BIND DNS Master with Zerigo Slaves - BIND won't update the slave servers

Posted by Anthony on Server Fault See other posts from Server Fault or by Anthony
Published on 2012-04-16T10:40:30Z Indexed on 2012/04/16 11:32 UTC
Read the original article Hit count: 718

Filed under:
|
|

I've tried to resolve this myself and have looked through Google and Stack but haven't found the answer I'm looking for.

Currently on a VPS server I have BIND DNS installed as a MASTER DNS Server. I use Zerigo's DNS service as SLAVE servers for public use: The Master doesn't receive queries - It's job is to simply create and modify DNS entries locally of which the SLAVE use to serve.

Here is an excerpt of the BIND log, I set it to INFO event logging:

14-Apr-2012 23:00:00.234 general: info: received control channel command 'reload'
14-Apr-2012 23:00:00.234 general: info: loading configuration from 'C:\DNS\BIND\etc\named.conf'
14-Apr-2012 23:00:00.234 general: info: using default UDP/IPv4 port range: [1024, 65535]
14-Apr-2012 23:00:00.234 general: info: using default UDP/IPv6 port range: [1024, 65535]
14-Apr-2012 23:00:00.250 general: info: reloading configuration succeeded
14-Apr-2012 23:00:00.250 general: info: reloading zones succeeded
14-Apr-2012 23:16:22.750 xfer-out: info: client 174.36.24.251#47135: transfer of 'ajmakeup.com/IN': AXFR started
14-Apr-2012 23:16:22.750 xfer-out: info: client 174.36.24.251#47135: transfer of 'ajmakeup.com/IN': AXFR ended
14-Apr-2012 23:16:23.015 xfer-out: info: client 68.71.141.22#36212: transfer of 'ajmakeup.com/IN': AXFR started
14-Apr-2012 23:16:23.031 xfer-out: info: client 68.71.141.22#36212: transfer of 'ajmakeup.com/IN': AXFR ended

As you can see there is no problem with Zerigo's DNS servers requesting new DNS data, when I force a reload that is; I don't believe, as per the way they are set as SLAVE, that they poll for changes.

However the problem is the other way; the MASTER is not updating the SLAVE servers when reload is run (on the MASTER); it is a batch on a 15 minute timer.

Below is my NAMED.CONF:

key "rndc-key" {
    algorithm hmac-md5;
    secret "REMOVED FOR SECURITY";
};

acl "trusted" {
        174.36.24.251/32;
    68.71.141.22/32;
        localhost;
};

options {
    version "not currently available";
    directory "C:\DNS\BIND\etc";
    allow-query {
                trusted;
        };
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } 
    keys { "rndc-key"; };
};

logging{
  channel simple_log {
    file "C:\DNS\BIND\logging\bind.log" versions 3 size 5m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};

zone "ajmakeup.com" in {
    type master;
    file "c:\dns\BIND\zones\db.ajmakeup.com.txt";
    allow-transfer { 174.36.24.251; 68.71.141.22; };
    allow-update { none; };
};

Does my problem have something to do with 'allow-query' under options? You will notice that 'allow-transfer' is set explicitly on each DNS zone.

In case you need it here is my RNDC.CONF:

key "rndc-key" {
    algorithm hmac-md5;
    secret "REMOVED FOR SECURITY";
};

options {
    default-key "rndc-key";
    default-server 127.0.0.1;
    default-port 953;
};

server localhost {
  key "rndc-key";
};

Note:

I am using WebsitePanel as my hosting panel and is such why it creates the zone enteries the way it does. Although I know I can change this behaviour, I do not wish to do so nor do I believe is the root of the problem.

Thanks for your help.

© Server Fault or respective owner

Related posts about dns

Related posts about bind