Search Again: Re: dns problem resolution? From: Men & Mice Support Date: Friday, November 5, 2004 Time: 2:08:02 pm Every server, at startup, sends notifies to all other servers. It doesn't matter that the server is a slave. The odd thing is that it's notifying itself, which means that it's not properly removing itself from the list of "other" servers. This shouldn't cause any problems, but it is an odd thing. Chris Buxton Men & Mice - Making DNS Easy Customer Service and Sales Engineer At 4:08 PM -0500 11/5/04, John May wrote: >Nope, we only use public IPs for our nameservers. > >However, it does still seem like the secondary is sending notify >packets to itself on startup, and this is what is causing the >errors. However, this didn't happen with BIND 9.2.x. > >Is this something to be concerned about? Any way to fix it? > >Thanks! > > - John > >>My first guess is that you have your servers on private IP addresses. >> >>Your master server loads a zone and sends notify packets to all >>servers listed in each zone's NS records, excluding itself. It does >>this by resolving the names to (public) IP addresses. But your >>slave server is configured to think of the master server being at a >>private address. So it rejects the notification. >> >>(Continuing the assumption...) Since your firewall supports two-way >>NAT (like all NAT-based firewalls should, though many don't), you >>can solve this neatly as follows: >> >>- For each server, remove the server (Administration > Remove Name >>Server) and re-add it, using the public IP addresses. (You probably >>don't even have to specify addresses.) >> >>- Remove all the zones from your slave server and recreate them, >>using the AppleScripts included with QuickDNS Manager for Mac OS X, >>or else use a shell command like this on the slave server to change >>the master server IP in all the slave zones (assumes Mac OS X): >> >>cd /var/named/conf/zoneopt >>sudo perl -pi -e 's {internal-ip} {public-ip}' * >>rndc -k ../user_before reload >> >>Chris Buxton >>Men & Mice - Making DNS Easy >>Customer Service and Sales Engineer >> >>At 3:01 PM -0500 11/5/04, John May wrote: >>>When we upgraded to 9.3.0, our secondary server throws a lot of >>>the following errors at startup: >>> >>> >>>05-Nov-2004 12:00:01.241 zone desco-services.com/IN: refused >>>notify from non-master: 66.151.191.77#50835 >>> >>> >>>Any ideas? >>> >>> - John >>> >>>>Sure. I'm going to assume you're currently using BIND 9.2.x. >>>> >>>>- Download the source code for BIND 9.3.0 from the ISC.org >>>>website. Decompress the archive. >>>>- Open a shell (e.g. a Terminal window) and cd to the directory. >>>>For example, if you download with normal web browser settings on >>>>Mac OS X and decompress using Stuffit Expander, you can most >>>>likely use this command: >>>> >>>>cd ~/Desktop/bind-9.3.0 >>>> >>>>- Execute the following to compile and install: >>>> >>>>./configure >>>>make >>>>sudo -s >>>>mv /usr/sbin/named /usr/sbin/named-9.2 >>>>cp bin/named/named /usr/sbin/named >>>> >>>>- Continue with the following to test (involves a little downtime >>>>for your server): >>>> >>>>killall named && /usr/sbin/named -4 -g >>>> >>>>This opens the new copy in a debugging mode. See if there are any >>>>error messages. When you're satisfied, type control-c to stop it, >>>>then execute this to start it normally: >>>> >>>>/usr/sbin/named -4 >>>> >>>>If you see any problems during the debug mode session, fix them. >>>>If you can't, revert to the old version: >>>> >>>>/usr/sbin/named-9.2 >>>> >>>>- Exit root mode: >>>> >>>>exit >>>> >>>>- If the new version works for you, modify your boot script (on >>>>Mac OS X, that's /Library/StartupItems/QuickDNS/named; on >>>>FreeBSD, it's your normal operating system boot script for named) >>>>to include the -4 parameter for launching named. >>>> >>>>Chris Buxton >>>>Men & Mice - Making DNS Easy >>>>Customer Service and Sales Engineer >>>> >>>>At 6:36 PM -0500 11/4/04, John May wrote: >>>>>Chris - >>>>> >>>>>Can you repost these instructions? >>>>> >>>>> - John > >-- > >------------------------------------------------------------------- >John May : President <http://www.pointinspace.com> >Point In Space Internet Solutions jmay@pointinspace.com > > Professional Lasso / PHP / MySQL / FileMaker Pro Hosting

Messages In This Thread: dns problem resolution? by Jody McAlister on Nov 1, 2004 at 2:20:49 pm Re: dns problem resolution? by Men & Mice Support on Nov 1, 2004 at 2:52:12 pm Re: dns problem resolution? by Jody McAlister on Nov 1, 2004 at 3:37:30 pm Re: dns problem resolution? by Scott Haneda on Nov 1, 2004 at 3:45:23 pm Re: dns problem resolution? by Jody McAlister on Nov 4, 2004 at 10:37:32 am Re: dns problem resolution? by Men & Mice Support on Nov 4, 2004 at 12:09:36 pm Re: dns problem resolution? by Jody McAlister on Nov 4, 2004 at 2:04:16 pm Re: dns problem resolution? by Men & Mice Support on Nov 4, 2004 at 2:33:26 pm Re: dns problem resolution? by John May on Nov 4, 2004 at 3:46:25 pm Re: dns problem resolution? by Men & Mice Support on Nov 4, 2004 at 4:06:33 pm Re: dns problem resolution? by Thomas Carpentier on Nov 5, 2004 at 1:50:43 am Re: dns problem resolution? by Men & Mice Support on Nov 5, 2004 at 11:22:34 am Re: dns problem resolution? by Jim Cobb on Nov 5, 2004 at 11:55:11 am Re: dns problem resolution? by John May on Nov 5, 2004 at 12:03:37 pm Re: dns problem resolution? by Men & Mice Support on Nov 5, 2004 at 12:33:34 pm Re: dns problem resolution? by John May on Nov 5, 2004 at 1:11:41 pm Re: dns problem resolution? by Men & Mice Support on Nov 5, 2004 at 2:08:02 pm