2

I'm trying to create a master/slave setup using NSD. I have NSD installed on two servers. The servers are running great; when I perform normal DNS queries they return the information from the zone files. However, when I try to nsdc notify on the master, the slave doesn't seem to pick up the new zone configuration.

The nsd.conf file on the master looks like this:

## NSD authoritative only DNS
#

server:
    logfile: "/var/log/nsd.log"
    port: 53
    server-count: 1
    ip4-only: yes
    hide-version: yes
    identity: ""
    zonesdir: "/etc/nsd3"
    verbosity: 3

zone:
    name: domain.com
    zonefile: www.domain.com.forward
    notify: <ip slave> NOKEY
    provide-xfr: <ip slave> NOKEY

nsd.conf on the slave server looks like:

## NSD authoritative only DNS
#

server:
    logfile: "/var/log/nsd.log"
    port: 53
    server-count: 1
    ip4-only: yes
    hide-version: yes
    identity: ""
    zonesdir: "/etc/nsd3"
    verbosity: 3

zone:
    name: domain.com
    zonefile: www.domain.com.forward
    allow-notify: <ip master> NOKEY
    request-xfr: AXFR <ip master> NOKEY

The zonefile file looks like this on the master server:

$ORIGIN domain.com.
$TTL 86400           ; default time to live

@ IN SOA ns1.domain.com. admin.domain.com. (
    2011010203  ; serial number
    28800       ; Refresh
    7200        ; Retry
    864000      ; Expire
    86400       ; Min TTL
    )

NS  ns1.domain.com.
MX  10  mailfilter.hostingprovider.com.

mail    IN  A   <ip mailserver hostingprovider>
www IN  A   <ip master>

ns1     IN      A       <ip master>
ns2     IN      A       <ip slave>


newvalue    IN  A   8.8.8.8

*   IN  A   <ip master>

The forward file is the same on the slave server, except for the line with "newvalue" (the value I want to transfer).

If I perform a nsdc notify on the master server, the following ends up in the slave's logs:

[1487507948] nsd[26038]: info: Notify received and accepted, forward to xfrd
[1487507948] nsd[26037]: info: Handle incoming notify for zone domain.com

However, the zone files don't seem to get updates. After the notify, I perform nsdc patch; nsdc rebuild; nsdc reload; service nsd3 restart on the slave server, just to be sure. But this doesn't change the zone files either.

Also, if I perform a dig axfr @<master ip> domain.com on the slave server, I get a nice zone transfer.

Why isn't the slave server updating the zone files?

Beurtschipper
  • 123
  • 1
  • 3

1 Answers1

2

The zone's serial number needs to be incremented after any changes

A slave will first check if it has the most current zone before attempting a transfer, otherwise the notify is ignored. The common practice is to use the form YYYYMMDDxx where xx is a minor revision number (if accidentally set too large, there is a process that must be followed to lower the number again)

In later versions of nsd where nsd-control replaces nsdc, the command transfer can be used to attempt, or force_transfer to update regardless of serial change.

pete
  • 693
  • 1
  • 7
  • 15