In our Server they configure Master / Slave Dns using SSL authentication while tranfering the zone files, i dont have much idea about ssl authentication for Dns, how it will works
View 3 RepliesI have configured master and slave Bind servers. Everything works fine. But whenever I add a new zone entry at master server it is not getting updated at slave server in logs I see this error:
client 192.168.1.1#43428: view external: received notify for zone 'yourdomainname.com': not authoritative
At master server I do not see any error or warning message. This error clearly indicates that named.conf file does not have zone entry in it or domain name is wrong. While checking the named.conf file I see that the zone entry has not been updated at slave server. If I update it manually and reload named on slave then zone files (db files) are getting created without any issue and any modification at master server for the zone records are also getting updated. My concern is why zone record is not getting appended at slave server in named.conf file.
Is there anything I am missing in the configuration. I am pasting the steps which I have followed to configure my master and slave server:
Configure Bind as master and slave server
Install Bind on your server
yum install bind
OR
sudu apt-get install bind9
Generate RNDC Key using the command
rndc-confgen -a -k rndc-key
it will stored in /etc/rndc-key file
Master Server IP 192.168.0.1
Slave Server IP 192.168.1.1
Master Server Configuration
options .....
I installed bind 9 sucessfully, and create many zones on its.
I want to biuld 1 slave server but i have problem :
How to transfer all zone from master to slave server ?
How to configure the master and slave on 5 Sata disks? Is there that or it is automatic.I install Debian, ok, master boot ok, on the first sataAnd at reboot, just after install, the boot hangs and no grub appears.
View 3 Replies View RelatedI configured a master DNS server 192.168.2.10 working OK. After that I configure a DNS Slave Server (92.168.2.11)the initial replication worked fine. This is test environment for my certification. I see how the zones from my master are transferred
zones in Master
training.com.db
transferred zone to my slave when I started named service
sec.training.com.db
That's Ok but I added some IPs to resolve to my master zone
webserver IN A 192.168.2.30
fileserver IN A 192.168.2.31
I restart/reload named on master and after that I go to slave and restart/reload but zones wuth the new values are not replicated. How long does it take for slave to take the changes from master? how is the procedure manual or automatic? I see If I go to slave and delete sec.training.com and restart named the zone with the changes is transferred but that is very manual... I am including my DNS Configuration so you can take a look.
I have bind configured with Internal and External views, but the slave server is transferring only the Internal zone files for both Internal and External - a diff shows no difference, and the log shows the same serial number.What am I missing in the config so the slave server properly receives updates from the master for both views?
View 2 Replies View RelatedI have set up a master BIND DNS server with 2 slaves. All the services start up fine on all 3 servers, but zones and named.conf info is not being replicated. The 3 servers are tentatively installed on a Xen virtual server for testing purposes. All 3 servers are 64bit and installed with: -> CentOS release 5.4 (Final) - 2.6.18-164.10.1.el5xen -> BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
All 3 servers are fully updated. All 3 servers have static IP addresses. The services on all 3 servers start up without any apparent issues. Master server: # /etc/init.d/named restart ; tail -f /var/log/messages
[Code]...
I have a large environment with many VLANs and NIS slaves serving the VLANs. Previously we have not used a securenets file (don't worry; we don't use NIS for passwords, just NFS maps), but I'd like to start. The number of NIS slaves makes it annoying to update a securenets file on each when we add a new VLAN. Is there a way to propagate the securenets file to each slave when I update it on the master?If not, I guess I can live with propagating the file once and only visiting new slaves when I build them, because in 99% of cases a NIS slave only serves its own subnet.
View 1 Replies View RelatedI have set up a master DNS server at 192.168.50.9 and a slave DNS at 192.168.50.6. Both servers are BIND9.Machines are for testing/experimenting, hence the IP addresses. Initially, the zone transfer was blocked by the firewall on the master, as the slave uses randomly selected non-privileged ports for zone-transfer query. So, as far as I understand, there are two possible approaches:
1. Allow connections based on source, which should be
Code:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW,ESTABLISHED -s 192.168.50.6 --sport 1024:65535 --dport 53 -j ACCEPT
(and it works for me fine)
2. Allow ESTABLISHED and RELATED connections, which would be something like
Code:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
which was my initial idea but didn't work, but has inspired me to dig deeper into firewall configuration topics :).
