| Author |
Message |
![[Post New]](/jforum/templates/default/images/icon_minipost_new.gif) 22/07/2010 12:54:25
|
keywerks
User
Joined: 10/08/2007 10:54:55
Messages: 57
Offline
|
Hi all,
after setting up my completely new Mac OS X Server 10.6.x with MaM 6.2, I now have to add some new zones and let them be transferred to my secondary name server, which is located on another subnet. Adding new zones to my PDNS works fine, but every try to start a transfer fails with an error like this …
22-Jul-2010 14:40:57.368 xfer-out: info: client 62.116.xxx.xxx#38835: bad zone transfer request: 'xxx.com/IN': non-authoritative zone (NOTAUTH)
I checked the zone transfer rights, but nothing helped me solving this issue.
Any tips?
Thanks a lot,
Wolfgang Neikes
|
|
|
 |
22/07/2010 13:48:18
|
Carsten Strotmann
Men & Mice Staff
![[Avatar]](/jforum/images/avatar/eccbc87e4b5ce2fe28308fd9f2a7baf3.jpg)
Joined: 26/07/2007 13:08:39
Messages: 159
Location: Germany
Offline
|
Hello Wolfgang,
a DNS Server will only load a zone from a other DNS Server if the other DNS Server is signaling that it is authoritative for the zone.
This signalling is being done with the "AA" flag in the header of a DNS packet. We see the "AA" flag when using the "dig" tool (in the header, rigt of "flags"):
Code:
$ dig @dns1.menandmice.com menandmice.com soa
; <<>> DiG 9.7.1-P2 <<>> @dns1.menandmice.com menandmice.com soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48769
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3
;; QUESTION SECTION:
;menandmice.com. IN SOA
;; ANSWER SECTION:
menandmice.com. 86400 IN SOA dns1.menandmice.com. hostmaster.menandmice.com. 2010050501 900 300 604800 900
;; AUTHORITY SECTION:
menandmice.com. 86400 IN NS ns0.c.is.
menandmice.com. 86400 IN NS ns1.c.is.
menandmice.com. 86400 IN NS ns2.c.is.
menandmice.com. 86400 IN NS dns1.menandmice.com.
;; ADDITIONAL SECTION:
ns0.c.is. 54608 IN A 213.176.128.100
ns1.c.is. 54608 IN A 193.4.194.100
dns1.menandmice.com. 86400 IN A 217.151.171.7
;; Query time: 75 msec
;; SERVER: 217.151.171.7#53(217.151.171.7)
;; WHEN: Thu Jul 22 15:45:34 2010
;; MSG SIZE rcvd: 204
See error message your seeing on the DNS Server that is hosting the slave zone indicates that the master is not authoritative for this zone. This can have multiple causes, but most often it is an illegal character in the zonefile (such as a underscore). Or the zone is completely missing on the master. This is then marked in the logfile of the DNS Server hosting the master copy of the zone.
|
----
Men & Mice Support Team
support@menandmice.com |
|
|
|
22/07/2010 19:11:46
|
keywerks
User
Joined: 10/08/2007 10:54:55
Messages: 57
Offline
|
Hello Carsten,
thanks a lot for your reply. I did some tests in the meantime and figured out what happened. The trouble I have had was caused by the Mac OS X Server Server-Admin. Whenever MaM is installed MOSXS 10.6 and higher, you have to make sure to never touch the DNS entry, nor to save any changes the Server-Admin has made by just clicking on it. If you do so, MaM will stop responding or will not allow any zone transfers. Unfortunately it is not possible to remove the DNS entry from the Server-Admin panel in 10.6.x.
The only solution is to reinstall the MaM Server Controller and never touch the DNS entry again.
Maybe you and your colleagues will find a solution in the near future.
Best wishes,
Wolfgang Neikes
|
|
|
|
23/07/2010 06:51:52
|
Carsten Strotmann
Men & Mice Staff
Joined: 26/07/2007 13:08:39
Messages: 159
Location: Germany
Offline
|
keywerks wrote:
Hello Carsten,
thanks a lot for your reply. I did some tests in the meantime and figured out what happened. The trouble I have had was caused by the Mac OS X Server Server-Admin. Whenever MaM is installed MOSXS 10.6 and higher, you have to make sure to never touch the DNS entry, nor to save any changes the Server-Admin has made by just clicking on it. If you do so, MaM will stop responding or will not allow any zone transfers. Unfortunately it is not possible to remove the DNS entry from the Server-Admin panel in 10.6.x.
The only solution is to reinstall the MaM Server Controller and never touch the DNS entry again.
Maybe you and your colleagues will find a solution in the near future.
Best wishes,
Wolfgang Neikes
Hi Wolfgang,
the Men & Mice DNS Controller uses a special layout of the BIND DNS Server configuration files (documented in the User Guide). This layout is created when the DNS Server Controller is installed.
The MacOS X Server DNS Server Admin is not aware of this special layout and will write out a new file, basically destroying the configuration created by the Men & Mice DNS Server Controller.
I'm not sure what we can do about it, as the MacOS X Server Admin cannot be disabled to my knowledge. I will take a look at it.
|
----
Men & Mice Support Team
support@menandmice.com |
|
|
|
23/07/2010 07:52:12
|
keywerks
User
Joined: 10/08/2007 10:54:55
Messages: 57
Offline
|
Hi Carsten,
in 10.5 it was possible to deactivate the DNS service in Server-Admin, so it was impossible to accidentally destroy the config files. In 10.6 disabling this service is useless, because it will be reactivated immediately right after saving the changes in Server-Admin.
Maybe its possible to change MaM in that way, it will look for modifications done by Apples utility and write back its own configuration layout.
I will try to figure out a way to modify the utility, so it will not change the config files. I will post it, whenever I’ve found a possible solution.
Best wishes,
Wolfgang Neikes
|
|
|
|
|
|
![[Search]](/jforum/templates/default/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/jforum/templates/default/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/jforum/templates/default/images/icon_mini_members.gif){kind=icon}
![[Groups]](/jforum/templates/default/images/icon_mini_groups.gif){kind=icon}
![[Register]](/jforum/templates/default/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/jforum/templates/default/images/icon_mini_login.gif){kind=icon}
Login
![[Up]](/jforum/templates/default/images/icon_up.gif){kind=icon}
