Monday, 20 December 2010

BIND9 error: dumping master file: slave/tmp-XN31Wp2BeK: open: file not found

Problem: BIND9 error: dumping master file: slave/tmp-XN31Wp2BeK: open: file not found

BIND is by far the most widely used DNS software on the Internet. It provides a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.
BIND is available for free download under the terms of the ISC License, a BSD style license.
In FreeBSD, the BIND daemon is called named.

Secondary - slave name Server.
The purpose of a slave name server is to share the load with the master server, or handle the entire load if the master server is down. A slave name server loads its data over the network from another name server, usually the master name server, but it can load from another slave name server too. This process is called a zone transfer.

The purpose of this article is to clarify the problem in a standard installation.
A slave DNS server after setup wasn't able to transfer a zone file while I used working config file from another FreeBSD box.

Upgrade of all related packages from fresh ports and installed (reinstalled base) BIND.

Check points:

1 - check master (authoritative) name server
Enable the master for transfer and notify zone for your slave server.
edit master /etc/namedb/named.conf

2 - check the zone information is transferred
Check if the slave name server will have the transferred zone information and will be able to serve it.

dig AXFR
we requesting @master transfer ZONE-FILE
[root@server]# dig @ns1 AXFR

; <<>> DiG 9.6.-ESV-R2 <<>> @ns1 AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.
The masters log:
bad zone transfer request: '': non-authoritative zone (NOTAUTH)
A typo mistake, while I asked wrong domain name.

[root@server]# dig @ns1 AXFR
; <<>> DiG 9.6.-ESV-R2 <<>> @ns1 AXFR
; (1 server found)
;; global options: +cmd          7200    IN      SOA 2010071701 36000 36000 1209600 36000          7200    IN      NS          7200    IN      NS
--^-snap -^--
-^--snap ^--^
;; Query time: 866 msec
;; WHEN: Fri Dec 17 17:57:09 2010
;; XFR size: 13 records (messages 1, bytes 384)

3 - check slave transfer

Zone was transferred that's OK so far, however slave server still complaining.

general: info: zone Transfer started.
xfer-in: info: transfer of '' from connected using
general: error: dumping master file: slave/tmp-w04S0tBOCA: open: file not found
xfer-in: error: transfer of '' from failed while receiving responses: file not found

Mr google says: the permissions are wrong... NOT
True is that slave zones require a writeable directory for BIND automatically creates and writes to the slave zone file.

[root@server /var]# chown -R bind:wheel named/ -- do not help
and chmod 777 slave/ - NOT recommended

[root@server]# /etc/rc.d/named start
. changed
user expected 0 found 53 modified
dev changed
user expected 0 found 53 modified
etc changed
user expected 0 found 53 modified
etc/namedb changed
user expected 0 found 53 modified
etc/namedb/master changed
user expected 0 found 53 modified
etc/namedb/slave changed
permissions expected 0755 found 0777 modified
var changed
user expected 0 found 53 modified
Starting named.

Surprise is that the BIND doing it's job thoroughly. It starts and do a permissions check (and change).

4 - solve the problem
CORRECT named.conf at the slave server

DO NOT (at present time) believe in the FreeBSD handbook:

********** named.conf - wrong example ***************
zone "" {
type slave;
file "slave/";
********** named.conf - wrong example ***************
Here the zone information is transferred from the master name server for the particular zone, and saved in the file specified

According mailing list, it's known problem that some entries in the FreeBSD handbook are outdated.

Edit and FOLLOW an example slave zone named.conf for actual version of BIND.

[root@server]# vi /var/named/etc/namedb/named.conf

********** named.conf - working slave zone ***************
zone "" {
type slave;
file "/etc/namedb/slave/";
masters {;
********** named.conf - working slave zone ***************

5 - last checks
Restart BIND and check logs
/etc/rc.d/named restart

The DNS slave server works now:
-^--snap ^--^
info: zone transferred serial 2010071701
info: transfer of '' from Transfer completed: 1 messages, 13 records, 384 bytes, 0.614 secs (625 bytes/sec)
info: zone sending notifies (serial 2010071701)
-^--snap ^--^

External DNScheck may be usefull too.
(sometimes a firewall may block incoming queries)


DNS and BIND, Fifth Edition
man named - Domain Name System (DNS) server

Comments and corrections of this article are welcome :)

5 komentářů:

Anonymous said...
This comment has been removed by a blog administrator.
boris said...

No corrections :), just a big thank you!

Anonymous said...

Thanks ! it works, for me the fix was just use the full path as you suggest.

Anonymous said...

Tnks, 7hrs debugging until I find this great post.

abdoul alarou said...


I have a weeks troubleshooted this issues. after find this, I changed the path on slave system which was centos7.7. and restart both master and slave. it works fine like crazy.

big thansk

Post a Comment