From owner-freebsd-questions@FreeBSD.ORG Fri Sep 8 18:34:53 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 073F716A500 for ; Fri, 8 Sep 2006 18:34:53 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2958A43D45 for ; Fri, 8 Sep 2006 18:34:51 +0000 (GMT) (envelope-from david.robillard@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so706429uge for ; Fri, 08 Sep 2006 11:34:50 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=Uvw7HPm2QW1Qokg8fXUAPt6t5ugfxrU3Uumo1ez2rtqpvH2rxp6dcc2ubc4oKYg3xRLa/hRL23R8cgJ3/LU3DRL78C8GgD5KTaldW8hpE984qsRA5PWaIpDMwdHteKBme1J5V7NMYskef273qYB5hnQmEzoMqppAM89Ilu9HYZw= Received: by 10.67.101.8 with SMTP id d8mr1260938ugm; Fri, 08 Sep 2006 11:34:50 -0700 (PDT) Received: by 10.67.106.17 with HTTP; Fri, 8 Sep 2006 11:34:50 -0700 (PDT) Message-ID: <226ae0c60609081134na018cc4r9f3369e03626d018@mail.gmail.com> Date: Fri, 8 Sep 2006 14:34:50 -0400 From: "David Robillard" To: "Jonathan Horne" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: FreeBSD Questions Mailing List Subject: Re: trouble with a pair of bind9 servers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2006 18:34:53 -0000 > the trouble im having is, that my slave (5.5-p3) will not transfer the zone > from the master (6.1-p4). my /var/log/messages is filled with these: > > Sep 7 21:50:24 fbsd55-2 named[1847]: exiting > Sep 7 21:50:26 fbsd55-2 named[1924]: starting BIND 9.3.2 -t /var/named -u bind > Sep 7 21:50:26 fbsd55-2 named[1924]: /etc/namedb/named.conf:40: option 'allow-update' is not allowed in 'slave' zone 'dlptest.com' Hi Jonathan, First, I would recommend you to send this question to the BIND mailing list at . See ISC's website for more subscribing at http://www.isc.org/index.pl?/sw/bind/bind-lists.php and the archives at http://marc.theaimsgroup.com/?l=bind-users Now, this first error is self explanatory: you can't use 'allow-update' in a slave zone, only in the master. It makes sense, because if the slave had updates, then it would not be able to tell the master about those updates and the zones would become inconsistent between your machines (resulting in quite a mess). The other way around is better: update the master which will then send notifiiy messages to your slave who in turn will download the updates. So just remove 'allow-update' in the slave's named.conf(5). > Sep 7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has 0 SOA records > Sep 7 21:50:26 fbsd55-2 named[1924]: zone dlptest.com/IN/internal: has no NS records These point to a bad zone file. You should double check your /etc/namedb/dlptest.com.i.hosts file. Make sure you have both SOA and NS records in them. Consider using the named-checkzone(8) command to check your zone files. See the man page for named-checkzone(8) for more info. Hummm, I know it's not my business, but may I suggest you another name for your zone files? I personally use "db.dlptest.com.internal" and "db.dlptest.com.external" for the master files. For the slave, I use "bak.dlptest.com.internal" and "bak.dlptest.com.external". IMHO it's a little more clear whether you're working on a internal slave file or an external master file :) > Sep 7 21:50:26 fbsd55-2 named[1924]: running > Sep 7 21:50:27 fbsd55-2 named[1924]: dumping master > file: /etc/namedb/tmp-UZF5mCCxZP: open: permission denied > Sep 7 21:50:27 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from > 192.168.125.91#53: failed while receiving responses: permission denied > Sep 7 21:51:20 fbsd55-2 named[1924]: dumping master > file: /etc/namedb/tmp-SaWWYxV06u: open: permission denied > Sep 7 21:51:20 fbsd55-2 named[1924]: transfer of 'dlptest.com/IN' from > 192.168.125.91#53: failed while receiving responses: permission denied > > this was giving me the impression that the bind user was not able to write > to /var/named/etc/namedb, but every time i make a chmod or chown adjustment, > it just gets changed back: > > fbsd55-2# /etc/rc.d/named restart > Stopping named. > etc/namedb changed > user expected 0 found 53 modified > Starting named. > fbsd55-2# I'm afraid I'm not quite sure this problem is? Maybe check your fstab(5) for special options such as noexec or nosuid and friends. Check the mount(8) man page if you find anything. Also have you played with chflags(1) ? Finally, I would check the ISC's BIND mailing list archives to see if you can come up with something. Good luck, David > ive been dinking around with this for a few hours now, and im about to pull > what little hair i have left out. can someone shed light on this for me > please? any help at all would be much appreciated! > > cheers, > jonathan -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122