Really hope someone can help.
Ok so I am stuck and confused, I know I have had this working before but now cannot get this latest version to work.
I must be doing something wrong as have tried for 3 different servers.
Each server has the IP of the others whitelisted in csf.
The secondary dns config file never gets populated and all I see in /var/log/messages related to the domains are query (cache) 'DOMAIN' denied entries for each one.
Here is my primary named.conf:
Here is my secondary named.comf:
Both servers have multi-server setup via ssl, the test via DA button say both work fine. on both servers I have:
Restart named on both server, but neither server ever get the others zone files, nor does anything ever appear in /etc/named/secondary/named.conf on either server.
As a side note, in case it is a clue, I can never get the webadmin of directslave to work (for a start why on earth it's default is 2222 which is the long established port for DA admin) but aside from that, I change direct slaves ports (http and https) then restart directslave and nothing works.
Also, /usr/local/directslave/bin/directslave --check says:
Ok so I am stuck and confused, I know I have had this working before but now cannot get this latest version to work.
I must be doing something wrong as have tried for 3 different servers.
Each server has the IP of the others whitelisted in csf.
The secondary dns config file never gets populated and all I see in /var/log/messages related to the domains are query (cache) 'DOMAIN' denied entries for each one.
Here is my primary named.conf:
Code:
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
//recursion yes;
allow-recursion { localnets; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
allow-transfer {
123.123.123.123; # IP Of Secondary DNS Server
};
allow-query { any; };
also-notify {
123.123.123.123; # IP Of Secondary DNS Server
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/secondary/named.conf";
zone "server01.domainonprimary.net" { type master; file "/var/named/server01.domainonprimary.net.db"; };
Here is my secondary named.comf:
Code:
options {
//allow-transfer { none; };
allow-transfer {
321.321.321.321; # IP Of Primary Server
};
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
//allow-query { localhost; };
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/secondary/named.conf";
zone "server01.domainonsecondary.net" { type master; file "/var/named/server01.domainonsecondary.net.db"; };
Both servers have multi-server setup via ssl, the test via DA button say both work fine. on both servers I have:
Restart named on both server, but neither server ever get the others zone files, nor does anything ever appear in /etc/named/secondary/named.conf on either server.
As a side note, in case it is a clue, I can never get the webadmin of directslave to work (for a start why on earth it's default is 2222 which is the long established port for DA admin) but aside from that, I change direct slaves ports (http and https) then restart directslave and nothing works.
Also, /usr/local/directslave/bin/directslave --check says:
Code:
Here we do some test to check if your config ...
/usr/local/directslave/etc/directslave.conf is good.
Reading /usr/local/directslave/etc/directslave.conf ... OK
Trying to drop privileges to 25 25 ... OK
Running tests as UID:25, GID:25
Opening/creating file 'access_log' -> /usr/local/directslave/log/access.log ... OK
Opening/creating file 'error_log' -> /usr/local/directslave/log/error.log ... OK
Opening/creating file 'action_log' -> /usr/local/directslave/log/action.log ... OK
Opening/creating file 'named_conf' -> /etc/named/secondary/named.conf ... OK
Opening/creating file 'pid' -> /usr/local/directslave/run/directslave.pid ... OK
Testing named_workdir acesssibility /etc/named/secondary ... OK
Testing RNDC util accessibility at path /usr/sbin/rndc ... OK
*** All OK! You can safely run with --run flag.