setting up secondary DNS

Question

Level 2

225 points

setting up secondary DNS

Hi, due to my lack of understanding with DNS, I cannot seem to figure out how to setup the secondary DNS server. I read the instruction from Apple, everything seems to be simple, however I am confused whether you setup the secondary DNS info on the primary server, or on the secondary server? Apple says setup the secondary DNS info on the "Management Computer," which computer are we talking about here? Is it the primary server or the secondary server? Also do I need to check Allow Zone Transfer for all the records listed on the Primary DNS server? Any insights would be appreciated. Thanks.

PB12,G4/1.3, Mac OS X (10.5.4)

Posted on Jul 27, 2008 1:54 AM

Reply

Answer 1

Camelot

Level 9

58,575 points

Jul 27, 2008 8:59 AM in response to wei

You setup secondary DNS on the secondary server, telling it the name of the zone you want, and where to the data from (e.g. your primary server).

The only change you need to make on the primary server is to ensure that it will Allow Zone Transfers to your secondary server for the zone in question.

Reply

Answer 2

wei Author

Level 2

225 points

Jul 27, 2008 9:54 AM in response to wei

I set allow zone transfer for all the records on the primary server (including reverse lookup record), then on the secondary server (another X Serve), I added the slave record and created a domain name, under the Primary DNS Server list I put in the IP address for the Primary server. When I check the log, it says NODATA response from master 192.168.1.5#53 (source 0.0.0.0#0). Is this right?

Reply

Answer 3

Camelot

Level 9

58,575 points

Jul 27, 2008 10:39 AM in response to wei

It sounds like you have the setup right. The next step is to find out why the transfer fails.

I'm assuming that the primary server's IP address is correct, right?

What do the logs on the primary server say?

Reply

Answer 4

wei Author

Level 2

225 points

Jul 27, 2008 11:52 AM in response to wei

Thanks for responding to my questions first of all!! The primary log doesn't show anything other than the usual "unexpected RCODE (SERVFAIL)" trying to resolve some external addresses. I do have the exact same ISP info for the Forward IP Addresses on both servers. Could this be the problem? There is a post on this forum mentioned you could try to use "0.168.192.in-addr.arpa." as the secondary zone name. When I use that method, the log (on the secondary server) shows "zone 0.168.192.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: refresh: non-authoritative answer from master 192.168.1.5#53 (source 0.0.0.0#0)". I am clueless.

Reply

Answer 5

wei Author

Level 2

225 points

Jul 27, 2008 12:01 PM in response to wei

by the way FIrewall is not turned on on both machines. Same "localnets" under "Accept recursive queries from the following networks" window.

Reply

Answer 6

wei Author

Level 2

225 points

Jul 27, 2008 10:05 PM in response to wei

Ok, I got it running now at last. I followed the other post in this forum and used "1.168.192.in-addr.arpa." instead the secondary server's domain name, it worked. It was that simple!!! Thanks for all the response by the way.

Reply

Answer 7

Jul 28, 2008 2:33 AM in response to wei

Do you have the "forward" zone running on the secondary too?

It's the zone names you want "duplicated" on the secondary DNS.

Both machines have NS records?

(And using 192.168.1.0/24 for the server LAN is not very good if using VPN).

Reply

Answer 8

wei Author

Level 2

225 points

Jul 28, 2008 8:51 AM in response to Leif Carlsson

Yes, I have our ISP's DNS addresses listed on both computers under Forward. I am not exactly sure what it means by "NS" record but only the primary machine has all the addresses (reverse, aliases and other records). In terms of VPN, we are utilizing PIX to handle the VPN requests, so I don't know if by doing it so (using 192.168.1.0/24) will still create a possible issue...

Thanks!

Reply