve.com/IN: loaded serial 1409389634 Sep 26 15:30:41 ns1 named[21757]: zone riprapmag.com/IN: loaded serial 1410775850 Sep 26 15:30:41 ns1 named[21757]: zone sportreadr.com/IN: loaded serial 1407160868 Sep 26 15:30:41 ns1 named[21757]: zone localhost/IN: loaded serial 2 Sep 26 15:30:41 ns1 named[21757]: zone youngbpw-international.org/IN: loaded serial 1409272337 Sep 26 15:30:41 ns1 named[21757]: managed-keys-zone ./IN: loaded serial 71 Sep 26 15:30:41 ns1 named[21757]: running
Submitted by admin@curatebee.com on Fri, 09/26/2014 - 00:41 Comment #7
On the slave DNS I am seeing:
Sep 26 12:06:28 ns2 named[646]: zone riversofcarbon.org.au/IN: refresh: could not set file modification time of '/var/lib/bind/riversofcarbon.org.au.hosts': permission denied Sep 26 12:20:49 ns2 named[646]: zone hernet.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/hernet.com.au.hosts': permission denied Sep 26 12:23:04 ns2 named[646]: zone riverspace.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/riverspace.com.au.hosts': permission denied Sep 26 12:27:41 ns2 named[646]: zone cleverfinance.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/cleverfinance.com.au.hosts': permission denied Sep 26 12:28:05 ns2 named[646]: zone youngbpw-international.org/IN: refresh: could not set file modification time of '/var/lib/bind/youngbpw-international.org.hosts': permission denied Sep 26 13:03:38 ns2 named[646]: zone australianriverrestorationcentre.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/australianriverrestorationcentre.com.au.hosts': permission denied Sep 26 13:07:44 ns2 named[646]: zone sportreadr.com/IN: refresh: could not set file modification time of '/var/lib/bind/sportreadr.com.hosts': permission denied Sep 26 13:08:55 ns2 named[646]: zone truetales.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/truetales.com.au.hosts': permission denied Sep 26 13:10:58 ns2 named[646]: zone riprapmag.com/IN: refresh: could not set file modification time of '/var/lib/bind/riprapmag.com.hosts': permission denied Sep 26 13:15:14 ns2 named[646]: zone curatebee.com/IN: refresh: could not set file modification time of '/var/lib/bind/curatebee.com.hosts': permission denied Sep 26 13:17:58 ns2 named[646]: zone arrc.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/arrc.com.au.hosts': permission denied Sep 26 13:54:00 ns2 named[646]: zone finterest.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/finterest.com.au.hosts': permission denied Sep 26 13:54:34 ns2 named[646]: zone iwanttoachieve.com/IN: refresh: could not set file modification time of '/var/lib/bind/iwanttoachieve.com.hosts': permission denied Sep 26 13:57:37 ns2 named[646]: client 162.212.181.242#37840 (wwww.jrdga.info): query (cache) 'wwww.jrdga.info/A/IN' denied Sep 26 14:06:41 ns2 named[646]: zone tinywings.org.au/IN: refresh: could not set file modification time of '/var/lib/bind/tinywings.org.au.hosts': permission denied Sep 26 14:13:52 ns2 named[646]: zone curatebee.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/curatebee.com.au.hosts': permission denied Sep 26 14:50:01 ns2 named[646]: zone hernet.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/hernet.com.au.hosts': permission denied Sep 26 14:55:34 ns2 named[646]: zone riversofcarbon.org.au/IN: refresh: could not set file modification time of '/var/lib/bind/riversofcarbon.org.au.hosts': permission denied Sep 26 15:02:26 ns2 named[646]: zone riverspace.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/riverspace.com.au.hosts': permission denied Sep 26 15:09:35 ns2 named[646]: zone cleverfinance.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/cleverfinance.com.au.hosts': permission denied Sep 26 15:14:07 ns2 named[646]: client 162.212.181.242#64797 (wwww.jrdga.info): query (cache) 'wwww.jrdga.info/A/IN' denied Sep 26 15:24:24 ns2 named[646]: zone youngbpw-international.org/IN: refresh: could not set file modification time of '/var/lib/bind/youngbpw-international.org.hosts': permission denied Sep 26 15:32:14 ns2 named[646]: zone sportreadr.com/IN: refresh: could not set file modification time of '/var/lib/bind/sportreadr.com.hosts': permission denied
Submitted by admin@curatebee.com on Fri, 09/26/2014 - 00:55 Comment #8
On the slave DNS syslog I see:
Sep 26 12:06:28 ns2 named[646]: zone riversofcarbon.org.au/IN: refresh: could not set file modification time of '/var/lib/bind/riversofcarbon.org.au.hosts': permission deniedSep 26 12:20:49 ns2 named[646]: zone hernet.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/hernet.com.au.hosts': permission denied
Sep 26 12:23:04 ns2 named[646]: zone riverspace.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/riverspace.com.au.hosts': permission denied
Sep 26 12:27:41 ns2 named[646]: zone cleverfinance.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/cleverfinance.com.au.hosts': permission denied
Sep 26 12:28:05 ns2 named[646]: zone youngbpw-international.org/IN: refresh: could not set file modification time of '/var/lib/bind/youngbpw-international.org.hosts': permission denied
Sep 26 13:03:38 ns2 named[646]: zone australianriverrestorationcentre.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/australianriverrestorationcentre.com.au.hosts': permission denied
Sep 26 13:07:44 ns2 named[646]: zone sportreadr.com/IN: refresh: could not set file modification time of '/var/lib/bind/sportreadr.com.hosts': permission denied