Question: Does zone change notification message count for opening a dialog, or notification from master and slave zone update request are two absolutely separate actions? If the latter is true, that, of course, explains why option #2 didn't work.
I started over combining the first parts of this guide: [URL]..ubuntu8.04 (Only the first few parts in terms of configuration and naming). Then I used this guide: [URL]..Surprisingly enough all steps worked.
1. Now I need to set up LAMP servers with MySQL master/slave replication and Apache rsync.
2. Next i need to add BIND to both my Load Balancers with master/slave backup and replication...
Are there any guides to look at to follow on these? Can tou point me to the right direction for BIND with replication.
Have someone used Linux heartbeat to send email when the Slave server becomes the Master? I've read I can configure the MailTo under.
But I really don't know how to do it. I basically need my primary server to send an email when it becomes inactive and all the activities are manage by the secondary node.
I am studying RHEL myself, not clear with following topics How to configure DNS slave server in RHEL 5 Whether named.rfc1912.zones file entry can be included in named.conf itslef,if not What is following entry means inside named.conf file
zone "." in{
type hint;
file "root.servers";
[code]...
i'm about to perform a fresh ubuntu install, and i was wondering if anyone knew whether installing on the slave or master drive mattered. i know if you're installing on the same drives it's slightly faster for ubuntu to be installed first, but that doesn't seem to be the case since i have two separate drives
View 9 Replies View RelatedI don't know how configure or how explain what i want to do .... i have one server with dhcpd and dns name cache (also squid as a transparent proxy and iptables), this works fine but logs show this code...
View 1 Replies View RelatedI have an EeePC 901, with a 4gb SSD and a 16gb SSD installed. Trying to get Natty installed and hit a few problems not least of which, that it won't fit on the 4gb drive! However in my BIOS setup under HDD config it says:
Secondary Master=4gb
Secondary Slave=16gb
I have no other devices attached. Why aren't they Primary? And I can't seem to switch them round.
Is there any possible to convert slave to master, and enable writing to db?
View 4 Replies View Relatedhow to configure reverse zone for x.x.x.x/18 subnet ,all the example on the internet are for /24 or /16 subnets?
View 9 Replies View RelatedI am trying to setup Rocks Cluster on a Cluster containing 1 Master node and 23 slave nodes connected via a Switch. The master node's eth1 is connected to public IP and eth0 is connected to the slave nodes via the switch.
I was able to install the Rocks cluster on the machine, I configured the IP for master through DHCP. When I run the command 'insert-ethers' on the master node, it doesnot get me any slave nodes.
setting up the Rocks cluster on all the nodes?
I'm setting up a Master and Slave OpenLDAP (ver. 2.4.25) use Replication method following {URL]. When I used slapdcat (slapdcat -l master_dump.ldif), I got a message:
root@ldap:/usr/local/openldap/sbin# ./slapcat -l master_dump.ldif
/usr/local/openldap/etc/openldap/slapd.conf: line 89: <replogfile> keyword is obsolete (ignored)
/usr/local/openldap/etc/openldap/slapd.conf: line 91: <replica> keyword is obsolete (ignored)
bdb_db_open: warning - no DB_CONFIG file found in directory /usr/local/openldap/var/openldap-data: (2).
Expect poor performance for suffix "dc=abc,dc=com".
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
My Master slapd.conf is:
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
# if no access controls are present, the default policy allows anyone and everyone to read anything but restricts updates to rootdn. (e.g., "access to * by * read") .....
My Slave slapd.conf is similar configuration to the Master Server...
I need to perform instant filecopy between a pair of servers. Its loosely based on a master slave setup as we have ucarp floating a virtual IP between the two. services are on both boxes (tftp, apache). I'm happy with that, I now need a way to instantly sync files from set directories, as we could see problems if files have changed should the system fail over without being in sync
I know I could cron *1 but I don't want it running EVERY minute, in any case, if the change was within the last minute, then it wouldn't have the change anyway. I think it can be done with rsync daemons on box boxes, but I can't find a guide to to this. ATM the slave has been setup to accept rsync from the master, so I just need the config to have all changes on the master instantly replicated.
