Slave DNS Issues - received notify for zone 'example': not authoritative

11 posts / 0 new
Last post
#1 Sat, 01/10/2015 - 14:54
JamesSimpson

Slave DNS Issues - received notify for zone 'example': not authoritative

Hi All,

I'm having issues setting up my slave DNS server, and google has given me some things to try, but they have all come up trumps.

My master DNS server works fine, its accepting connections, and it notifies the slave of the domains. The domain files are created (although empty) into var/named/slaves and these empty files get copied over to chroot/var/named/slaves

When i restart my master DNS it notifies the slave (as its supposed to) no error messages in the log file on the master server, but my slave sees the notifies but then throws errors stating:

received notify for zone 'example': not authoritative

It does not update the records on the slave. I have tried deleting the pair, removing the records from the slave and re-syncing again, again it created the files, but are all empty.

When going into the slave records, and testing the transfer from there, I get a successful message saying it could connect to the master and pull X records, stating it should work fine.

I have tried changing the /var/named/ directories to 777 permission, this didn't make any difference what so ever.

My slave named.conf is as per below

options {
    listen-on port 53 { 127.0.0.1; SLAVE IP; };
    listen-on-v6 port 53 { none; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion no;
        allow-transfer { 127.0.0.1; MASTER IP; };
    version "Bind";
    OPTIONS="-4"
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
 
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
 
    managed-keys-directory "/var/named/dynamic";
    also-notify {};
};
 
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
 
zone "." IN {
    type hint;
    file "named.ca";
};
 
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
zone "example.com" {
    type slave;
    masters {
        MASTER IP;
        };
    allow-transfer {
        MASTER IP;
        };
Sun, 01/11/2015 - 06:41
JamesSimpson

Anyone seen this before?

Tue, 01/13/2015 - 01:36
Joe
Joe's picture

"I have tried changing the /var/named/ directories to 777 permission, this didn't make any difference what so ever."

That's not expected to make a difference. Whenever you think, "I have a problem...I know, I'll chmod 777 this directory." Now, you've got two problems. ;-)

The error can happen, I think, if the slave addresses are not listed in the "allow-transfer" section on the master.

--

Check out the forum guidelines!

Tue, 01/13/2015 - 12:53
JamesSimpson

Hi Joe,

I was clutching at straws when I did that - tested it and it didn't work - put the permissions back to what they were. There was a post somewhere on the internet that suggested it and it worked for someone else.

As for the master "allow-transfer", i have the slave IP address in there.

Example

zone "example.com" {
    type master;
    file "/var/named/espressowebdesign.net.hosts";
    allow-transfer {
        127.0.0.1;
        localnets;
        MASTERIP; #Doesnt need to be in here, but just incase
        SLAVEIP; #IPaddress of the slave here
        };

I've left it for the past two days, and I'm still getting the same error message in the log file and no files transferred to the slave.

Tripple checked the firewall, disabled it, restarted master DNS, and still the same - I've googled all I can and nothing pops up. Even tried a fresh install of BIND.

Tue, 01/13/2015 - 13:01
JamesSimpson

I have even just tried putting the slave IP into Bind > Zone Defaults and in the "Allow transfers from..", this also didn't work.

Tue, 01/13/2015 - 13:38
JamesSimpson

Now I am totally confused. I managed to get the zones transferred, but I think there's a bug somewhere in Virtualmin.

So I ran (on the slave)

rndc stop named -u named -g

Which then started loading in all the zone's from the master server?

13-Jan-2015 20:29:00.956 zone example.com/IN: Transfer started.
13-Jan-2015 20:29:01.045 transfer of 'example.com/IN' from MASTER IP#53: connected using SLAVE IP#51967
13-Jan-2015 20:29:01.213 zone example.com/IN: transferred serial 1409831355

So I thought, yes its fixed properly and it will sync - so I went back to the master, restarted BIND, and I get the same errors in the log file saying received notify for zone 'example': not authoritative?! Yet it pulled all the zones in when I SSH'd into the server?

Tue, 01/13/2015 - 13:52
tpnsolutions
tpnsolutions's picture

James,

I'd be happy to diagnose and help you resolve this issue. Drop me a line on Skype when you have a moment, I'm pretty good with DNS :-)

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Tue, 01/13/2015 - 16:02
JamesSimpson

If i restart BIND from Virtualmin, it only loads in the master values, which means it doesn't respond to any domain names.

If I then go into SSH, and run named -u named-g and leave it running, it will respond to queries?

Wed, 01/14/2015 - 12:24
JamesSimpson

Hi Peter,

Is this free support? lol

Wed, 01/14/2015 - 13:30
JamesSimpson

Well I finally got it sorted, after nearly a week.

Basically I did another complete re-install, but this time, i deleted all files and folders for BIND

I saved copies of my named.conf and /var/named/hosts (forward and reverse)files.
ran yum remove bind
cd /var/named
rm -Rf * (be carefull)
ran yum install bind
copied my named.conf and /var/named host files back
service named start

It started straight up, i then applied bind settings on my master server, and then everything started pinging across to the slave successfully and now it responds to queries.

Thank god!

Wed, 01/14/2015 - 18:22
tpnsolutions
tpnsolutions's picture

James,

Sounds like you got this issue figured out :-) Great to hear.

To answer your earlier question, my pricing model is "gratitude-based" meaning you show your gratitude however you feel appropriate whether it be financial, referring others, or writing up some feedback on what we covered and how it was solved (or not solved).

Cheers!

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 1-604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com

*** drop me an email or reach me on Skype to learn about our new support packages including a FREE copy of Virtualmin Pro!!! ***
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Topic locked