Richard G
Verified User
Check all 3 of the directslave logs, maybe something points in the right direction.but still refused for zone file.
Check all 3 of the directslave logs, maybe something points in the right direction.but still refused for zone file.
Also possible, but not required as the DS server will not be doing any transferring if it's only a DS server. so you could just as well set this to none.allow-transfer { "trusted"; 176.9.117.123; 176.9.117.108;};
I don't know why you put all the ip's in there since you have the "any" as last line anyway, so in that case every ip is allowed.acl "outside" {
this one is totally unknown to me at the moment. So I've looked it up, but you don't need that at all.controls {
inet 127.0.0.1 port 953 allow { localhost; 127.0.0.1 ; 212.110.95.71; } keys { "rndc-key"; };
};
AFXR denied, looks like the "allow-transfer" on the master server is not setup correctly.zone transfer 'proba2.mk/AXFR/IN' denied
The domain proba2.mk is non existing or not resolving yet, an nslookup proba2.mk does not give any ip.transfer of 'proba2.mk/IN'
It was from previous setting when it wasnt set to any. I just didnt remove it. It makes no difference I believe since not used. Just for me to remember which IPs are there.I don't know why you put all the ip's in there since you have the "any" as last line anyway, so in that case every ip is allowed.
But it looks good. I never use ACL's and just keep it simple, but I don't use many servers so that's another reason.
Well I will disable this. The thing is that for many years we have a kind of twisted dns setup and it was like that from who knows when. Initially long time ago we had primary dns and secondary dns with separate webserver. After moving on towards cpanel the webserver become webserver and ns3. In that situation the zones were pushed from ns3 towards primary dns and ns2. On the dns and ns2 we only added manually to revers zones our /24s that we had but were part of the local network.this one is totally unknown to me at the moment. So I've looked it up, but you don't need that at all.
Not a single remove service, not even your own DA server is required to use your rndc system on your DS server. Only localhost so only the DS server itself will use rndc to restart named. So this line is obsolete / not necessary at all.
still no zone file transfer unfortunately.I think it should work like this.
Still having zone file issues?
No but that domain does not exist according to internet, because proba2.mk is not resolving. But if I'm correct also non existing test domains should work. So maybe that is no problem.still no zone file transfer unfortunately.
Why not try with something that DA creates, without all the fuzz.The thing is that for many years we have a kind of twisted dns setup and it was like that from who knows when.
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
version "private";
allow-recursion { localnets; localhost; };
allow-notify { 12.34.56.789; };
allow-transfer { none; };
allow-query { any; };
empty-zones-enable no;
dnssec-enable yes;
dnssec-validation auto;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/rndc.key";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/directslave.inc";
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
version "private";
allow-recursion { localhost; localnets; };
allow-transfer { 98.76.54.321; };
allow-query { any; };
empty-zones-enable no;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/rndc.key";
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
The reason for this is that the multi-server setup of DA normally does not work that way. It's intended for use between 2 DA servers or a personal license only working as DNS slave. In that case the communication is done directly between both DA servers via port 2222.why when you add a server in a multi-server settings its ip is not added to the named.conf on DA server.
2025/07/16 09:16:46 Failed to move .tmp file rename /etc/named/directslave.inc.tmp /etc/named/directslave.inc: no such file or directory
under /etc/named: -rw-r--r-- 1 named named 41679 Jul 16 09:21 directslave.inc
DEBUG: &{MethodOST URL:/CMD_API_DNS_ADMIN Proto:HTTP/1.0 ProtoMajor:1 ProtoMinor:0 Header:map[Authorization:[Basic HGjGHGJKghAH] Content-Length:[94] User-Agent:[DA-Socket-Class]] Body:0xc000146500 GetBody: ContentLength:94 TransferEncoding:[] Close:true Host:IP_DIRECTSLAVE Form:map[] PostForm:map[] MultipartForm: Trailer:map[] RemoteAddr:IP_DIRECTADMIN_SERVER:60258 RequestURI:/CMD_API_DNS_ADMIN TLS: Cancel: Response: ctx:0xc000256b70}
2025/03/13 14:59:33 Failed to move .tmp file rename /etc/named/directslave.inc.tmp /etc/named/directslave.inc: no such file or directory
2025/03/13
Not yet, but that could also be because no domains were removed on the servers connected with DS. That's why I said I would do some testing later today.Do you have any new occurrences, Richard?
2025/07/16 19:18:40 Failed to move .tmp file rename /etc/named/directslave.inc.tmp /etc/named/directslave.inc: no such file or directory
Currently, I had named as owner and group.Not yet, but that could also be because no domains were removed on the servers connected with DS. That's why I said I would do some testing later today.
I just now had time do to the test and the error still occurs indeed.
I thought I had fixed the issue, but that was probably on the previous VPS. However, this error is quite clear. The directslave.inc.tmp is non existing (becasue the directslave.inc is). Only reason can be that it has no rights to be created by named.Code:2025/07/16 19:18:40 Failed to move .tmp file rename /etc/named/directslave.inc.tmp /etc/named/directslave.inc: no such file or directory
And now I remember what I did last time. I changed owner of the /etc/named directory to named.
So one can do either that, or set the write permissions of the folder to the named group.
And then everything is working as designed again.