Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just went through and re-wrote it. Seems to run through ok.
I do keep finding little things here and there. But I think I am close to the end.
Last thing is the old server allowed a person to ssh, then run co -l "zone file", and the file would allow that person edit it. They had to be part of the named group, to do so.
I am on the fence if I want to keep it that way, or require the editor to sudo the command. However, I am not where to make this change. I have to named group, with the, currently 2 people, set up.
Currently, I get this error:
co: RCS/zone,v: user not on the access list
As I said, I'm on the fence, but even if I don't go the old route, I'd still like to know where I would change this. I'll probably find it, sooner or later! Doesn't hurt to know.
So, I have made headway. I found part of my issue was the named service. On rhel, it seems better to run named-chroot, instead of just named.
Once I found that out, I was able to clear up most issues.
Now, when I make a change on the new master, it propagates down to the slaves, as it should.
The only error I seem to be running into, and it isn't much of an error, is this:
Named: zone dnszone.con/IN: refused to notify from non-master: xxx.xxx.xxx.xxx
So, essentially, it appears that 1 slave, is refusing something from the other slave. It isn't affecting the operation, otherwise. The other slave(which is an older slave that will be put to rest) does not have this error, only the new slave. I went into the named.conf and added the old slaves IP, to the "allow-notify".
The old slave does not get this error, nor does it have the new slave"s IP under "allow-notify".
So, I'm not sure what is causing this. Even if it isn't affecting operation, I'd still prefer to have no errors.
As a refresh, the old slave is rhel 6.10. The new slave is rhel 8.6.
The rule is if it is listed as a NS server, the master will send notify to the slave when serial changes. Then the slave "gets" the zone, it is allowed by default.
But if the it isn't listed as a NS server, the master (or stealth slave to slave) must have a also-notify to send it. And the master (or slave) must have a allow-transfer to allow the transfer.
Ok, so I decided to start from scratch. Sometimes you just have to.
So, I got things A little further along. I now have a different error. I receive a "client @0x7stringofcharacters : query (cache) example.com/a/IN denied"
In my named.conf, I tried to change the "allow-query". First by changing it to "trusted-servers" then by # it out.
Perhaps I need to add an entry called "allow-query-cache" or similar?
allow-query-cache is a newer concept, but probably should never be used by normal users.
Your default should be allow-query {any;}; and for the your internal nets like allow-recursion that want to recurse.
If it is a mastered zone, it must be allow-query any. allow-recursion is your trusted users if you are serving them (this might or might not be the case).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.