• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

(Solved/Works) Secondary DNS: You must delegate to one or more of the slave..

Started by rowi, September 23, 2019, 06:18:41 AM

Previous topic - Next topic

rowi

Hello all,

my vServer provider just went bankrupt and I just had (still have) a small vServer just for the purpose of having a secondary DNS that is fed by my primary one. Knowing HE.net from the eary IPv6 days, I was happy to find a free service that would allow me to switch from my secondary DNS to the ones from HE.net. Not only this, but even real zone transfers would work, so after initial setup on HE, it would simply work (almost as my vServer).

So I switched a sample domain (I have several domains and started with the least important one).

Since I'm using bind for decades, I just changed the IPs in the named.conf.local to the ones given my HE:

zone "neubrueck.de" {
       notify yes;
        type master;
        file "/etc/bind/db.neubrueck.de";
         allow-transfer {
          216.218.133.2;
          2001:470:600::2;
         };
        };


(I edited the field above after the first post. Indeed I'm using not the IPs of ns1.he.net but the above ones)

And also I changed the DNS file itself for this domain:

$TTL 2W
$ORIGIN neubrueck.de.
@               SOA     lena.rowi.net.       info.rowi.net. (
                        2007092213 ; serial
                        1D ; refresh 10000 - 86400 s
                        2H ; retry 1800 -28800 s
                        1W ; expire 604800 - 3600000 s
                        86400 ) ; TTL 180 - 345600 s
;
@               NS                      lena.rowi.net.
                NS                      ns2.rowi.net.
                NS                      ns2.he.net.
                NS                      ns3.he.net.
                NS                      ns4.he.net.
                NS                      ns5.he.net.

;
                MX      100             lena.rowi.net.
                A                       178.63.84.85
www             CNAME                   lena.rowi.net.
; End of zone


The serial in the file might look from 2007, but I incremented it with every change today (really).

Then I restarted the whole DNS (but also reloaded it, but just to be sure). I've seen in the DNS log that it really restarted.

In the interface of dns.he.net I clicked the "add a new slave" and added "neubrueck.de" as Domain Name and "lena.rowi.net" as Master #1, which is the primary DNS. This is shown in the first attachment. The second attachment then says that I need to delegate to one or more of the slave nameservers (whatever that means).

If you lookup that domain from a different machine it seems to be correctly set up:

rolf$ host -t ns neubrueck.de
neubrueck.de name server ns5.he.net.
neubrueck.de name server lena.rowi.net.
neubrueck.de name server ns2.he.net.
neubrueck.de name server ns2.rowi.net.
neubrueck.de name server ns3.he.net.
neubrueck.de name server ns4.he.net.


I even tried it to omit my own nameservers and just go with the HE.net ones (but this would be not my idea of using a secondary DNS).

Now I'm stuck and don't know what I do wrong, since it worked for my own secondary DNS set up on a virtual machine somewhere else in the internet.

I would be superhappy if somebody could help me.

Best regards
Rolf



snarked

HE doesn't transfer secondaries using "ns1" but uses a different host, "slave.dns.he.net."  Your "allow-transfer" statement has the wrong addresses.  You can also add "ns1" to your NS records as it will also have the zone.

rowi

Oh sorry, this was just due to a forum entry from 2011 I tested out, if this worked. Currently it is as described:

zone "neubrueck.de" {
       notify yes;
        type master;
        file "/etc/bind/db.neubrueck.de";
         allow-transfer {
          216.218.133.2;
          2001:470:600::2;
         };
        };

rowi

The problem still persists. In my opinion I have done everything right. I went over it many times. May it be a problem with the german TLD, ending with .de? I have no clue what else to try.

rowi

SOLVED! Whatever happened, but I simply tried again today. Guess it was a bit due to DNS caching somewhere... It works now.