Linode.com Forum

[caker]

Linode DNS Manager now supports slave zones, which will AXFR the zone from a list of masters that you provide.

Testing welcome.

Enjoy!
-Chris

[rjp]

What address(es) are the slave servers using? I don't want to open AXFRs to the world...

[caker]

ns1 and ns2.linode.com, or 69.93.127.10 and 65.19.178.10

-Chris

[ArbitraryConstant]

caker wrote: ns1 and ns2.linode.com, or 69.93.127.10 and 65.19.178.10

-Chris This information should definitely be presented in the UI.

[ArbitraryConstant]

I've had a chance to try this, it works fine. I would be good to have the UI emit a TSIG key, but if the DNS servers are on your networks that's probably not that big an issue for masters that are linodes.

This is a really excellent feature for anyone hosting their own DNS. It seems obvious, but it's surprising how rare it is for hosting providers to actually do it. They'd much rather give you a web interface to their DNS system. :)

[ArbitraryConstant]

I've noticed sub-domains don't work, eg if you have qqq.com you can't also have spork.qqq.com as a separate zone. I assume this is to prevent a malicious user from performing DNS poisoning attacks where the attacker would set up eg mail.qqq.com or whatever as their own zone. Either that or my DNS-foo is rusty and I just failed to get it to work. :D

Workarounds include flattening your zones into a single zone, or making sure there's NS records for the child zone in the parent zone, since this will allow a recursive lookup to succeed either way.

[Malvineous]

Hi all,

I'm trying to set up a slave zone but it doesn't seem to be working. I've added an entry in the DNS manager for my zone and after finding this topic I've allowed the two Linode nameservers AXFR access but they still sit there saying "n/a" in the "last generated" column which I assume means the zones aren't active (if I query the zone from ns1.linode.com I get a "refused" error.)

I originally tried importing the zone and the AXFR succeeded, but although this wasn't what I was after it seems to indicate my server is configured correctly.

Are there any problems with the service at the moment? I couldn't find any documentation about it on the wiki, and incidentally the link to the wiki at the bottom of most Linode pages is broken (it redirects to the Linode homepage.)

One other thing - I noticed that when I try to edit the slave zone the list of master servers is blank - I assumed this was a bug in the edit code, but I guess it could also mean the edit code is working and there's a bug in the 'add new zone' code, where it's not saving the server list. Not sure if it's related but I thought I'd mention it just in case.

Any ideas?

[bdonlan]

Malvineous wrote: Hi all,

I'm trying to set up a slave zone but it doesn't seem to be working. I've added an entry in the DNS manager for my zone and after finding this topic I've allowed the two Linode nameservers AXFR access but they still sit there saying "n/a" in the "last generated" column which I assume means the zones aren't active (if I query the zone from ns1.linode.com I get a "refused" error.)

I originally tried importing the zone and the AXFR succeeded, but although this wasn't what I was after it seems to indicate my server is configured correctly.

Are there any problems with the service at the moment? I couldn't find any documentation about it on the wiki, and incidentally the link to the wiki at the bottom of most Linode pages is broken (it redirects to the Linode homepage.)

One other thing - I noticed that when I try to edit the slave zone the list of master servers is blank - I assumed this was a bug in the edit code, but I guess it could also mean the edit code is working and there's a bug in the 'add new zone' code, where it's not saving the server list. Not sure if it's related but I thought I'd mention it just in case.

Any ideas?

I seem to recall having to re-enter my masters in the edit field after creating it in order to get it working. Try re-entering them there?

After that, it does take a while (I think it's either every 15 mins or every half hour) for the server config to be updated. Note that 'last generated' will continue to show n/a, use host -t soa yourdomain ns1.linode.com to see if it's there and up to date.

[Malvineous]

Ah yes you're right - when I edit the record it's blank, but if I re-enter the master server the next time I try to edit it the server's still listed. I guess there's a bug in the code when you try to create a new slave server.

I'll leave it 15 minutes and see if it works - thanks!

Edit: Yep, after you add the slave zone you need to edit it and re-enter the master IP, then it all works fine.

[caker]

Malvineous wrote: Edit: Yep, after you add the slave zone you need to edit it and re-enter the master IP, then it all works fine.
This has been fixed.

-Chris

[Malvineous]

Excellent! Are you able to take a look at the wiki link too? It goes to http://wiki.linode.com which just redirects back to the homepage.

[nabber00]

Looks like once you set this up ns1 and ns2.linode.com will allow AXFR from anywhere for any domains it is backing up. Any chance that can be fixed? Example, you can AXFR my domain, nabber.org:

dig nabber.org AXFR @ns1.linode.com

When querying the primary server it does not do this:

dig nabber.org AXFR @ns.nabber.org