|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] FW: BIND troubleshooting / help
|
I think, per top, that named runs as a user named named. File permissions
were like this:
[root@IMDMZDNS1 root]# ls -laF /var/named
total 72
drwxr-xr-x 2 named named 4096 Aug 3 03:08 ./
drwxr-xr-x 17 root root 4096 Jul 9 15:24 ../
-rw-r--r-- 1 root root 599 Aug 3 03:06
10.10.10.in-addr.arpa.zone
-rw-r--r-- 1 root root 516 Aug 3 03:06
1.1.10.in-addr.arpa.zone
-rw-r--r-- 1 root root 400 Jul 19 01:29
airproductshealthcare.com.zone
-rw-r--r-- 1 root root 401 Jul 19 01:29
americanhomecaresupply.com.zone
-rw-r--r-- 1 root root 384 Jul 19 01:29 etmtt.com.zone
-rw-r--r-- 1 root root 387 Aug 3 03:06 ghpharma.com.zone
-rw-r--r-- 1 root root 389 Jul 19 01:30 gh-systems.com.zone
-rw-r--r-- 1 root root 390 Jul 19 01:30 intelimedia.com.zone
-rw-r--r-- 1 root root 695 Aug 3 03:06
intelli-media.com.zone
-rw-r--r-- 1 named named 195 Jan 24 2003 localhost.zone
-rw-r--r-- 1 named named 2499 Jan 24 2003 named.ca
-rw-r--r-- 1 named named 433 Jan 24 2003 named.local
-rw-r--r-- 1 root root 384 Jul 19 01:30 nspst.net.zone
-rw-r--r-- 1 root root 384 Jul 19 01:30 nspst.org.zone
-rw-r--r-- 1 root root 383 Jul 19 01:30 spbt.net.zone
-rw-r--r-- 1 root root 383 Jul 19 01:31 spbt.org.zone
[root@IMDMZDNS1 root]#
I changed them to this:
[root@IMDMZDNS2 named]# ls -laF
total 76
drwxr-xr-x 2 named named 4096 Aug 5 22:57 ./
drwxr-xr-x 18 root root 4096 Jun 30 10:20 ../
-rw-r--r-- 1 named named 599 Aug 3 02:04
10.10.10.in-addr.arpa.zone
-rw-r--r-- 1 named named 516 Aug 3 02:04
1.1.10.in-addr.arpa.zone
-rw-r--r-- 1 named named 400 Jul 20 01:43
airproductshealthcare.com.zone
-rw-r--r-- 1 named named 401 Jul 20 01:43
americanhomecaresupply.com.zone
-rw-r--r-- 1 named named 384 Jul 20 01:43 etmtt.com.zone
-rw-r--r-- 1 named named 387 Aug 3 02:04 ghpharma.com.zone
-rw-r--r-- 1 named named 389 Jul 20 01:43 gh-systems.com.zone
-rw-r--r-- 1 named named 390 Jul 20 01:43 intelimedia.com.zone
-rw-r--r-- 1 named named 695 Aug 3 02:03
intelli-media.com.zone
-rw-r--r-- 1 named named 413 Jul 20 01:43
intelli-media.com.zone_011803
-rw-r--r-- 1 named named 195 Jan 24 2003 localhost.zone
-rw-r--r-- 1 named named 2499 Jan 24 2003 named.ca
-rw-r--r-- 1 named named 433 Jan 24 2003 named.local
-rw-r--r-- 1 named named 384 Jul 20 01:44 nspst.net.zone
-rw-r--r-- 1 named named 384 Jul 20 01:44 nspst.org.zone
-rw-r--r-- 1 named named 383 Jul 20 01:44 spbt.net.zone
-rw-r--r-- 1 named named 383 Jul 20 01:44 spbt.org.zone
[root@IMDMZDNS2 named]#
Doens't seem to have made much difference.
ns3 is the master, ns1 and ns2 are the slaves.
They can all ping each other.
>From ns1 and ns2 I can do a dig axfr successfully:
[root@IMDMZDNS2 named]# dig @10.10.10.213 intelli-media.com axfr
; <<>> DiG 9.2.1 <<>> @10.10.10.213 intelli-media.com axfr
;; global options: printcmd
intelli-media.com. 86400 IN SOA ns3.intelli-media.com.
dnsadmin.intelli-media.com. 2003080302 28800 7200 604800 86400
intelli-media.com. 86400 IN NS ns1.intelli-media.com.
intelli-media.com. 86400 IN NS ns2.intelli-media.com.
intelli-media.com. 86400 IN NS ns3.intelli-media.com.
intelli-media.com. 86400 IN MX 10 email.intelli-media.com.
intelli-media.com. 86400 IN MX 20
mailbag.voyagerhosting.net.
intelli-media.com. 86400 IN A 10.1.1.51
email.intelli-media.com. 86400 IN A 10.1.1.53
imap.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
ns1.intelli-media.com. 86400 IN A 10.10.10.211
ns2.intelli-media.com. 86400 IN A 10.10.10.212
ns3.intelli-media.com. 86400 IN A 10.10.10.213
pop.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
smtp.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
webmail.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
www.intelli-media.com. 86400 IN CNAME intelli-media.com.
