We have a primary DNS server in the network but for some reason (likely due to security changes) it sometimes fails to respond DNS updates to the BIND slaves. Master Slave 2 So Slave 2 would get DNS updates from Slave 1 rather than Master?Is it possible to have a tiered slave system so if an urgent DNS record update is required when the primary server is partially unresponsive it steps down? That way if need be we can turn a zone from slave to master instantly on Slave 1 and Slave 2 would get the updates for our zones until we sort out the issues on Master then we can simply return the affected zone on Slave 1 back to a Slave zone "The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years.The problem lies with serial which is not updated to current date and number of changes per each day after a zone is changed......I realized this when I added several A records to a zone and then checked the dns_soa table, the serial was still 2009012401 instead of 2009012405 or 2009012415I have some slave DNS server running BIND that do zone transfers from my ispconfig server.Forwarding updates, however, makes IP address-based authorization using even more dangerous than usual, because forwarded updates have the slave name server’s source address.
// options ; logging ; zone "." IN ; include "/etc/named.rfc1912.zones"; include "/etc/key"; ### Internal DNS Slave Zones ### So we have successfully configured the BIND DNS Service, Now it’s time for testing., We have tools like dig, nslookup to check the DNS service working status. dig [[email protected] ~]# nslookup Server: 127.0.0.1 Address: 127.0.0.1#53 Name: Address: 192.168.1.100 [[email protected] ~]# nslookup ns1.Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ns1.Address: 192.168.1.100 [[email protected] ~]# nslookup ns2.Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ns2.Address: 192.168.1.101 [[email protected] ~]# nslookup 192.168.1.100 Server: 127.0.0.1 Address: 127.0.0.1#53 184.108.40.206.name = ns1.
The serial number of the zone if not changed, will lead to the change not propagating. Often the issue with a change taking a long time or until a reboot/restart of named is forgetting to update the serial or not the change not increasing the serial compared ..
If NS servers are not referenced, your shoukd include the option also-notify ; The DNS servers need transfer rights on zones from master..... Run host -C It should list the serial number for the zone on each listed name server.
// options ; logging ; zone "." IN ; include "/etc/named.rfc1912.zones"; include "/etc/key"; ### ELinux Book Internal Zones ### ### Forward Zone ### zone "elinuxbook.com" IN ; ### Reverse Zone ### zone "1.168.192.in-addr.arpa" IN ;
IN A 192.168.1.100 ; mail exchanger record (MX record) IN MX 5 ns1.