[sf-lug] SFLUG.org

Mon Apr 8 23:48:46 PDT 2019

Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):

> The basics are there ... presuming slave(s) want to use
> 198.144.194.238 and/or 2001:470:1f04:19e::2
> as master, and authority wants to so delegate.

OK, righty-o.  Time to crank up the secondaries.  On ns1.linuxmafia.com, 
which is still using BIND9 as a legacy choice, add a suitable stanza
to /etc/bind/named.conf.local for the new slave zone, then:

# rndc reconfig
#

/var/log/daemon.log now reflects that operation:

Apr  8 22:35:20 linuxmafia named[12569]: received control channel command 'reconfig'
Apr  8 22:35:20 linuxmafia named[12569]: loading configuration from '/etc/bind/named.conf'
Apr  8 22:35:21 linuxmafia named[12569]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Apr  8 22:35:21 linuxmafia named[12569]: using default UDP/IPv4 port range: [1024, 65535]
Apr  8 22:35:21 linuxmafia named[12569]: using default UDP/IPv6 port range: [1024, 65535]
Apr  8 22:35:21 linuxmafia named[12569]: no IPv6 interfaces found
Apr  8 22:35:21 linuxmafia named[12569]: set up managed keys zone for view _default, file 'managed-keys.bind'
Apr  8 22:35:21 linuxmafia named[12569]: reloading configuration succeeded
Apr  8 22:35:22 linuxmafia named[12569]: any newly configured zones are now loaded
Apr  8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: Transfer started.
Apr  8 22:35:22 linuxmafia named[12569]: transfer of 'sflug.org/IN' from 198.144.194.238#53: connected using 198.144.195.186#54455
Apr  8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: transferred serial 1554781309
Apr  8 22:35:22 linuxmafia named[12569]: transfer of 'sflug.org/IN' from 198.144.194.238#53: Transfer completed: 1 messages, 19 records, 591 bytes, 0.188 secs (3143 bytes/sec)
Apr  8 22:35:22 linuxmafia named[12569]: zone sflug.org/IN: sending notifies (serial 1554781309)
Apr  8 22:35:23 linuxmafia named[12569]: error (connection refused) resolving 'ns.primate.net/A/IN': 178.63.84.200#53
Apr  8 22:35:23 linuxmafia named[12569]: error (connection refused) resolving 'ns.primate.net/AAAA/IN': 178.63.84.200#53

Doing the smoke test to make _sure_ the secondary is Doing The Right Thing:

$ dig -t soa sflug.org @ns1.linuxmafia.com +short
ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
$ dig -t soa sflug.org @ns1.sf-lug.org +short
ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
$

One down, one to go.  ns1.svlug.org has a saner, more modern choice of
software, the excellent, small, fast, authoritative-only daemon nsd.
'Course, I'm rusty, so I have to go read notes for SVLUG admins that I
wrote years ago in the site-docs directory, to remember how to do this.
(And ISTR that the instructions are still a little shaky.  As it turns
out, and I show below, I've not yet figured out how to add/remove zones
without restarting the daemon, but I played around to see if I could
discover the secret.)

Add a stanza to /etc/nsd3/nsd.conf for the new slave zone.  Now,
do manual AXFR transfer.

root at gruyere:/etc/nsd3 # nsd-xfer -z sflug.org -f secondary/sflug.org.zone 198.144.194.238
[1554789154] nsd-xfer[3239]: info: send AXFR query to 198.144.194.238 for sflug.org.
root at gruyere:/etc/nsd3 # # ls -al secondary/sflug.org.zone
-rw-r--r-- 1 root root 1065 Apr  8 22:52 secondary/sflug.org.zone
root at gruyere:/etc/nsd3 #

(I'm editing out of this transcript where I later had weirdness because
this file is root:root-owned and needed to be nsd:nsd-owned, which I 
later fixed.)

And, lo!  The zonefile's there.  But NSD needs a binary-hashed version
to work with (for speed), and needs to know it's within the running
daemon's bailiwick.

root at gruyere:/etc/nsd3 # nsdc rebuild
root at gruyere:/etc/nsd3 #

That's supposed to do all needed compiles using zonec(8), but now that I
think about it, I'm not sure the running daemon has yet reparsed the
revised nsd.conf.

root at gruyere:/etc/nsd3 # nsdc reload
root at gruyere:/etc/nsd3 #

That's supposed to make the running daemon re-parse nsd.conf and the
compiled zones.  Are we there, yet?

root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root at gruyere:/etc/nsd3 #

Nope.  That's what I vaguely recalled, that my notes didn't suffice
to enable a new zone's service without doing 'nsdc restart', which
stops and starts the daemon completely.  Hmm, worth playing around
before I bring out the big hammer, eh?

This one is supposed to read in the binary-hashed nsd.db file and
difffile ixfr.db and merge in any changes to the ASCII-format zone files
if they've been updated (which allows trimming the diffile).  Also, 
if any of the ASCII format zonefiles have changed, nsd.db gets rebuilt 
and nsd reloaded:

iroot at gruyere:/etc/nsd3 # nsdc patch
reading database
reading updates to database
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
[1554789802] nsd-patch[3420]: info: discarding partial xfr part: sf-lug.com 0
writing changed zones
zone e.9.1.0.5.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa had not changed.
zone bluedreamz.com had not changed.
zone cherylmorris.com had not changed.
zone sf-lug.com had not changed.
zone substancez.com had not changed.
zone svlug.com had not changed.
zone substancez.net had not changed.
zone svlug.net had not changed.
writing zone balug.org to file secondary/balug.org.zone
writing zone saclug.org to file secondary/saclug.org.zone
writing zone sf-lug.org to file secondary/sf-lug.org.zone
zone sflug.org had not changed.
zone substancez.org had not changed.
zone svlug.org had not changed.
done
root at gruyere:/etc/nsd3 

(That was a good thing to do, but not directly relevant to the 
adding-a-zone problem.)

Are we there, yet?

root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root at gruyere:/etc/nsd3 #

Still nope.  Running short on patience and tempted to switch to the 
big hammer:

root at gruyere:/etc/nsd3 # nsdc rebuild
root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root at gruyere:/etc/nsd3 # nsdc reload
root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
root at gruyere:/etc/nsd3 # nsdc update
Sending notify to localhost to update secondary zones...
[1554790316] nsd-notify[3623]: warning: bad reply from 127.0.0.1 for zone sflug.org., error response NAME ERROR (3).
root at gruyere:/etc/nsd3 #

Brief sanity check to make sure I don't have a syntax error:

root at gruyere:/usr/share/doc/nsd3 # nsd-checkconf /etc/nsd3/nsd.conf
root at gruyere:/usr/share/doc/nsd3 #

Well, that's reassuring.  (Snip interlude where I checked everything in
/usr/share/doc/nsd/ , and every relevant-seeming Web-search hit.)

{sigh}  Time for the big hammer:

root at gruyere:/etc/nsd3 # nsdc restart
root at gruyere:/etc/nsd3 # dig -t soa sflug.org @ns1.svlug.org +short
ns1.sflug.org. jim.well.com. 1554781309 10800 3600 1209600 86400
root at gruyere:/etc/nsd3 #

Et voila, we're there.  (One of these days, I'll either figure out how
to add/remove zones in nsd.conf without restarting the daemon, or
determine that it's a limitation of the software and stop looking.)

Michael, care to knock on Aaron T. Porter's door?