advert

Monday, 20 December 2010

BIND9 error: dumping master file: slave/tmp-XN31Wp2BeK: open: file not found

Problem: BIND9 error: dumping master file: slave/tmp-XN31Wp2BeK: open: file not found


Introduction:
BIND is by far the most widely used DNS software on the Internet. It provides a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.
BIND is available for free download under the terms of the ISC License, a BSD style license.
In FreeBSD, the BIND daemon is called named.

Secondary - slave name Server.
The purpose of a slave name server is to share the load with the master server, or handle the entire load if the master server is down. A slave name server loads its data over the network from another name server, usually the master name server, but it can load from another slave name server too. This process is called a zone transfer.


The purpose of this article is to clarify the problem in a standard installation.
A slave DNS server after setup wasn't able to transfer a zone file while I used working config file from another FreeBSD box.


Prerequisites:
Upgrade of all related packages from fresh ports and installed (reinstalled base) BIND.

Check points:

1 - check master (authoritative) name server
Enable the master for transfer and notify zone for your slave server.
edit master /etc/namedb/named.conf

2 - check the zone information is transferred
Check if the slave name server will have the transferred zone information and will be able to serve it.

dig @ns1.myserver.org thajsk.in.th AXFR
we requesting @master mydomain.name transfer ZONE-FILE
eg.
[root@server]# dig @ns1 thajsk.in.th AXFR

; <<>> DiG 9.6.-ESV-R2 <<>> @ns1 thajsk.in.th AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.
The masters log:
bad zone transfer request: 'thajsk.in.th/IN': non-authoritative zone (NOTAUTH)
mean
A typo mistake, while I asked wrong domain name.
Correction...

[root@server]# dig @ns1 thajsko.in.th AXFR
; <<>> DiG 9.6.-ESV-R2 <<>> @ns1 thajsko.in.th AXFR
; (1 server found)
;; global options: +cmd
thajsko.in.th.          7200    IN      SOA     ns1.thajsko.in.th. postmaster.thajsko.in.th. 2010071701 36000 36000 1209600 36000
thajsko.in.th.          7200    IN      NS      ns1.thajsko.in.th.
thajsko.in.th.          7200    IN      NS      ns2.thajsko.in.th.
--^-snap -^--
-^--snap ^--^
;; Query time: 866 msec
;; SERVER: 69.60.120.12#53(69.60.120.12)
;; WHEN: Fri Dec 17 17:57:09 2010
;; XFR size: 13 records (messages 1, bytes 384)



3 - check slave transfer

Zone was transferred that's OK so far, however slave server still complaining.

general: info: zone thajsko.in.th/IN: Transfer started.
xfer-in: info: transfer of 'thajsko.in.th/IN' from 69.60.120.12#53: connected using 192.168.17.1#13642
general: error: dumping master file: slave/tmp-w04S0tBOCA: open: file not found
xfer-in: error: transfer of 'thajsko.in.th/IN' from 69.60.120.12#53: failed while receiving responses: file not found

Mr google says: the permissions are wrong... NOT
True is that slave zones require a writeable directory for BIND automatically creates and writes to the slave zone file.

[root@server /var]# chown -R bind:wheel named/ -- do not help
and chmod 777 slave/ - NOT recommended

[root@server]# /etc/rc.d/named start
. changed
user expected 0 found 53 modified
dev changed
user expected 0 found 53 modified
etc changed
user expected 0 found 53 modified
etc/namedb changed
user expected 0 found 53 modified
etc/namedb/master changed
user expected 0 found 53 modified
etc/namedb/slave changed
permissions expected 0755 found 0777 modified
var changed
user expected 0 found 53 modified
Starting named.

Surprise is that the BIND doing it's job thoroughly. It starts and do a permissions check (and change).


4 - solve the problem
CORRECT named.conf at the slave server

DO NOT (at present time) believe in the FreeBSD handbook:
http://www.freebsd.org/doc/handbook/network-dns.html

********** named.conf - wrong example ***************
zone "example.org" {
type slave;
file "slave/example.org";
};
********** named.conf - wrong example ***************
Here the zone information is transferred from the master name server for the particular zone, and saved in the file specified


According freebsd-current@freebsd.org mailing list, it's known problem that some entries in the FreeBSD handbook are outdated.


Edit and FOLLOW an example slave zone named.conf for actual version of BIND.

[root@server]# vi /var/named/etc/namedb/named.conf

********** named.conf - working slave zone ***************
zone "thajsko.in.th" {
type slave;
file "/etc/namedb/slave/thajsko.in.th";
masters {
69.60.120.12;
};
};
********** named.conf - working slave zone ***************

5 - last checks
Restart BIND and check logs
/etc/rc.d/named restart

The DNS slave server works now:
-^--snap ^--^
info: zone thajsko.in.th/IN: transferred serial 2010071701
info: transfer of 'thajsko.in.th/IN' from 69.60.120.12#53: Transfer completed: 1 messages, 13 records, 384 bytes, 0.614 secs (625 bytes/sec)
info: zone thajsko.in.th/IN: sending notifies (serial 2010071701)
-^--snap ^--^

External DNScheck may be usefull too.
(sometimes a firewall may block incoming queries)
http://www.checkdns.net/powercheck_desc.aspx


References:

DNS and BIND, Fifth Edition
www.google.co.uk/bsd
www.yahoo.com
Mailing-Lists/FreeBSD
man named - Domain Name System (DNS) server


Comments and corrections of this article are welcome :)

5 komentářů:

Anonymous said...
This comment has been removed by a blog administrator.
boris said...

No corrections :), just a big thank you!

Anonymous said...

Thanks ! it works, for me the fix was just use the full path as you suggest.

Anonymous said...

Tnks, 7hrs debugging until I find this great post.

abdoul alarou said...

wonderfullllllll.

I have a weeks troubleshooted this issues. after find this, I changed the path on slave system which was centos7.7. and restart both master and slave. it works fine like crazy.

big thansk

Post a comment