Centos 7 bind master slave configuration

[subfire91]

Guys im having a bit of prob here which i was unable to solve:

i have setup a master slave configuration and the slave is unable to get the changes i make on primary. FYI servers run on chroot environment

i have no errors in the logs of the master but i get the following errors on the secondary. seems it is unable to communicate for some reason:

26-Sep-2016 17:40:25.731 query-errors: info: client 127.0.0.1#48025 (*******************): would rate limit slip SERVFAIL error response to 127.0.0.0/24
26-Sep-2016 17:40:25.731 query-errors: info: client 127.0.0.1#48025 (*******************): would rate limit drop SERVFAIL error response to 127.0.0.0/24
26-Sep-2016 17:40:25.731 query-errors: info: client 127.0.0.1#48025 (*******************): would rate limit slip SERVFAIL error response to 127.0.0.0/24


26-Sep-2016 17:43:11.311 rate-limit: info: would stop limiting error responses to 127.0.0.0/24
26-Sep-2016 17:47:00.939 general: error: dns_master_load: file format mismatch
26-Sep-2016 17:47:00.939 general: error: zone *****: loading from master file ****** failed: not implemented
26-Sep-2016 17:47:00.939 general: error: dns_master_load: file format mismatch
26-Sep-2016 17:47:00.939 general: error: zone *********/IN: loading from master file ************* not implemented
26-Sep-2016 17:47:00.943 general: error: dns_master_load: file format mismatch
26-Sep-2016 17:47:19.671 general: error: dns_master_load: file format mismatch


26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled
26-Sep-2016 17:40:22.230 general: info: zone ***/IN: refresh: failure trying master 192.168.*#53 (source 0.0.0.0#0): operation canceled

26-Sep-2016 18:04:06.152 xfer-in: error: transfer of '******/IN' from 192.168.*#53: failed to connect: timed out
26-Sep-2016 18:04:06.152 xfer-in: error: transfer of '******/IN' from 192.168.*#53: failed to connect: timed out

especially the mismatches which im getting for all the zones

services on both servers are up and running. i can telnet locally on their open ports but i cannot telnet from one to another. they are located in the same network.

any help appreciated

[avij]

Perhaps it's the firewall on the master server? Try these as root:

Code: Select all

firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --reload

All of those should output "success".

[subfire91]

thank for your reply.

Do i need to place anything in the slaves directory on both master and slave server ?

[mghe]

No, you do not. Only you have to indicate slaves folder in config of slave server.

[subfire91]

No, you do not. Only you have to indicate slaves folder in config of slave server.

so i have to indicate the folder but do not have to place anything in there right ?

from what i understand i wont have to place any db hosts files on slave either it will take them from the master one ?

[avij]

Right, the slave will fetch the data from the master server.

Something like this for a slave would do:

Code: Select all

zone "example.com" {
 	type slave;
 	file "slaves/example.com";
	 allow-query { any; };
 	allow-transfer { none; };
 	masters { ip.of.master.server; };
};

Note that you do not need to create the slaves/example.com file yourself. In fact, if you do, it may confuse bind. In that case you are advised to remove the slave file and restart bind, so that bind will fetch the data from the master and recreate the slave file by itself.

[subfire91]

Right, the slave will fetch the data from the master server.

Something like this for a slave would do:

Code: Select all

zone "example.com" {
 	type slave;
 	file "slaves/example.com";
	 allow-query { any; };
 	allow-transfer { none; };
 	masters { ip.of.master.server; };
};

Note that you do not need to create the slaves/example.com file yourself. In fact, if you do, it may confuse bind. In that case you are advised to remove the slave file and restart bind, so that bind will fetch the data from the master and recreate the slave file by itself.

thank you for your help

i have a problem though. i have already tried that and when i do not place any db files on the slave, from this line "file "slaves/example.com";" it generates an error with the service named-chroot unable to start because it cannot find the files in slave/ directory.

Code: Select all

my named.conf.local
------------------------
include "/etc/named/zones.rfc1918";

zone "subfire.net" IN {
type slave;
masters {192.168.200.21;};
file "slaves/db.subfire.net.hosts";
notify yes;

};

Code: Select all

Code: Select all

my named.conf.default-zones
zone "." IN {
	type hint;
	file "slaves/db.root";
	masters {192.168.200.21;};
};

zone "localhost" IN {
	type slave;
	file "slaves/db.local";
	masters {192.168.200.21;};
};

zone "127.in-addr.arpa" IN {
	type slave;
	file "slaves/db.127";
	masters {192.168.200.21;};
};

zone "0.in-addr.arpa" IN {
	type slave;
	file "slaves/db.0";
	masters {192.168.200.21;};
};

zone "255.in-addr.arpa" IN {
	type slave;
	file "slaves/db.255";
	masters {192.168.200.21;};
};

Code: Select all

zones.rfc1918
zone "10.in-addr.arpa"      { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "16.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "17.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "18.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "19.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "20.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "21.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "22.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "23.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "24.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "25.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "26.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "27.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "28.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "29.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "30.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "31.172.in-addr.arpa"  { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };
zone "168.192.in-addr.arpa" { type slave; masters {192.168.200.21;}; file "slaves/db.empty"; };

i have not uploaded any db.domain.hosts file on the slave but it is like it looks for them inside slave/ dir and refuses to get them from master. if i place them manually inside slaves it stops complaining but syncing does not work

[avij]

Note that you can mix master and slave zones. It makes little sense to define root (.), localhost or 127.in-addr.arpa as slave zones. They can be marked as master zones (or rather "hint" for the root . zone).

[subfire91]

27-Sep-2016 13:56:50.799 general: error: zone *************/IN: loading from master file /var/named/db.********.com.hosts failed: not implemented


whats this error mean

[avij]

27-Sep-2016 13:56:50.799 general: error: zone *************/IN: loading from master file /var/named/db.********.com.hosts failed: not implemented

whats this error mean

Take that in conjunction with the next row in the log:

26-Sep-2016 17:47:00.939 general: error: zone *********/IN: loading from master file ************* not implemented
26-Sep-2016 17:47:00.943 general: error: dns_master_load: file format mismatch

The file bind is trying to read is not in a format that bind understands.