Sep 26 13:08:55 ns2 named[646]: zone truetales.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/truetales.com.au.hosts': permission denied
Sep 26 13:10:58 ns2 named[646]: zone riprapmag.com/IN: refresh: could not set file modification time of '/var/lib/bind/riprapmag.com.hosts': permission denied
Sep 26 13:15:14 ns2 named[646]: zone curatebee.com/IN: refresh: could not set file modification time of '/var/lib/bind/curatebee.com.hosts': permission denied
Sep 26 13:17:58 ns2 named[646]: zone arrc.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/arrc.com.au.hosts': permission denied
Sep 26 13:54:00 ns2 named[646]: zone finterest.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/finterest.com.au.hosts': permission denied
Sep 26 13:54:34 ns2 named[646]: zone iwanttoachieve.com/IN: refresh: could not set file modification time of '/var/lib/bind/iwanttoachieve.com.hosts': permission denied
Sep 26 13:57:37 ns2 named[646]: client 162.212.181.242#37840 (wwww.jrdga.info): query (cache) 'wwww.jrdga.info/A/IN' denied
Sep 26 14:06:41 ns2 named[646]: zone tinywings.org.au/IN: refresh: could not set file modification time of '/var/lib/bind/tinywings.org.au.hosts': permission denied
Sep 26 14:13:52 ns2 named[646]: zone curatebee.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/curatebee.com.au.hosts': permission denied
Sep 26 14:50:01 ns2 named[646]: zone hernet.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/hernet.com.au.hosts': permission denied
Sep 26 14:55:34 ns2 named[646]: zone riversofcarbon.org.au/IN: refresh: could not set file modification time of '/var/lib/bind/riversofcarbon.org.au.hosts': permission denied
Sep 26 15:02:26 ns2 named[646]: zone riverspace.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/riverspace.com.au.hosts': permission denied
Sep 26 15:09:35 ns2 named[646]: zone cleverfinance.com.au/IN: refresh: could not set file modification time of '/var/lib/bind/cleverfinance.com.au.hosts': permission denied
Sep 26 15:14:07 ns2 named[646]: client 162.212.181.242#64797 (wwww.jrdga.info): query (cache) 'wwww.jrdga.info/A/IN' denied
Sep 26 15:24:24 ns2 named[646]: zone youngbpw-international.org/IN: refresh: could not set file modification time of '/var/lib/bind/youngbpw-international.org.hosts': permission denied
Sep 26 15:32:14 ns2 named[646]: zone sportreadr.com/IN: refresh: could not set file modification time of '/var/lib/bind/sportreadr.com.hosts': permission denied
Submitted by andreychek on Fri, 09/26/2014 - 09:20 Comment #9
It looks like the problem you're seeing is related to this error here:
Sep 26 15:32:14 ns2 named[646]: zone sportreadr.com/IN: refresh: could not set file modification time of '/var/lib/bind/sportreadr.com.hosts': permission deniedIs your slave DNS server using Ubuntu as well?
And what is the output of this command:
ls -la /var/lib/bind/Submitted by admin@curatebee.com on Fri, 09/26/2014 - 17:18 Comment #10
Yes, master is Ubuntu 12.04, Slave is Ubuntu 14.04
Command Output on slave
Submitted by andreychek on Fri, 09/26/2014 - 19:52 Comment #11
Could you add the "a" option to that ls command? My apologies, while I edited it in after I initially wrote that comment above, the email notification you received probably didn't show that.
So that command would look like this:
ls -la /var/lib/bind/I think what we'll need to do is edit the permissions of your zone files, and possibly that directory -- I'm just trying to get an idea of your existing setup first. Thanks!
Submitted by admin@curatebee.com on Sun, 09/28/2014 - 07:20 Comment #12
total 12drwxrwxr-x 2 root bind 4096 Sep 23 22:25 .
drwxr-xr-x 38 root root 4096 Sep 23 21:54 ..
-rw-r--r-- 1 root bind 0 Sep 23 22:25 arrc.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 australianriverrestorationcentre.com.au.hosts
-rw-r--r-- 1 root root 53 Sep 23 21:54 bind9-default.md5sum
-rw-r--r-- 1 root bind 0 Sep 23 22:25 cleverfinance.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 curatebee.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 curatebee.com.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 finterest.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 hernet.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 iwanttoachieve.com.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 riprapmag.com.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 riversofcarbon.org.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 riverspace.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 sportreadr.com.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 tinywings.org.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 truetales.com.au.hosts
-rw-r--r-- 1 root bind 0 Sep 23 22:25 youngbpw-international.org.hosts
Submitted by andreychek on Sun, 09/28/2014 - 10:37 Comment #13
Okay, the directory looks good. We can just change the permissions of those files and see if that resolves the issue you're seeing.
Try running this command:
chmod 664 /var/lib/bind/*.hostsOnce you do that, restart BIND first on your slave server, and then restart it on your Virtualmin server.
After that, do your DNS records get transferred to your slave?
Submitted by admin@curatebee.com on Mon, 09/29/2014 - 20:55 Comment #14
Thankyou, this appears to have fixed it.
Submitted by admin@curatebee.com on Sun, 11/09/2014 - 22:37 Comment #15