• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

[Fixed] Using he.net dns delegation slaves

Started by mwerle, May 27, 2024, 07:25:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

mwerle

May 27, 2024, 07:25:37 PM Last Edit: May 28, 2024, 10:42:40 PM by mwerle Reason: changed topic to fixed
Ok, so I set up my DNS (bind9/Debian) to use the he.net slave servers, and am sending notifies to "slave.dns.het.net".  I'm serving 3 domains with mostly a common configuration.

_One_ of those domains was able to be successfully delegated on he.net.

The other two keep returning "You must delegate to one or more of the slave nameservers." error; no further information as to why. One is more complicated (the primary domain, with more records, etc, the other failing one is on the same level of complexity as the one which was accepted).

Is there any way at all of figuring out why he.net is complaining about the other two domains? I figure if I'd done something fundamentally wrong, then all 3 domains would fail.

(FWIW, all 3 domains were being delegated by another provider for several years with no problems)

The pertinent configuration is:

named.conf
Code Select
acl dns_slaves {
        // he.net
        // https://dns.he.net/
        // NOTE: transfer is "slave.dns.he.net" and NOT the nameservers
        216.218.133.2;
        2001:470:600::2;

 ...
}

named.conf.options
Code Select
options {
 ...
        notify yes;
        allow-transfer { dns_slaves; };
 ...
}

db.<mydomain>:
Code Select
$TTL    1D
$ORIGIN <mydomain>.com.
       
@               IN      SOA     ns1 hostmaster (
 ...
)
 ...       
   
                IN      NS      ns1
                IN      NS      ns2
                IN      NS      ns1.he.net.
                IN      NS      ns2.he.net.
                IN      NS      ns3.he.net.
                IN      NS      ns4.he.net.
                IN      NS      ns5.he.net.

 ...

Thank you,
- Micha.

mwerle

#1
May 28, 2024, 10:44:35 PM
Fixed.

1 failing domain was my own fault - I edited the wrong configuration file and hence, the "he.net" nameservers weren't mentioned as NS records for that domain.

The other failing domain I have no idea; I updated the serial number, reloaded the configuration, and 24 hours later "it just worked". As per another thread, perhaps some weird DNS caching somewhere.
Print
Go Up Pages1
User actions