Secondary DNS is not updated quickly from Primary
Borhade Ganesh (vMoksha)
I have configured Primary DNS Server --> Bind 9.2.3 on Solaris 9 with
private IP address & Secondary DNS Server --> Bind 9 on Solaris 10 with
private IP address.
My zones are transfer from Primary DNS to Secondary DNS only when i reload
zone from secondary [ rndc reload <zone name > ].
I wants to make DNS Server's live on Monday with Public IP address but
before that i wants to make sure that if i restart rndc service ( rndc
stop/start ) on primary ( Zone updated with serial no ) then it should
automatically transfer the zone to Secondary DNS
Can anyone help me how to resolve it?
Best Regards
Ganesh BORHADE
---------------------------------------------------------
Legal Notice: This electronic mail and its attachments are intended solely
for the person(s) to whom they are addressed and contain information which
is confidential or otherwise protected from disclosure, except for the
purpose for which they are intended. Dissemination, distribution, or
reproduction by anyone other than the intended recipients is prohibited and
may be illegal. If you are not an intended recipient, please immediately
inform the sender and return the electronic mail and its attachments and
destroy any copies which may be in your possession. UCB screens electronic
mails for viruses but does not warrant that this electronic mail is free of
any viruses. UCB accepts no liability for any damage caused by any virus
transmitted by this electronic mail.
---------------------------------------------------------
Barry Margolin
"Borhade Ganesh (vMoksha)" <Ganesh....@UCB-Group.com> wrote:
> Dear All,
> I have configured Primary DNS Server --> Bind 9.2.3 on Solaris 9 with
> private IP address & Secondary DNS Server --> Bind 9 on Solaris 10 with
> private IP address.
> My zones are transfer from Primary DNS to Secondary DNS only when i reload
> zone from secondary [ rndc reload <zone name > ].
> I wants to make DNS Server's live on Monday with Public IP address but
> before that i wants to make sure that if i restart rndc service ( rndc
> stop/start ) on primary ( Zone updated with serial no ) then it should
> automatically transfer the zone to Secondary DNS
> Can anyone help me how to resolve it?
The slave should automatically refresh the zone every <refresh> seconds,
where this is the Refresh parameter in the zone's SOA record. So if you
want to ensure that it updates within 15 minutes, set this to 900.
You should also be able to use the DNS Notify mechanism. Make sure that
the slaves are listed in the NS records of the zone, and the master will
send a Notify message to the slaves within a few seconds of your
reloading the zone on the master.
Of course, make sure you increment the serial number on the master after
making chances.
Are there any messages in the slave's log when it should be refreshing
the zone?
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
Borhade Ganesh (vMoksha)
DNS Setup:
1. Primary DNS on Solaris 9 with BIND 9.2.3 ( Solaris package )
2. Secondary DNS is on Solaris 10 with Bind 9.2.4 ( build in of Solaris 10 )
Problem :
1. When i changed "Zone" on "Primary DNS" with updated "Serial no" in Zone
file & then used "rndc reload / rndc reload
<zone name>" on Primary DNS.
"Secondary DNS" zone is not updated immediately even i kept "refresh rate
as 5 min".(i uses rndc reload on
Secondary DNS) but when i uses "rndc reload <zone name>" on "Secondary
DNS" then zone gets transfer immediately.
Is this bug in BIND 9.2.3? because i had not faced problem with "BIND 8"
for Zone Transfer.
2. Is any BIND patch available for BIND 9.2.3 on Solaris 9?
3. If instead of rndc key if i uses tsig key then will security will
increase?
Best Regards
Ganesh Borhade
91-9880537357
---------------------------------------------------------
Mark Andrews
> Dear All,
>
> DNS Setup:
> 1. Primary DNS on Solaris 9 with BIND 9.2.3 ( Solaris package )
> 2. Secondary DNS is on Solaris 10 with Bind 9.2.4 ( build in of Solaris 10 )
> Problem :
>
> 1. When i changed "Zone" on "Primary DNS" with updated "Serial no" in Zone
> file & then used "rndc reload / rndc reload
> <zone name>" on Primary DNS.
