Hi Azzam,

thank you for very detailed and perfect description of what you do :)

Could you please focus on SOA serial numbers? In the section "Steps I use to create zones", you have the serial 2018070410 on both master and slave, which would effectively prevent the transfer. Please avoid having different zone versions with the same serial. However, in the section "Problems", you have already 2018070411 at the master, which makes me more puzzled.

Anyway, you shall check the logs on both master and slave to see what is going on (the logs are in syslog according to our conf). You would see there all the notifies sent by the master and recvd by the slave, all the transfer attempts and reasons why they gave up, and also your knotc commands. Everything with timestamps. I hope it will be clear to you immediately.

Don't hestitate to write again if still clueless,

Libor


Dne 02.01.20 v 23:55 Azzam S.A napsal(a):

Setting up slave zone (slave DNS server)

I’ve asked the previous question Setting up slave zone (slave DNS server).
And I’ve followed Libor Peltan’s advice to also configure the zone in the slave
side. But It still didn’t work for me.

Config

knot.conf in master server

# This is a sample of a minimal configuration file for Knot DNS.
# See knot.conf(5) or refer to the server documentation.

server:
    rundir: "/run/knot"
    user: knot:knot
    listen: [ 127.0.0.1@53, ::1@53 ]

log:
  - target: syslog
    any: info

database:
    storage: "/var/lib/knot"

remote:
  - id: slave1
    address: 111.11.11.111@53

acl:
  - id: slave1_acl
    address: 111.11.11.111
    action: transfer

template:
  - id: default
    storage: "/var/lib/knot"
    file: "%s.zone"

zone:
#    # Master zone
#  - domain: example.com
#    notify: slave
#    acl: acl_slave

#    # Slave zone
#  - domain: example.net
#    master: master
#    acl: acl_master

knot.conf in my slave server

# This is a sample of a minimal configuration file for Knot DNS.
# See knot.conf(5) or refer to the server documentation.

server:
    rundir: "/run/knot"
    user: knot:knot
    listen: [ 127.0.0.1@53, ::1@53 ]

log:
  - target: syslog
    any: info

database:
    storage: "/var/lib/knot"

remote:
  - id: master1
    address: 222.22.22.222@53

acl:
  - id: master1_acl
    address: 222.22.22.2222
    action: notify

template:
  - id: default
    storage: "/var/lib/knot"
    file: "%s.zone"

zone:
#    # Master zone
#  - domain: example.com
#    notify: slave
#    acl: acl_slave

#    # Slave zone
#  - domain: example.net
#    master: master
#    acl: acl_master

conf-read result

conf-read in master server

[root@knot-master-1 centos]# knotc conf-read
server.rundir = /run/knot
server.user = knot:knot
server.listen = 127.0.0.1@53 ::1@53
log.target = syslog
log[syslog].any = info
database.storage = /var/lib/knot
acl.id = slave1_acl
acl[slave1_acl].address = 222.22.22.222
acl[slave1_acl].action = transfer
remote.id = slave1
remote[slave1].address = 222.22.22.222@53
template.id = default
template[default].storage = /var/lib/knot
template[default].file = %s.zone
zone.domain = namadomain.com.
zone[namadomain.com.].file = namadomain.com.zone
zone[namadomain.com.].notify = slave1
zone[namadomain.com.].acl = slave1_acl

conf-read in slave server

[root@knot-slave-1 centos]# knotc conf-read
server.rundir = /run/knot
server.user = knot:knot
server.listen = 127.0.0.1@53 ::1@53
log.target = syslog
log[syslog].any = info
database.storage = /var/lib/knot
acl.id = master1_acl
acl[master1_acl].address = 111.11.11.111
acl[master1_acl].action = notify
remote.id = master1
remote[master1].address = 111.11.11.111@53
template.id = default
template[default].storage = /var/lib/knot
template[default].file = %s.zone
zone.domain = namadomain.com.
zone[namadomain.com.].master = master1
zone[namadomain.com.].acl = master1_acl

Zone Read

zone-read in master server

[root@knot-master-1 centos]# knotc zone-read --
[namadomain.com.] namadomain.com. 86400 TXT "hello"
[namadomain.com.] namadomain.com. 86400 SOA ns1.biz.net.id. hostmaster.biz.net.id. 2018070411 3600 3600 604800 38400

zone-read in slave server

[root@knot-slave-1 centos]# knotc zone-read --
[namadomain.com.] namadomain.com. 86400 SOA ns1.biz.net.id. hostmaster.biz.net.id. 2018070410 3600 3600 604800 38400

Steps I use to create a zone

in master server

knotc conf-begin
knotc conf-set 'zone[namadomain.com]'
knotc conf-set 'zone[namadomain.com].file' 'namadomain.com.zone'
knotc conf-set 'zone[namadomain.com].notify' 'slave1'
knotc conf-set 'zone[namadomain.com].acl' 'slave1_acl'
knotc conf-commit

knotc zone-begin namadomain.com
knotc zone-set namadomain.com. @ 86400 SOA ns1.biz.net.id. hostmaster.biz.net.id. 2018070410 3600 3600 604800 38400
knotc zone-set namadomain.com. @ 86400 TXT "hello"
knotc zone-commit namadomain.com

in slave server

knotc conf-begin
knotc conf-set 'zone[namadomain.com]'
knotc conf-set 'zone[namadomain.com].master' 'master1'
knotc conf-set 'zone[namadomain.com].acl' 'master1_acl'
knotc conf-commit

knotc zone-begin namadomain.com
knotc zone-set namadomain.com. @ 86400 SOA ns1.biz.net.id. hostmaster.biz.net.id. 2018070410 3600 3600 604800 38400
knotc zone-commit namadomain.com

Problems

If we look closely. I’ve crated the configuration of namadomain.com in
both master and slave servers. Also I’ve created the SOA record of of
namadomain.com in both master and slave servers. But I only create file
config in master server and TXT record in master server (to test if AXFR zone transfer worked).

Unfortunately, the file config and the TXT record is not created by slave,
even though I’ve waited for more than hour (1 day actually). Am I missing
something here? (I never put the zone directly in zone: section of knot.conf,
I always use knotc since I will use libknot control.py to manage zones with our
app)

Also am I able to see if the knot in master emit the transfer ‘signal’ and check
if knot in slave receive that signal? So It will make me easier to debug.

I’ve tried to trigger knotc zone-notify namadomain.com in master side,
and knotc zone-retransfer namadomain.com in slave side. But nothing
changed.

[root@knot-master-1 centos]# knotc zone-notify namadomain.com
OK
[root@knot-master-1 centos]# knotc zone-read --
[namadomain.com.] namadomain.com. 86400 TXT "hello"
[namadomain.com.] namadomain.com. 86400 SOA ns1.biz.net.id. hostmaster.biz.net.id. 2018070411 3600 3600 604800 38400

[root@knot-slave-1 centos]# knotc zone-retransfer namadomain.com
OK
[root@knot-slave-1 centos]# knotc zone-read --
[namadomain.com.] namadomain.com. 86400 SOA ns1.biz.net.id. hostmaster.biz.net.id. 2018070410 3600 3600 604800 38400

Machine

# knotc --version
knotc (Knot DNS), version 2.9.1

OS: CentOS 7.5

Thank you in advance.