Correct master setup for use with HE slaves

[dmbaturin]

I've been setting up some zones lately and the transition to slave.dns.he.net confused me, so I spend all the day bugging support about the correct setup (thanks, guys!).
This is a summary:

• The server that pull zones is slave.dns.he.net now. You need to allow transfer to it.
• ns1.he.net will no longer be used to pull zones. It can be removed from the ACLs.
• The server you should send NOTIFY's to is ns1.he.net, not slave.dns.he.net. In BIND it can be achieved with "notify explicit;" in the zone config and "also-notify" statement in "options".
• ns1.he.net should not be in domain NS's because it's not anycasted.

Hope this saves someome some time.

[snarked]

Note that when HE sent the message out, ns1 was still pulling zones and could not be removed (if one was expecting updates to propagate).  They should have picked a date that their instructions would be effective.

[porjo]

The server you should send NOTIFY's to is ns1.he.net, not slave.dns.he.net

Thankyou! I've just been scratching my head over why my zones were not updating and this was the reason. Is this documented anywhere on the HE website?

[Andy370]

wow, i've been banging my head in to this wall...

i have two zones - both dns files are completely identical with the exception on zone name. one i can add as a secondary, and another i can't -

all i get is this:

Slave addition failed. Please make sure your listed nameservers allow AXFRs and that your zone does not exceed the max length of 40000 records

i'm absolutely confidentthe AXFR is allowed - i have allowed the AXFR to ANY server for this test purpose, and both of my zone has 2 records.

This is true treat or trick system.... You have to treat he dns service really well, or it will continue to trick you...

i spend a day already trying to figure out what the problem is, but this error message is completely stupid and non descriptive....

--A