James B. Byrne wrote:
> I have the following layout
>
> DNS01 - Master
> DNS02 - Remote slave
> DNS03 - Local network slave
>
> The master is configured so:
>
> acl HLLnetworks {
> 209.47.176/24;
> 216.185.71/24;
> };
>
> options {
> allow-query {
> any;
> };
> allow-recursion {
> HLLnetworks;
> };
> allow-transfer {
> HLLnetworks;
> };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> query-source address 216.185.71.33;
> listen-on {
> 216.185.71.33;
> };
> notify yes;
> };
>
>
> The slaves are configured this way (appropriately modified for each
> ip address:
>
> acl HLLnetworks {
> 209.47.176/24;
> 216.185.71/24;
> };
>
> options {
> allow-query {
> any;
> };
> allow-recursion {
> HLLnetworks;
> };
> allow-transfer {
> HLLnetworks;
> };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> notify no; // this is a slave server
> query-source address 209.47.176.33;
> listen-on {
> 127.0.0.1;
> };
> listen-on {
> 209.47.176.33;
> };
> forwarders {
> 216.185.71.33;
> };
> };
>
> Now, what I am seeing on one of the slaves when I change a zone in
> the master and reload is this:
>
> Nov 3 12:47:49 inet06 named[9597]: received notify for zone
> 'byrnejb.ca'
>
> but on the other I see this:
>
> Nov 3 12:47:50 inet04 named[18368]: client 216.185.71.27#33829:
> received notify for zone 'byrnejb.ca'
> Nov 3 12:47:50 inet04 named[18368]: zone byrnejb.ca/IN: refused
> notify from non-master: 216.185.71.27#33829
>
> The master configuration for byrnejb.ca is
>
> zone "byrnejb.ca" {
> type master;
> file "/var/named/masters/byrnejb.ca.hosts";
> };
>
> On inet06 the slave zone configuration is:
>
> zone "byrnejb.ca" {
> type slave;
> masters {
> 216.185.71.33;
> };
> file "/var/named/slaves/byrnejb.ca.hosts";
> };
>
> and on inet04 it is:
>
> zone "byrnejb.ca" {
> type slave;
> masters {
> 216.185.71.33;
> };
> file "/var/named/slaves/byrnejb.ca.hosts";
> };
>
> Which is, as far as I can see, identical.
>
> In any case, the real problem is that neither slave actually
> transfers the updated zone file and I cannot figure out why not. I
> have verified that the master zone file serial number is greater
> than that of the slave zones.
>
> So, I have two questions:
>
> 1. Why is the source address 216.185.71.27 when the bind named
> listens on 216.185.71.33 and answers queries from the same address.
> Admittedly, 216.185.71.33 is a virtual ip hosted on 216.185.71.27
> but we have been doing this for over a decade now and I have never
> seen this behaviour before.
>
> 2. Why are the notifies ignored? Again, we have had this set up for
> over a decade and none of these problems until now, and the only
> thing that has happened on the dns side of things recently were the
> CentOS updates last week.
>
> I am not a DNS specialist, I set this up several years ago and I am
> perplexed as to why it is now giving me these difficulties. Any
> help would be gratefully appreciated.
If you want the master to use a certain one of several possible source
addresses for notify operations you should probably set 'notify-source'.
--
Les Mikesell
lesmikesell at gmail.com