> "Secondary DNS" zone is not updated immediately even i kept "refresh rate
> as 5 min".(i uses rndc reload on
> Secondary DNS) but when i uses "rndc reload <zone name>" on "Secondary
> DNS" then zone gets transfer immediately.
> Is this bug in BIND 9.2.3? because i had not faced problem with "BIND 8"
> for Zone Transfer.
Firstly is the secondary listed in the NS RRset?
Secondly can the primary resolve the addresses of the secondary?
Thirdly is the primary sending the notify messages from the same
address as that listed in the masters clause on the secondary?
Fourthly does the SOA MNAME match the name of the primary servers?
Fifthly is there a firewall/NAT blocking or otherwise changing the
notify message.
There are ways to address most/all of the potential issues but
without answers to the above questions people won't be able to
help you.
NOTIFY is simple. The master loads the zone. It looks up
the addresses for the nameservers. It sends the NOTIFY
message to the slaves (the master is identified by the SOA
MNAME). The slave looks at the NOTIFY and the address the
NOTIFY was from and decided to accept or reject it. It
then looks at any SOA record to see if the serial is greater
than it currently has. If it is or there was no SOA record
it starts the standard refresh processing.
> 2. Is any BIND patch available for BIND 9.2.3 on Solaris 9?
A patch for what? BIND is distributed freely in source form.
You can just compile and install the latest release.
> 3. If instead of rndc key if i uses tsig key then will security will
> increase?
Yes but get everything else working first before you look at
TSIG.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org
Borhade Ganesh (vMoksha)
1. Zone transfer problem : still problem
a. Secondary DNS is configured in Primary DNS named.conf & zone file with
PTR record
b. I have tried with notify yes option but notification send by Primary
DNS but zone doesn't transfer without
rndc reload <zone name>
c. Primary is able to resolve Secondary A & PTR records
d. SOA MNAME match
2. patch update: OK now
OK, I have install BIND 9.2.3 on Solaris thus not to worry
3. TSIG ? Still pending but OK till now
OK, my rndc key is working for zone transfer between Primary & Secondary,
but i will think TSIG afterward.
Mark, Thanks for valuable update.
Regards
Ganesh
91-9880537357
Sten Carlsen
The only thing this key is meant for is securing the communication
between the rndc-program and a BIND-server. Zone-transfers do not
normally use a key at all; if they do it is the TSIG-key. At least to my
knowledge.
Borhade Ganesh (vMoksha) wrote:
--
Best regards
Sten Carlsen
Let HIM who has an empty INBOX send the first mail.
base60
> In article <dmq2tg$cun$1...@sf1.isc.org>,
> "Borhade Ganesh (vMoksha)" <Ganesh....@UCB-Group.com> wrote:
>
>
>>Dear All,
>> I have configured Primary DNS Server --> Bind 9.2.3 on Solaris 9 with
>>private IP address & Secondary DNS Server --> Bind 9 on Solaris 10 with
>>private IP address.
>>My zones are transfer from Primary DNS to Secondary DNS only when i reload
>>zone from secondary [ rndc reload <zone name > ].
>> I wants to make DNS Server's live on Monday with Public IP address but
>>before that i wants to make sure that if i restart rndc service ( rndc
>>stop/start ) on primary ( Zone updated with serial no ) then it should
>>automatically transfer the zone to Secondary DNS
>> Can anyone help me how to resolve it?
>
>
> The slave should automatically refresh the zone every <refresh> seconds,
> where this is the Refresh parameter in the zone's SOA record. So if you
> want to ensure that it updates within 15 minutes, set this to 900.
>
> You should also be able to use the DNS Notify mechanism. Make sure that
> the slaves are listed in the NS records of the zone, and the master will
> send a Notify message to the slaves within a few seconds of your
> reloading the zone on the master.
I think bind9 automatically does a Notify if the serial number changes
or bind is restarted...