Zone don't get created or modified on Slave

Question

Zone don't get created or modified on Slave

Alir3z4 opened this issue 9 years ago · 13 comments

Hi,

I have setup Slave DNS using plesk 12. But it is not creating the zone in slave server. I could see log in /var/log/messages of slave server. But DNS zone is not creating. I have followed the KB "http://download1.parallels.com/Plesk/PP11/11.5/Doc/fr-FR/online/plesk-extensions-guide/index.htm?fileName=73349.htm" for setup.

Nov 4 13:31:25 li456-187 named[16905]: received control channel command 'addzone testnith.com { type slave; file "testnith.com"; masters { xxxxxx; }; };'
Nov 4 13:31:25 li456-187 named[16905]: received control channel command 'refresh testnith.com'
Nov 4 13:31:25 li456-187 named[16905]: received control channel command 'addzone testnith.com { type slave; file "testnith.com"; masters { xxxxxx; }; };'

Any ideas?

Answer 1 · 2015-08-08T09:46:22.000Z

As for debugging the issue I went and ran the following command in cmd:
rndc -c "C:\Program Files (x86)\Parallels\Plesk\dns\etc\slave.conf.txt" addzone a.domain.com "{type slave; masters { xxxxxxx; }; };"

I get this back:

rndc: 'addzone' failed: not found

Answer 2 · 2015-08-10T04:54:19.000Z

What is OS installed on slave node?

Answer 3 · 2015-08-10T05:30:38.000Z

The plesk 12 is running on Windows server 2012 R2 where the slave is Linux
centos 6.
On Aug 10, 2015 8:54 AM, "sugdyzhekov" notifications@github.com wrote:

What is OS installed on slave node?

—
Reply to this email directly or view it on GitHub
#3 (comment)
.

Answer 4 · 2015-08-10T06:51:34.000Z

Please check messages log. I suppose you did not change default permissions on /var/bind where Bind tries to put new zone files.

Answer 5 · 2015-08-10T06:56:47.000Z

Zones are in "/var/named" and they're named like: /var/named/domain.com.db and the directory and files owner of that dir is named:named.

worth noting the server is running cPanel & CloudLinux and it's already does DNS clustering with couple of other DNS servers where they're running cPanel dnsonly version as well.

I believe if one of the dirs doesn't have the right permissions, the cpanel itself will raise some errors and will fix.

I got those messages from /var/log/messages/ and no error or any other messages will be shown only something like:

el command 'addzone testnith.com { type slave; file "testnith.com"; masters { xxxxxx; }; };'
Nov 4 13:31:25 li456-187 named[16905]: received control channel command 'refresh testnith.com'
Nov 4 13:31:25 li456-187 named[16905]: received control channel command 'addzone testnith.com { type slave; file "testnith.com"; masters { xxxxxx; }; };'

Not any other error or something.

Answer 6 · 2015-08-10T21:39:56.000Z

Is there any extra configuration I might have missed that is not mentioned in the docs?

Answer 7 · 2016-08-01T08:28:18.000Z

I have the same issue. Can anybody help me?

Answer 8 · 2016-11-26T22:29:35.000Z

I encountered this issue on CentOS-7. The Slave would print refresh/addzone lines in /var/log/messages but no zone information would be transfered. Root-cause where wrong(?) unix permissions on /var/named on the slave. By default this directoy is root:named and 0750 - which means that once bind is started and dropped to user named the process can no longer write to this directory.

I had to manually chmod /var/named 0770 and systemctl restart named.service - after which newly issued changed where reflected successfully.

Please note: If you change the permissions like i did - you may want to make sure that they stay that way. Upgrading bind via yum update may reset the permissions to the original state. Your Slave will stop to accept new data and you may not notice.

This is not an issue with Plesk or the extension itself. Though this pitfall should be documented imho.

Answer 9 · 2016-11-30T07:32:55.000Z

In case of CentOS 7 as slave node OS you may experience problems which are result of default CentOS settings. Please check following article to find more details: https://scs.senecac.on.ca/~raymond.chan/nad810/0701/SELinux-DNS.html

Answer 10 · 2016-12-04T19:12:57.000Z

I've trying to install the extension on Plesk for Windows with CentOS as a slave server. I see the slave servers green on the extension, however the zones are not transferred. When I look in the log for the slave server I don't see anything either. Please help.

Answer 11 · 2017-01-13T12:13:56.000Z

Today I test this extension with fresh installed CentOS 6.8 and 7.3.1611 as Slave DNS. I have got the same problem as described above:

nothing happened
rndc: 'addzone' failed: permission denied

--

Try run follow command as root at Slave DNS:

If you use SELinux and want to allow BIND to write the master zone files (generally this is used for dynamic DNS or zone transfers), you must turn on the named_write_master_zones boolean.

setsebool -P named_write_master_zones 1

# getenforce
Enforcing
# getsebool named_write_master_zones
named_write_master_zones --> off
# setsebool -P named_write_master_zones 1
# getsebool named_write_master_zones
named_write_master_zones --> on

The zone is added to the running name server, and it is added to a configuration file. The filename is a hash of the view name with extension .nzf. 'named' need write permission for create files in work directory. By default work directory without write permission for 'named'.

chmod g+w /var/named

# ls -la /var/ | grep named
drwxr-x---.  6 root named 4096 Jan 13 14:52 named
# chmod g+w /var/named
# ls -la /var/ | grep named
drwxrwx---.  6 root named 4096 Jan 13 14:52 named

Answer 12 · 2017-01-13T19:47:15.000Z

Hi Alexander, I was able to fix it. On the line 65 of the file Rndc.php, which is located in C:\Program Files (x86)\Plesk\admin\plib\modules\slave-dns-manager\library You have to replace the line to look like this. $this->_call($slave, "addzone {$domain} IN external \"{ type slave; file \\\"{$domain}.db\\\"; masters { {$this->getServerIP()}; }; };\"");

…

On Fri, Jan 13, 2017 at 7:13 AM, Alexander Yamshanov < ***@***.***> wrote: Today I test this extension with fresh installed *CentOS 6.8* and *7.3.1611* as Slave DNS. I have got the same problem as described above: - nothing happened - rndc: 'addzone' failed: permission denied -- Try run follow *command* as root at Slave DNS: 1. If you use SELinux and want to allow BIND to write the master zone files (generally this is used for dynamic DNS or zone transfers), you must turn on the named_write_master_zones boolean. *setsebool -P named_write_master_zones 1* # getenforce Enforcing # getsebool named_write_master_zones named_write_master_zones --> off # setsebool -P named_write_master_zones 1 # getsebool named_write_master_zones named_write_master_zones --> on 1. The zone is added to the running name server, and it is added to a configuration file. The filename is a hash of the view name with extension .nzf. 'named' need write permission for create files in work directory. By default work directory without write permission for 'named'. *chmod g+w /var/named* # ls -la /var/ | grep named drwxr-x---. 6 root named 4096 Jan 13 14:52 named # chmod g+w /var/named # ls -la /var/ | grep named drwxrwx---. 6 root named 4096 Jan 13 14:52 named — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#3 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AXPtHJHbDGDL9F9L93bcAUn3qInGI1hEks5rR2qFgaJpZM4Fntg8> .

Answer 13 · 2017-01-16T06:13:10.000Z

Hi dbenaventep,

Looks like your slave DNS use custom config with "view" clauses. By default, named.conf does not contains "view" clauses, all zones are in the "default" view. The same issue is #7