Hi all, sorry it's me with a problem. Last night I did a complete reinstall of the OS. I am running Stretch 64 bit.
I had some troubles with Bind not updating slaves, It said it was not authoritative. Googled for remedies, tried them all out (will list what I did in a minute.
No luck so purged and reinstalled Bind, then manually entered a single zone, restarted Bind. The logs showed this:-
zone keiths-place.co.uk/IN: sending notifies (serial 2019072335)
zone 31.172.in-addr.arpa/IN: sending notifies (serial 1)
zone 127.in-addr.arpa/IN: sending notifies (serial 2)
zone 27.172.in-addr.arpa/IN: sending notifies (serial 1)
zone 255.in-addr.arpa/IN: sending notifies (serial 1)
zone 0.in-addr.arpa/IN: sending notifies (serial 1)
client 85.119.84.35#35865 (keiths-place.co.uk): bad zone transfer request: 'keiths-place.co.uk/IN': non-authoritative zone (NOTAUTH)
client 85.119.80.222#59271 (keiths-place.co.uk): bad zone transfer request: 'keiths-place.co.uk/IN': non-authoritative zone (NOTAUTH)
client 85.119.80.198#10938 (keiths-place.co.uk): query 'keiths-place.co.uk/SOA/IN' denied
client 85.119.80.198#49851 (keiths-place.co.uk): bad zone transfer request: 'keiths-place.co.uk/IN': non-authoritative zone (NOTAUTH)
So you will need to see the conf files
/etc/bind/named.conf.local
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
zone "keiths-place.co.uk" {
type master;
file "/var/lib/bind/keiths-place.co.uk.hosts";
allow-query {
85.119.84.35;
85.119.80.222;
2001:ba8:1f1:f085::53;
2600:3c01:e000:259::53;
45.33.107.124;
172.104.29.216;
2600:3c03::31:2153;
2001:ba8:1f1:f309::2;
127.0.0.1;
};
check-names warn;
notify yes;
};
in frustration I added all the possible slaves and localhost to allow-query
Named.conf
acl slaves {
85.119.84.35; 2001:ba8:1f1:f309::2;
};
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
and finally named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys //========================================================================
dnssec-validation auto;
auth-nxdomain yes; # conform to RFC1035
listen-on-v6 { any; };
check-names master warn;
check-names slave warn;
allow-query {
85.119.84.35; 2001:ba8:1f1:f309::2;
};
also-notify {
85.119.84.35; 2001:ba8:1f1:f309::2;
};
notify yes;
forward first;
};
Following "solutions" on Google, I checked all permissions, checked apparmor (no file for bind there) added all possible slaves to allow-query, checked firewalls. And read all I could find on Bind. Though I have been running the 2 bind servers for years and they always just seemed to work.
Sorry, should have said, running Bind 9.11
Keith