« previous next »
Pages: [1]

Author Topic: DNS slave SERVERFAIL  (Read 33340 times)

0 Members and 1 Guest are viewing this topic.

Offline
ecoll
*
DNS slave SERVERFAIL
« on: October 08, 2019, 11:55:42 AM »
Hi everybody

I have a big problem with my CWP

I have CWP in my homelab, Bind9 work as master DNS
i have a tiny VPS plan on scaleway for my dns slave

Here my /etc/named.conf

Master
Code: [Select]
zone "domaine.biz" {
        type master;
        file "/var/named/domaine.biz.db";
        allow-update { 163.172.1.226; };
};
Slave
Code: [Select]
        allow-query     { any; };
        allow-notify     { 82.65.125.128; };

zone "domaine.biz" {
        type slave;
        file "/var/named/domaine.biz.db";
        masters{ 82.65.125.128; };
};
bind9 state

master
Code: [Select]
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-10-08 09:38:35 CEST; 2s ago
  Process: 23022 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 11823 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 23038 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 23034 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 23039 (named)
   CGroup: /system.slice/named.service
           └─23039 /usr/sbin/named -u named -c /etc/named.conf

Oct 08 09:38:35 ns1.domaine.biz named[23039]: zone domaine.biz/IN: sending notifies (serial 2019100701)
Oct 08 09:38:35 ns1.domaine.biz systemd[1]: Started Berkeley Internet Name Domain (DNS).
Oct 08 09:38:35 ns1.domaine.biz named[23039]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct 08 09:38:35 ns1.domaine.biz named[23039]: resolver priming query complete
and slave
Code: [Select]
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-10-08 09:42:32 CEST; 2s ago
  Process: 20405 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 20423 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 20419 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 20428 (named)
   CGroup: /system.slice/named.service
           └─20428 /usr/sbin/named -u named -c /etc/named.conf

Oct 08 09:42:32 ns2.domaine.biz named[20428]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Oct 08 09:42:32 ns2.domaine.biz named[20428]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct 08 09:42:32 ns2.domaine.biz named[20428]: resolver priming query complete
Oct 08 09:42:32 ns2.domaine.biz named[20428]: zone domaine-x.biz/IN: Transfer started.
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone domaine-y.biz/IN: Transfer started.
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone domaine.biz/IN: zone transfer deferred due to quota  :o :o
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Dig
Code: [Select]
[root@ns2 named]# dig @ns1.domaine.biz domaine.biz

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ns1.domaine.biz domaine.biz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34581
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domaine.biz.              IN      SOA

;; ANSWER SECTION:
domaine.biz.       86400   IN      SOA     ns1.domaine.biz. admin.domaine.biz. 2019100800 3600 7200 1209600 86400

;; AUTHORITY SECTION:
domaine.biz.       86400   IN      NS      ns2.domaine.biz.
domaine.biz.       86400   IN      NS      ns1.domaine.biz.

;; ADDITIONAL SECTION:
ns1.domaine.biz.   14400   IN      A       82.65.125.128
ns2.domaine.biz.   14400   IN      A       163.172.1.226

;; Query time: 6 msec
;; SERVER: 82.65.125.128#53(82.64.165.178)
;; WHEN: mar. oct. 08 09:46:18 CEST 2019
;; MSG SIZE  rcvd: 155and
Code: [Select]
[root@ns2 named]# dig @ns2.domaine.biz domaine.biz

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ns2.domaine.biz domaine.biz
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 86
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domaine.biz.              IN      SOA

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: mar. oct. 08 09:40:37 CEST 2019
;; MSG SIZE  rcvd: 45
Do you have an idea ??
Quota for DNS  :o
Logged
Offline
martend
*
Re: DNS slave SERVERFAIL
« Reply #1 on: October 14, 2019, 08:15:23 PM »
Seems you have the same problem as me

During transfer from the dns host/slave combo to the slave somehow the zonefile get's corrupted / compressed in two lines.
I don't know if the script is causing it, or it gets compressed during ssh but the end result of your slave is the same, a servfail since it cannot read the "db.myexample.com" file.

I have a similar setup like you, one normal box 1 core 6gb memory and two smaller ones with 1 core and 1.7 gb memory for hosting the nameservers.

Sorry for not having an answer yet, still trying to figure out what is causing it :-)
Logged
Offline
ecoll
*
Re: DNS slave SERVERFAIL
« Reply #2 on: October 14, 2019, 08:40:25 PM »
thanks martend, sorry for you.

i finally succeeded
look at https://forum.ubuntu-fr.org/viewtopic.php?id=2044362
it's in french but finally there was a problem of socket closed on the primary
Logged
Offline
martend
*
Re: DNS slave SERVERFAIL
« Reply #3 on: October 14, 2019, 10:36:13 PM »
Ah..ports... I forgot those at times also :)
My French isn't great but I understood it, great that you found it.

I'm half happy at the moment:

okt 14 22:21:03 ns2 named[9829]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
okt 14 22:21:03 ns2 named[9829]: resolver priming query complete

number 2 is also online :-) but had to write a little script to import things myself. Maybe I did find the bug what is causing the problem but will open another thread for that :)
Logged
Pages: [1]
« previous next »