[afnog] strange ns record

[Mike Barnard]

Hi,  OK let  me clear  some details, i forgot to add that i did check the
log files and they are all OK, i get no errors there regarding that zone
file. i however receive an entry in the logs on my secondary that tells me
that ns.one2net.co.ug is not authoritative for profiles.co.ug and stops the
transfer. Its the only zone my secondary ns cannot transfer.

Those commands will be sent to whatever DNS caches are listed in
> /etc/resolv.conf. If you want to send them directly to the authoritative
> host in order to test it, then you need something like
>
> # dig +norec @ 127.0.0.1 profiles.co.ug.


thanks over looked that...i get a response off the primary
ns# dig +norec profiles.co.ug

; <<>> DiG 8.3 <<>> +norec profiles.co.ug
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13395
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      profiles.co.ug, type = A, class = IN

;; AUTHORITY SECTION:
profiles.co.ug.         1H IN NS        ns.one2net.co.ug.
profiles.co.ug.         1H IN NS        ns2.one2net.co.ug .

;; ADDITIONAL SECTION:
ns.one2net.co.ug.       6H IN A         41.220.14.8
ns2.one2net.co.ug .      6H IN A         41.220.14.9

;; Total query time: 2 msec
;; FROM: ns.one2net.co.ug to SERVER: 127.0.0.1
;; WHEN: Wed Apr 26 17:11:12 2006
;; MSG SIZE  sent: 32  rcvd: 107



> (Naughty boy! Both nameservers on same subnet!)


:-) well Brian you know how it goes when you have limited addresses to
squeeze between dialups and all the other connectivity options.....but ill
look into finding space for it in the second block....

$ dig +norec @ns.one2net.co.ug. www.profiles.co.ug. a
> ;; connection timed out; no servers could be reached


my primary recieves so many queries and at times it takes time to
respond...fixing that...but that is where my secondary comes in...but for
this case it will not, let alone even transfer the domain


But ns2 is clearly broken:


it was down with a broken name database, but that was rebuilt. its only this
particular zone that it wont pick

So I think that ns2 has not correctly been set up as authoritative for the
> zone. Either it hasn't been configured as a slave (pulling the zone from
> ns), or it has been configured as a slave, but ns is disabling zone
> transfers.


in my primary i have this in the named.conf
options {
        allow-transfer {
                         41.220.14.9;

its the very first server allowed to transfer zone files.....

zone " profiles.co.ug" IN {
        type master;
        file "profiles.co.ug";
        notify yes;
};

 and this in the secondary named.conf

zone " profiles.co.ug" IN {
        type slave ;
        file "slave/db.profiles";
        masters { 41.220.14.8;
        };
};


To check this, log into ns2. Check that profiles.co.ug is in the named.conf
> and is listed as a slave. Check that it points to 41.220.14.8 as the
> master.
> Then try:


nope, its not there, like i said, it stops the transfer as soon as its
starts.

# dig @41.220.14.8 profiles.co.ug. axfr


ns2# dig @41.220.14.8 profiles.co.ug axfr

; <<>> DiG 9.3.1 <<>> @ 41.220.14.8 profiles.co.ug axfr

; (1 server found)
;; global options:  printcmd
; Transfer failed.

and i get this in the log files for ns1

26-Apr-2006 17:32:44.433 XX /41.220.14.9/profiles.co.ug/AXFR/IN
26-Apr-2006 17:32:44.435 denied AXFR from [41.220.14.9].60354 for "
profiles.co.ug" IN (not zone top)



Regards

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserv2.cfi.co.ug/pipermail/afnog/attachments/20060426/e1298e4a/attachment.html