webadmin-list

[webmin-l] DNS Report - Lame Name Server

[Vern <ve...@cw...>]

I keep struggling with this DNS stuff, so could some one please explain to me why I am 
having this trouble.

I have three DNS servers setup. 
   One is a Fedora Core 3 box
   One a Red Hat 9.0 
   and the last a Debain server

I am having no trouble with the Debian box. 

I WAS however having trouble with the Red Hat box so I decided to move over to a 
Windows 2003 DNS. The problem I was having with the Red Hat 9.0 box is that the DNS 
zones were not transfering from the Fedora box. 

Now the zone are transferring to the Windows box no problem. So now the Fedora box is 
the Master and the Windows and Debian boxes are Slaves.

But now when I do a DNS Report I get this lame name server error for the Master server 
on DNSreport.com:

http://www.dnsreport.com/tools/dnsreport.ch?domain=comp-wiz.com

ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer 
authoritatively for your domain. This is bad; for example, these nameservers may never 
get updated. The following nameservers are lame: 
64.81.130.196

Anyone have any ideas?

Thanks
Vern

Re: [webmin-l] DNS Report - Lame Name Server

[John H. <web...@ew...>]

Vern wrote:

>I keep struggling with this DNS stuff, so could some one please explain to me why I am 
>having this trouble.
>
>I have three DNS servers setup. 
>   One is a Fedora Core 3 box
>   One a Red Hat 9.0 
>   and the last a Debain server
>
>I am having no trouble with the Debian box. 
>
>I WAS however having trouble with the Red Hat box so I decided to move over to a 
>Windows 2003 DNS. The problem I was having with the Red Hat 9.0 box is that the DNS 
>zones were not transfering from the Fedora box. 
>
>Now the zone are transferring to the Windows box no problem. So now the Fedora box is 
>the Master and the Windows and Debian boxes are Slaves.
>
>But now when I do a DNS Report I get this lame name server error for the Master server 
>on DNSreport.com:
>
>http://www.dnsreport.com/tools/dnsreport.ch?domain=comp-wiz.com
>
>ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer 
>authoritatively for your domain. This is bad; for example, these nameservers may never 
>get updated. The following nameservers are lame: 
>64.81.130.196
>
>Anyone have any ideas?
>
>Thanks
>Vern
>  
>
Check permissions on the zone files. On CentOS, I needed to change the 
owner:group in the bind config within Webmin for when new zone files are 
created. It was writing them as root:root... I set it to named:named and 
all was well. After of course going in and chown/chgrp the wrong 
permissioned zone files.

Incidentally, CentOS rocks!!! Updates normally follow Redhat by a day or 
less. Quarterly releases (new ISOs) are normally done within a few days. 
It's a good way to be not quite so 'cutting edge' as Fedora, in case you 
are interested.

John Hinton

Re: [webmin-l] DNS Report - Lame Name Server

[Vern <ve...@cw...>]

> Check permissions on the zone files. On CentOS, I needed to change the 
> owner:group in the bind config within Webmin for when new zone files are 
> created. It was writing them as root:root... I set it to named:named and 
> all was well. After of course going in and chown/chgrp the wrong 
> permissioned zone files. 

Not so sure I want to mess with permissions and so forth since things were working 
fine until I added the Windows DNS box and now they are not I would think that that is 
not the issue. I thought that stopping the Windows DNS service might resolve the 
issue, but it does not. Mind you, the site is working, it's just these errors make me 
crazy. I like things to work as they are supposed to.

V

Re: [webmin-l] DNS Report - Lame Name Server

[John H. <web...@ew...>]

Vern wrote:

>>Check permissions on the zone files. On CentOS, I needed to change the 
>>owner:group in the bind config within Webmin for when new zone files are 
>>created. It was writing them as root:root... I set it to named:named and 
>>all was well. After of course going in and chown/chgrp the wrong 
>>permissioned zone files. 
>>    
>>
>
>Not so sure I want to mess with permissions and so forth since things were working 
>fine until I added the Windows DNS box and now they are not I would think that that is 
>not the issue. I thought that stopping the Windows DNS service might resolve the 
>issue, but it does not. Mind you, the site is working, it's just these errors make me 
>crazy. I like things to work as they are supposed to.
>
>V
>  
>
I understand the worry about this... but at least 'look' at owner/group 
on the Fedora box. If it is root.root... that is the problem as bind on 
Redhat systems now runs under named not root. You can edit the bind 
config file to set it to root.... not a good idea... but the bottom line 
issue is zone files created using Webmin default to root on Redhat boxes 
and root will not transfer as bind is operating under user 'named'. 
(Note: I think Jamie fixed this permission problem in one of the latest 
releases of Webmin)

It has been a while since I had this issue, but it seems like logwatch 
was giving an error which helped... like permission denied. Also, if you 
restart bind on the Redhat boxes, and quickly tail the messages log, 
you'll see the problems... might need to tail -100 or tail -500 messages 
to get enough return to see the issue.

I run three nameservers as well... two CentOS 3 (master and slave) and 
one RH7.2 (slave - a system not long for this world! but has nothing 
critical on it). I also slave with the master for some other 
masters/colos on our network. All has been well after beating my head 
against the wall forever trying to figure out why transfers wouldn't go.

Also, as for the other thread on this... Jamie's book has a very good 
section on bind. I would suggest that anyone using Webmin get his book. 
It is much more than just a book on Webmin, but more like a book on 
server administration and how Webmin interacts with that administration. 
A great reference.

John Hinton