• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Slave DNS Manager - Slave DNS not syncing

X

xdelios

Basic Pleskian
Hello,

I have the latest Plesk installed.
I installed the Slave DNS plugin in order to use an external vps for slave dns.

I have Centos 7 on my main server and installed Centos 7 on the slave dns vps.

Ok so I installed bind9 and followed all the instructions as the plugin suggested (added all required text to corresponded files). The connection shows as succesfull from the plugin.

Now I have 2 problems.
Firstly if I run a test at intodns.com for example it says that the slave DNS isnt responding.
Secondly if I change an example domain.com to slave dns it wont resolve. Shouldn't all records transfer automatically according the plugin ?

Any ideas on what is going on?

Regards,
George
 
AYamshanov said:
Hi xdelios,

Did you see Troubleshooting section: GitHub - plesk/ext-slave-dns-manager: The extension for managing a remote slave DNS server via rndc protocol (bind). ? It looks like the SELinux policy does not allow named to write any master zone database files.
Click to expand...

Hello,
Thank you for your reply.
I run rndc reload and got a success message on Slave DNS vps. Where can I check if the zones are indeed transferred?

Also any ideas on how can I fix the DNS is not responding error that intodns.com returns when I check?

Regards
 
I also get a strange error in named.run file

error (unexpected RCODE REFUSED) resolving 'domain/A/IN': IP1#53
client IP1#54936 (domain): query (cache) 'domain/AAAA/IN' denied

I have whitelisted the ips
 
For forcing sync: try to disable/enable DNS for domain inside Plesk Panel.

After force, on slave server:
- Check for new file(s) inside dirs '/var/named' or '/var/named/chroot/var/named/': ls -la /var/named /var/named/chroot/var/named/
- Check content of the new file(s)
- Check logs /var/log/messages

Be sure firewall not block traffic to between DNS servers and not block external traffic to DNS server.
 
I did try the enable/disable DNS for domains

Nothing changed and the messages in var/log show nothing, the file is empty
I have whitelisted the ips on both ends, both tcp and udp
 

Attachments

  • erpnext.gif
    erpnext.gif
    15.3 KB · Views: 19
hmm... ok, right now I creating a new virtual server with CentOS 7.3.1611 with absolutely default settings for DNS Slave and logs all my steps :)

CentOS7 only

1. update OS;
Code: 
yum update -y
[...] Complete!
2. check SELinux status:
Code: 
sestatus
SELinux status:                 disabled
3. start new kernel after update OS:
Code: 
reboot
4. install bind:
Code: 
yum install -y bind bind-utils
[...] Complete!
5. add option 'allow-new-zones' inside named.conf:
Code: 
sed -i 's/options {/options {\n        allow-new-zones yes;/;' /etc/named.conf
6. add section with master-key inside named.conf (change `secret`-key and `pleskIp` below):
Code: 
cat <<EOF >> /etc/named.conf

key "rndc-key-master" {
        algorithm hmac-md5;
        secret "secretKEYsecretKEYsecretKEY==";
};

controls {
        inet * port 953 allow { 188.x.y.z; 127.0.0.1; } keys { "rndc-key-master"; };
};