intelli-media.com. 86400 IN SOA ns3.intelli-media.com.
dnsadmin.intelli-media.com. 2003080302 28800 7200 604800 86400
;; Query time: 27 msec
;; SERVER: 10.10.10.213#53(10.10.10.213)
;; WHEN: Wed Aug 6 11:22:33 2003
;; XFR size: 18 records
[root@IMDMZDNS2 named]#
But the zones still don't update right:
[root@IMDMZDNS2 named]#
[root@IMDMZDNS2 named]# rndc reload
[root@IMDMZDNS2 named]#
[root@IMDMZDNS2 named]# tail /var/log/messages -n 15
Aug 6 11:02:47 IMDMZDNS2 named[6230]: zone nspst.net/IN: refresh: failure
trying master 10.10.10.213#53: timed out
Aug 6 11:02:47 IMDMZDNS2 named[6230]: zone nspst.net/IN: refresh: retry
limit for master 10.10.10.213#53 exceeded
Aug 6 11:11:38 IMDMZDNS2 named[6230]: zone intelimedia.com/IN: refresh:
failure trying master 10.10.10.213#53: timed out
Aug 6 11:12:23 IMDMZDNS2 last message repeated 3 times
Aug 6 11:12:23 IMDMZDNS2 named[6230]: zone intelimedia.com/IN: refresh:
retry limit for master 10.10.10.213#53 exceeded
Aug 6 11:18:08 IMDMZDNS2 named[6230]: zone intelli-media.com/IN: refresh:
failure trying master 10.10.10.213#53: timed out
Aug 6 11:18:53 IMDMZDNS2 last message repeated 3 times
Aug 6 11:18:53 IMDMZDNS2 named[6230]: zone intelli-media.com/IN: refresh:
retry limit for master 10.10.10.213#53 exceeded
Aug 6 11:24:59 IMDMZDNS2 named[6230]: loading configuration from
'/etc/named.conf'
Aug 6 11:24:59 IMDMZDNS2 named[6230]: no IPv6 interfaces found
Aug 6 11:25:14 IMDMZDNS2 named[6230]: zone 0.0.127.in-addr.arpa/IN:
refresh: failure trying master 10.10.10.213#53: timed out
Aug 6 11:25:29 IMDMZDNS2 named[6230]: zone 0.0.127.in-addr.arpa/IN:
refresh: failure trying master 10.10.10.213#53: timed out
Aug 6 11:25:31 IMDMZDNS2 named[6230]: loading configuration from
'/etc/named.conf'
Aug 6 11:25:31 IMDMZDNS2 named[6230]: no IPv6 interfaces found
Aug 6 11:25:31 IMDMZDNS2 named[6230]: zone 0.0.127.in-addr.arpa/IN:
refresh: failure trying master 10.10.10.213#53: operation canceled
[root@IMDMZDNS2 named]#
Also, I can do a dig axfr successfully over the 'net:
[root@rh9 root]#
[root@rh9 root]# dig @146.145.39.212 intelli-media.com axfr
; <<>> DiG 9.2.1 <<>> @146.145.39.212 intelli-media.com axfr
;; global options: printcmd
intelli-media.com. 86400 IN SOA ns3.intelli-media.com.
dnsadmin.intelli-media.com. 2003080302 28800 7200 604800 86400
intelli-media.com. 86400 IN NS ns1.intelli-media.com.
intelli-media.com. 86400 IN NS ns2.intelli-media.com.
intelli-media.com. 86400 IN NS ns3.intelli-media.com.
intelli-media.com. 86400 IN MX 10 email.intelli-media.com.
intelli-media.com. 86400 IN MX 20
mailbag.voyagerhosting.net.
intelli-media.com. 86400 IN A 10.1.1.51
email.intelli-media.com. 86400 IN A 10.1.1.53
imap.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
ns1.intelli-media.com. 86400 IN A 10.10.10.211
ns2.intelli-media.com. 86400 IN A 10.10.10.212
ns3.intelli-media.com. 86400 IN A 10.10.10.213
pop.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
smtp.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
webmail.intelli-media.com. 86400 IN CNAME email.intelli-media.com.
www.intelli-media.com. 86400 IN CNAME intelli-media.com.
intelli-media.com. 86400 IN SOA ns3.intelli-media.com.
dnsadmin.intelli-media.com. 2003080302 28800 7200 604800 86400
;; Query time: 52 msec
;; SERVER: 146.145.39.212#53(146.145.39.212)
;; WHEN: Wed Aug 6 11:55:13 2003
;; XFR size: 18 records
[root@rh9 root]#
Of note is Cisco NAT translates (within the packets too) for example
10.10.10.212 to 146.145.39.212. Also there are A records for these name
servers on E1.NS.VOYAGER.net.
I know it's bad form to post so much non-obfuscated info on a list, but I
just need to get this to work and don't want to obfuscate help...
Is it possible IPtables on the machines is somehow to blame?
What can I do next to troubleshoot?
Much much continued TIA,
- Zake
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|