BIND DNS Master with Zerigo Slaves - BIND won't update the slave servers
- by Anthony
I've tried to resolve this myself and have looked through Google and Stack but haven't found the answer I'm looking for.
Currently on a VPS server I have BIND DNS installed as a MASTER DNS Server. I use Zerigo's DNS service as SLAVE servers for public use: The Master doesn't receive queries - It's job is to simply create and modify DNS entries locally of which the SLAVE use to serve.
Here is an excerpt of the BIND log, I set it to INFO event logging:
14-Apr-2012 23:00:00.234 general: info: received control channel command 'reload'
14-Apr-2012 23:00:00.234 general: info: loading configuration from 'C:\DNS\BIND\etc\named.conf'
14-Apr-2012 23:00:00.234 general: info: using default UDP/IPv4 port range: [1024, 65535]
14-Apr-2012 23:00:00.234 general: info: using default UDP/IPv6 port range: [1024, 65535]
14-Apr-2012 23:00:00.250 general: info: reloading configuration succeeded
14-Apr-2012 23:00:00.250 general: info: reloading zones succeeded
14-Apr-2012 23:16:22.750 xfer-out: info: client 174.36.24.251#47135: transfer of 'ajmakeup.com/IN': AXFR started
14-Apr-2012 23:16:22.750 xfer-out: info: client 174.36.24.251#47135: transfer of 'ajmakeup.com/IN': AXFR ended
14-Apr-2012 23:16:23.015 xfer-out: info: client 68.71.141.22#36212: transfer of 'ajmakeup.com/IN': AXFR started
14-Apr-2012 23:16:23.031 xfer-out: info: client 68.71.141.22#36212: transfer of 'ajmakeup.com/IN': AXFR ended
As you can see there is no problem with Zerigo's DNS servers requesting new DNS data, when I force a reload that is; I don't believe, as per the way they are set as SLAVE, that they poll for changes.
However the problem is the other way; the MASTER is not updating the SLAVE servers when reload is run (on the MASTER); it is a batch on a 15 minute timer.
Below is my NAMED.CONF:
key "rndc-key" {
algorithm hmac-md5;
secret "REMOVED FOR SECURITY";
};
acl "trusted" {
174.36.24.251/32;
68.71.141.22/32;
localhost;
};
options {
version "not currently available";
directory "C:\DNS\BIND\etc";
allow-query {
trusted;
};
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
logging{
channel simple_log {
file "C:\DNS\BIND\logging\bind.log" versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};
zone "ajmakeup.com" in {
type master;
file "c:\dns\BIND\zones\db.ajmakeup.com.txt";
allow-transfer { 174.36.24.251; 68.71.141.22; };
allow-update { none; };
};
Does my problem have something to do with 'allow-query' under options? You will notice that 'allow-transfer' is set explicitly on each DNS zone.
In case you need it here is my RNDC.CONF:
key "rndc-key" {
algorithm hmac-md5;
secret "REMOVED FOR SECURITY";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
server localhost {
key "rndc-key";
};
Note:
I am using WebsitePanel as my hosting panel and is such why it creates the zone enteries the way it does. Although I know I can change this behaviour, I do not wish to do so nor do I believe is the root of the problem.
Thanks for your help.