EOF
7. add write perminission for named for /var/named
Code: 
chmod g+w /var/named/
8. enable named service:
Code: 
systemctl enable named.service
9. start named service:
Code: 
systemctl start named.service
10. check current /var/log/messages
Apr 26 08:45:54 digitalocean yum[8668]: Installed: 32:bind-9.9.4-38.el7_3.3.x86_64
Apr 26 08:45:54 digitalocean yum[8668]: Installed: 32:bind-utils-9.9.4-38.el7_3.3.x86_64
Apr 26 08:49:54 digitalocean systemd: Starting Cleanup of Temporary Directories...
Apr 26 08:49:54 digitalocean systemd: Started Cleanup of Temporary Directories.
Apr 26 09:01:01 digitalocean systemd: Started Session 2 of user root.
Apr 26 09:01:01 digitalocean systemd: Starting Session 2 of user root.
Apr 26 09:15:39 digitalocean systemd: Reloading.
Apr 26 09:15:43 digitalocean systemd: Starting Generate rndc key for BIND (DNS)...
Apr 26 09:15:43 digitalocean generate-rndc-key.sh: Generating /etc/rndc.key:[ OK ]
Apr 26 09:15:43 digitalocean systemd: Started Generate rndc key for BIND (DNS).
Apr 26 09:15:43 digitalocean systemd: Starting Berkeley Internet Name Domain (DNS)...
Apr 26 09:15:43 digitalocean bash: zone localhost.localdomain/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone localhost/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: starting BIND 9.9.4-RedHat-9.9.4-38.el7_3.3 -u named
Apr 26 09:15:43 digitalocean named[8769]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
Apr 26 09:15:43 digitalocean named[8769]: ----------------------------------------------------
Apr 26 09:15:43 digitalocean named[8769]: BIND 9 is maintained by Internet Systems Consortium,
Apr 26 09:15:43 digitalocean named[8769]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Apr 26 09:15:43 digitalocean named[8769]: corporation. Support and training for BIND 9 are
Apr 26 09:15:43 digitalocean named[8769]: available at Technical support for open source BIND DNS, Kea dhc and ISC DHCP software | Internet Systems Consortium
Apr 26 09:15:43 digitalocean named[8769]: ----------------------------------------------------
Apr 26 09:15:43 digitalocean named[8769]: adjusted limit on open files from 4096 to 1048576
Apr 26 09:15:43 digitalocean named[8769]: found 1 CPU, using 1 worker thread
Apr 26 09:15:43 digitalocean named[8769]: using 1 UDP listener per interface
Apr 26 09:15:43 digitalocean named[8769]: using up to 4096 sockets
Apr 26 09:15:43 digitalocean named[8769]: loading configuration from '/etc/named.conf'
Apr 26 09:15:43 digitalocean named[8769]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Apr 26 09:15:43 digitalocean named[8769]: initializing GeoIP Country (IPv4) (type 1) DB
Apr 26 09:15:43 digitalocean named[8769]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind
Apr 26 09:15:43 digitalocean named[8769]: initializing GeoIP Country (IPv6) (type 12) DB
Apr 26 09:15:43 digitalocean named[8769]: GEO-106FREE 20160607 Build 1 Copy
Apr 26 09:15:43 digitalocean named[8769]: GeoIP ...
[...]
Apr 26 09:15:43 digitalocean named[8769]: GeoIP ...
Apr 26 09:15:43 digitalocean named[8769]: using default UDP/IPv4 port range: [1024, 65535]
Apr 26 09:15:43 digitalocean named[8769]: using default UDP/IPv6 port range: [1024, 65535]
Apr 26 09:15:43 digitalocean named[8769]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 26 09:15:43 digitalocean named[8769]: listening on IPv6 interface lo, ::1#53
Apr 26 09:15:43 digitalocean named[8769]: generating session key for dynamic DNS
Apr 26 09:15:43 digitalocean named[8769]: open: 3bf305731dd26307.nzf: file not found
Apr 26 09:15:43 digitalocean named[8769]: sizing zone task pool based on 6 zones
Apr 26 09:15:43 digitalocean named[8769]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Apr 26 09:15:43 digitalocean named[8769]: automatic empty zone: ...
[...]
Apr 26 09:15:43 digitalocean named[8769]: automatic empty zone: ...
Apr 26 09:15:43 digitalocean named[8769]: command channel listening on 0.0.0.0#953
Apr 26 09:15:43 digitalocean named[8769]: managed-keys-zone: loaded serial 0
Apr 26 09:15:43 digitalocean systemd: Started Berkeley Internet Name Domain (DNS).
Apr 26 09:15:43 digitalocean named[8769]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean systemd: Reached target Host and Network Name Lookups.
Apr 26 09:15:43 digitalocean named[8769]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean systemd: Starting Host and Network Name Lookups.
Apr 26 09:15:43 digitalocean named[8769]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: zone localhost.localdomain/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: zone localhost/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: all zones loaded
Apr 26 09:15:43 digitalocean named[8769]: running
11. disable/enable DNS for domain; check logs again
Apr 26 09:22:33 digitalocean named[8769]: received control channel command 'refresh test-for-forum.com'
Apr 26 09:22:33 digitalocean named[8769]: received control channel command 'addzone test-for-forum.com { type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };'
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com added to view _default via addzone
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com/IN: Transfer started.
Apr 26 09:22:33 digitalocean named[8769]: transfer of 'test-for-forum.com/IN' from 188.x.y.z#53: connected using 138.a.b.c#36857
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com/IN: transferred serial 2017042605
Apr 26 09:22:33 digitalocean named[8769]: transfer of 'test-for-forum.com/IN' from 188.x.y.z#53: Transfer completed: 1 messages, 15 records, 416 bytes, 0.005 secs (83200 bytes/sec)
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com/IN: sending notifies (serial 2017042605)
12. check files in named directory ("3bf305731dd26307.nzf", "test-for-forum.com")
Code: 
ls -la /var/named
total 44
drwxrwx---   5 root  named 4096 Apr 26 09:22 .
drwxr-xr-x. 20 root  root  4096 Apr 26 08:45 ..
-rw-r--r--   1 named named  100 Apr 26 09:22 3bf305731dd26307.nzf
drwxrwx---   2 named named 4096 Apr 26 09:15 data
drwxrwx---   2 named named 4096 Apr 26 09:16 dynamic
-rw-r-----   1 root  named 2076 Jan 28  2013 named.ca
-rw-r-----   1 root  named  152 Dec 15  2009 named.empty
-rw-r-----   1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----   1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---   2 named named 4096 Apr 19 15:53 slaves
-rw-r--r--   1 named named  876 Apr 26 09:22 test-for-forum.com

13. Look inside "3bf305731dd26307.nzf":
Code: 
cat /var/named/3bf305731dd26307.nzf
zone "test-for-forum.com" { type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };
 
Last edited:
Hello,

In step 6 I change the fields needed exactly as given by the Plesk Slave DNS Manager extension.
I proceed through step 8 just to get error.

