DNS seems OK with one server, but attempting to us buddyns.com as secondary
fails.
I am using debian jessie. Is sudo systemctl restart nsd all I need to serve new
changes to nsd.conf?
Below is the start of my nsd.conf. Any suggestions to get test such as
$ dig +tcp axfr @104.219.54.106 ns1.cibolo.us
to show a good transfer?
Thanks,
John Griessen
====================nsd.conf==========================# mail1.cibolo.us
authoritative only DNS server
# NSD configuration file for Debian.
#
# See the nsd.conf(5) man page.
server:
server-count: 1
ip-address: 104.219.54.106
do-ip6: no
port: 53
# the database to use
# database: "/var/lib/nsd/nsd.db"
database: ""
# don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries
hide-version: yes
logfile: "/var/log/nsd.log"
pidfile: "/run/nsd/nsd.pid"
zonesdir: "/etc/nsd"
tcp-query-count: 80
zone:
name: 54.219.104.in-addr.arpa
zonefile: cibolo.us.rr.zone
zone:
name: casageorge.com
zonefile: casageorge.com.zone
zone:
name: casitageorge.com
zonefile: casitageorge.com.zone
zone:
name: cibolo.com
zonefile: cibolo.com.zone
zone:
# this server is master, 104.245.34.178 is a secondary
name: cibolo.us
zonefile: cibolo.us.zone
provide-xfr: 104.245.34.178 NOKEY
# notify: 104.245.34.178 NOKEY
# allow ALL the following addresses! BuddyNS employs them all.
# notify: 173.244.206.26 NOKEY
provide-xfr: 173.244.206.26 NOKEY
# notify: 88.198.106.11 NOKEY
provide-xfr: 88.198.106.11 NOKEY
====================nsd.conf==========================
====================cibolo.us.zone=====================$ORIGIN cibolo.us.
$TTL 1300
@ IN SOA ns1.cibolo.us. postmaster.cibolo.us. (
2016052001 ; Serial
1200 ; Refresh
300 ; Retry
604800 ; Expire 1 week
4400 ; Negative Response TTL
)
@ IN NS ns1.cibolo.us. ;DNS Server
@ IN NS ns2.cibolo.us. ;DNS Server
@ IN NS b.ns.buddyns.com. ;DNS Server
@ IN NS d.ns.buddyns.com. ;DNS Server
@ IN A 104.219.54.106
www IN A 104.219.54.106
ns1 IN A 104.219.54.106
ns2 IN A 104.245.34.178
mail1 IN A 104.219.54.106
@ IN MX 10 mail1
cibolo.us. IN TXT "v=spf1 mx a a:mail1.cibolo.us
ip4:104.219.54.106"
===============buddyns tests===========================cibolo.us Check primary
server config for cibolo.us Delegation doctor for cibolo.us Request immediate
synchronization for
cibolo.us serial: None, primary: 104.219.54.106
Could not fetch zone from 104.219.54.106. See AXFR setup to fix this.
Status
INACTIVE
Submitted on
Today 05:50
First transfer
ERROR
Master declares BuddyNS
OK
Authority declares BuddyNS
OK
Registry declares BuddyNS
OK
Latest transfer
ERROR
Last updated on
?
Status
Complete
UDP queries
OK
TCP queries
OK
AXFR queries
OK
===============buddyns tests===========================
===========dig from 2nd server======================$ dig +tcp axfr
@104.219.54.106 ns1.cibolo.us
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> +tcp axfr
@104.219.54.106 ns1.cibolo.us
; (1 server found)
;; global options: +cmd
; Transfer failed.
===========dig from 2nd server=======================
Niall O'Reilly
2016-Jun-09 13:56 UTC
[nsd-users] trouble getting secondary axfr with 4.1.0
On 9 Jun 2016, at 14:35, John Griessen wrote:> DNS seems OK with one server, but attempting to us buddyns.com as > secondary fails.Could you be more explicit about the failure symptoms?> zone: > # this server is master, 104.245.34.178 is a secondary > name: cibolo.us > zonefile: cibolo.us.zone > provide-xfr: 104.245.34.178 NOKEY > # notify: 104.245.34.178 NOKEY > # allow ALL the following addresses! BuddyNS employs them all. > # notify: 173.244.206.26 NOKEY > provide-xfr: 173.244.206.26 NOKEY > # notify: 88.198.106.11 NOKEY > provide-xfr: 88.198.106.11 NOKEYIf the failure mode you're concerned about is that the slave does not pick up zone immediately, this could be because you've suppressed the 'notify:' directives. If you haven't already done so, I'ld suggest using Zonemaster or DNSViz to verify nameserver function and identify problems. Here are some recent results from these tools: https://zonemaster.net/test/45360dcda345a580 http://dnsviz.net/d/cibolo.us/V1l0DQ/dnssec/ Best regards, Niall O'Reilly