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
The thing is, I've created a new local zone here (called "local.lan"), and, aparently, it is working fine, and DHCP3-SERVER is updating DNS info through the controls.But sometimes I get some strange answers from the server, like when I do the "arp" command in one of the clients, and get the server's hostname "mixed" with it's own reverse, like this: "dns.local.lan.2.168. | ether | 00:02:1e:f5:61:74 | C | eth0". Other thing is that sometimes my DNS don't update when a computer "enters" the lan. In the /var/log/syslog the DHCPOFFER appears, but the information about the DNS update isn't there.So, I would like to show you my named.conf file and my local zone db file, and get some feedback from you (what would you change... what is wrong...).
# ------------------- #
* named.conf:
# ------------------- #
[code]....
Here's a little tool that does this:
Without arguments, updates the SOA serial in a zonefile to the current date. If the date was already updated, just updates the revision number (incrementing up to 99, and then again 01). Uses RFC 1912* recommended format.
With $1 == <two digit number>, auto updates (if necessary) just the date part and uses your provided revision number.
With $1 == <eight digit number>, uses that as a date (no validation of any kind), and just auto update the revision number
With $1 == <full serial>, will just replace whatever the serial is with the provided serial, without any validation
* YYYYMMDDRR (4-digit year, 2-digit month, 2-digit day of month, 2-digit revision number)
This script + keeping SOA/NS/MX/CNAME RRs in a common file $included from other files with $ORIGIN and A/PTR/TXT RRs, made everything way easier to manage, enabling me to script some zone switchers, automatic failover/redirection of DNS on WAN changes, etc, etc. I think this stuff might be cool to integrate with something like this script and make nice CLI toolset for bind. Looking forward to implement it.
Code in pastebin
Code:
#!/bin/bash
# globals
script_name="${0##*/}"
script_dir=$(readlink -f "${0%/*}")
script_version=1 .....
Every time I attempt to transfer over a large file (4 GB) via any protocol, my server restarts. On the rare occasion that it doesn't restart, it spits out a few error messages saying "local_softirq_pending 08" and then promptly freezes. Small files transfer fine.
Relevant information:
Ubuntu server 10.10
Four hard drives in RAID 5 configuration
CPU/HD temperatures are within normal range
I am running a linux server and am familiar with scp somewhat, and have used it successfully in the past. But that was talking to another linux server. Thing is, here I need to talk with a Windows server. How do I do that. In addition, their server may require a VPN, which seems to add another layer of complexity.
View 3 Replies View RelatedI'm managing a residential network. Each flat is its own subnet, and can only communicate with the other flats through a router (i.e. no broadcast). 95% of these 300 subnets only contains windows computers (from lambda users).
My final goal is to be able to browse the entire network from any computer.
I set up a samba server acting as a wins server, and every computer is aware of it because it is registered in the dhcp. So name resolution is working fine for everyone.
The same samba server is set to be the "Domain master browser":
workgroup = WORKGROUP
wins support = yes
prefered master = yes
local master = yes
domain master = yes
os level = 65
When I browse the network (using "net view" or "browstat view"), I can only see the servers which are in the same subnet as the domain master browser.
Now, when in a subnet the computers arrange themselves to find a "local master browser", the only visible computers are the one in that subnet.
What I don't understand is why all the local masters don't synchronize their lists with the domain master.
So, to sum up, every subnet get the following behaviour:
-if a local master is elected, the only visible computers are the one in the same subnet.
-if no local master is elected, the only visible computers are the one in the subnet of the domain master.
-if I add another samba, configured as a local master winning all elections, then the magic is working and the lists are synchronized.
What is expected:
-every computer can see all the computer from all the subnets.
how to configure ncsa authentication for in linux. we have suse 10 with sp1
View 7 Replies View RelatedI want to Configure Linux LDAP Server for user authentication when my users want to connect to the internet.Also i don't want the user to get the home directory on server. i configured ldap server and ldap client without PAM & SASL.and now with perl i can search in ldap for my client's username & password in ldap.
View 1 Replies View Relatedi've been trying to configure authentication for a particular tool on a website i've been building
i've tried php http authorization and .htaccess/.htpasswd files, neither seem to work
Code:
<?php
if (!isset($_SERVER['PHP_AUTH_TYPE'])) {
header('WWW-Authenticate: Basic realm="My Realma"');
header('HTTP/1.0 401 Unauthorized');
[Code]....
I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies View Related