Code: 
[root@ns2 ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-04-26 05:57:22 EDT; 10s ago
  Process: 9315 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of  zone files is disabled"; fi (code=exited, status=1/FAILURE)

Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Apr 26 05:57:22 ns2.towerhost.gr bash[9315]: /etc/named.conf:64: unknown key 'rndc-key'
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: named.service: control process exited, code=exited status=1
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: Unit named.service entered failed state.
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: named.service failed.

Just to clarify I am following exactly what you wrote. Of course as I mentioned I changed the secret key and IP as supposed to.
 
Hello,

Ok I fixed the above error.
I started the service succesfully but my message log shows the bellow message at the very bottom.

Code: 
Apr 26 06:02:16 ns2 systemd: Started Berkeley Internet Name Domain (DNS).
Apr 26 06:02:16 ns2 named[9395]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone localhost.localdomain/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone localhost/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: all zones loaded
Apr 26 06:02:16 ns2 named[9395]: running
Apr 26 06:02:16 ns2 named[9395]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Apr 26 06:02:16 ns2 named[9395]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Apr 26 06:02:46 ns2 systemd: Started Session 7 of user root.
Apr 26 06:02:46 ns2 systemd-logind: New session 7 of user root.
Apr 26 06:02:46 ns2 systemd: Starting Session 7 of user root.
 
Ok so I did that.

Zone isnt created as you show in var directory.
What i get in logs now is the bellow message if I restart bind on Master server

Code: 
ns2 named[16834]: client MAINSERVERIP#38932: received notify for zone 'domainhere': not authoritative
 
Your MAINSERVERIP think that SlaveDNS is already configured. SlaveDNS do not know who is MAINSERVERIP and ignore it.

If you don't see new files inside /var/named, then try to force syncing transfer via disable/enable DNS for this domain. You should get new files inside /var/named and then go next.

---

Also, you can sync/exec rndc via ssh on Plesk server and check the output from rndc.

1. Delete zone from Slave DNS
Code: 
plesk# rndc -c /usr/local/psa/var/modules/slave-dns-manager/slave_138.a.b.c.conf delzone test-for-forum.com
plesk#
Apr 26 11:44:25 digitalocean named[8769]: received control channel command 'delzone test-for-forum.com'
Apr 26 11:44:25 digitalocean named[8769]: zone test-for-forum.com removed via delzone

2. Add zone to Slave DNS
Code: 
plesk# rndc -c /usr/local/psa/var/modules/slave-dns-manager/slave_138.a.b.c.conf addzone test-for-forum.com '{ type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };'
plesk#
Apr 26 11:44:30 digitalocean named[8769]: received control channel command 'addzone test-for-forum.com { type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };'
Apr 26 11:44:30 digitalocean named[8769]: zone test-for-forum.com/IN: loaded serial 2017042605
Apr 26 11:44:30 digitalocean named[8769]: zone test-for-forum.com added to view _default via addzone
Apr 26 11:44:30 digitalocean named[8769]: zone test-for-forum.com/IN: sending notifies (serial 2017042605)
 
I still cannot get it to work.

Ports are open and connection is allowed between the two ips. I still get the query cache denied error
 
I also tried as DO VPS as you did and still get the same problem. So I guess this points to a problem at my main (plesk) server.
 
In my case, i just stopped the bind service, clean all files at /var/lib/cache , start the bind again and click on Resync at Slave DNS extension at Plesk.
 
You must log in or register to reply here.

Similar threads

N
Question Two Plesk Obsidian Linux Servers Master and Slave DNS
Replies
2
Views
121
Geisti
G
enerspace
Forwarded to devs Slave DNS manager does not transfer subdomains
Replies
10
Views
835
Dave W
Dave W
L
Resolved Can't Install Slave DNS Manager
Replies
6
Views
1K
Ladylinux
L
S
Issue After changing IP of a server, slave DNS manager stop to work
Replies
11
Views
1K
jsextl
J
F
Question Plesk Slave DNS & DNS Security
Replies
1
Views
937
Peter Debik
P
Back
Top