Cloudns Slave Issue

[webriddler]

Hi,
Wanted to get some pointers on using DA as the Master and Cloudns as the slave, I have spent the past few hours with a ticket via Cloudns and essentially they are saying that my DA server is 'not allowing the transfer'

I followed @eva2000 excellent guide (not all of it) to install DA and have a good install, everything is working and I have been able to install LE etc I have followed his advice on setting the firewall and DNS is allowed etc

I have used their provided script for updating the zones and the syntax and details are all correct, I have added a

named.conf

file with their IP's to /etc/named and again they have checked it and it's all correct.

I have a cron job set which calls the script and it seems that some records were added to my DNS records at Cloudns but I cannot see them via their panel. I have set the NS1/2 to be the IP's I use from the Cloudns servers and have verified these are the correct ones in DA

my server.domain.com:2222 resolves correctly as well as domain.com but if I add test.domain.com via the DA panel I cannot connect.

Would some kind soul point me in the right direction, it's probably something really simple but it has me absolutely stumped.

 

[webriddler]

Just wanted to add this is one of the logs I see:

client @0x7f7542ed55b0 79.137.84.65#51460 (domain.com): zone transfer 'domain.com/AXFR/IN' denied

 

[Arieh]

Did you add the right IP addresses in named.conf? It says the following:

Please have in mind that these are example IP addresses of our name servers. The servers available for you may differ and we recommend adding the IP addresses, listed on the right side of your Dashboard.

 

[webriddler]

Hi,
Thanks for the reply, yes I made sure to add the ones from the Cloudns panel in the slave zone, I have checked everything I can think of but it's still not working as it should.

 

[Arieh]

Is 79.137.84.65 one of the IPs you configured? It seems to be a cloudns.net IP-address. If that one tries to get the DNS record from your bind but it denies it then it really looks like that is the thing going wrong. Have you restarted bind/named after configuring?

Usually these kind of DNS setups works as follow:
- DA informs slave server of change in a domain
- Slave bind server then asks to bind master, through AXFR, the record of this domain

If you see a deny hit, it would indicate the first part works, so it knows to ask for the record, but the bind master does not give the record when asked.

 

[webriddler]

Hi,
Yes the IP 79.xx.xx.xx is one of the Cloudns IP's I did restart named (Centos7) and have pretty much tried everything I can think of. What was interesting was if I remove the slave zone in clouds it reduced the number of DNS records if I re-add it (Cloudns) adds records (the correct number for 1 new domain) but I still see the AXFR denied error. Absolutely baffled.

Am pretty new to DA and all this and have for now reverted to having a Master at Cloudns with me adding the subdomains etc manually and it's all working as it should. Cannot think what else to try?

Does your answer seem to point to you saying the issue must be with the slave?

It also occurred to me just now, do I put the server.example.com i.e the hostname of the server as the slave or the example.com?

 

[Arieh]

It really should be an issue with the bind config. That AXFR permission error is something that should not be there.

You mentioned you actually added a named.conf file into /etc/named. If that is the case then that's probably where it goes wrong.

You need to edit the existing config file. On my box the path is /etc/named.conf

That file has an existing options { } block where you should modify the settings allow-transfer and also-notify, if present, or add them there.

 

[webriddler]

Yep I added named.conf I am currently re-installing as I must have gone wrong somewhere, I will post when it's completed as I am determined to get it sorted, thanks for the info & updates

 

[webriddler]

Well, I got it to work, phew. Your advice regarding the location of named.conf was the issue and it's now done the transfer. I still cannot connect to a setup subdomain but will figure that out tomorrow. Thanks for the heads up and the support.