Can’t tell anything from a log snippet and incomplete config. Use named -px to
provide more complete but sanitized configuration file and look what is
happening when the zone is loaded on primary. You sent a log that confirms what
you are saying - the primary is not serving the zone, but you need to look
closely when named starts why the zone isn’t loaded.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 10. 2023, at 19:26, William D. Colburn wrote:
>
>
> One of my zones doesn't work anymore. It is an external view for
> aoc.nrao.edu. The master, zia.aoc.nrao.edu can't server it, and the two
> slaves are showing an old zone from September 20th.
>
> I see this in the logs. Is this a helpful clue? I don't see anything else
> in the logs that looks helpful, but there are a lot of logs...
>
> 05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879
> (aoc.nrao.edu): view external: query: aoc.nrao.edu IN SOA +E(0)K (146.88.1.4)
> 05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879
> (aoc.nrao.edu): view external: query failed (zone not loaded) for
> aoc.nrao.edu/IN/SOA at query.c:5565
>
> The server is running bind 9.16.43.
>
> The start of the zone looks correct to me.
>
> $ORIGIN .
> $TTL 86400
> aoc.nrao.eduIN SOA zia.aoc.nrao.edu. tech.nrao.edu. (
>2023100503 ; serial
>10800 ; refresh (3 hours)
>3600 ; retry (1 hour)
>360; expire (5 weeks 6 days 16 hours)
>3600 ; minimum (1 hour)
>)
>NS cv3.cv.nrao.edu.
>NS zia.aoc.nrao.edu.
>NS sadira.gb.nrao.edu.
>A 146.88.1.4
>MX 9 revere-vml.aoc.nrao.edu.
>MX 30 cv3.cv.nrao.edu.
>MX 30 io.gb.nrao.edu.
> $TTL 300
>TXT "v=spf1 mx ~all"
> $TTL 86400
> $ORIGIN aoc.nrao.edu.
> zia A 146.88.1.4
>MX 10 dropbox
>MX 15 revere-vml
> dns CNAME zia
> infoCNAME zia
> [...]
>
> The .conf looks somewhat like this:
>
># Domain aoc.nrao.edu INTERNAL
>zone "aoc.nrao.edu" {
>type master;
>file "internal/master/aoc.nrao.edu";
>allow-query {
>any;
>};
>allow-transfer {
>trusted;
>nrao-public-ns;
>nrao-stealth-ns;
>};
>also-notify { # An ACL doesnt work here! GRRR!
> [various things]
>};
>allow-update {
>146.88.1.4; # Making sure of nsupdate on zia
>127.0.0.1;
>};
>};
>
>
> I did a restore from the backups a few weeks ago, and I didn't see anything
> weird there either.
>
>
>
> --Schlake
> Sysadmin IV, NRAO
> Work: 575-835-7281 (BACK IN THE OFFICE!)
> Cell: 575-517-5668 (out of work hours)
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
