Topic: DNS Zone Transfers

[markehle]

Hello -

At the library where I work, we have put in a 6.0 SME server to handle our email and DNS.

The email part works great, but we got a call from our ISP, and they said that we are authoritative for our zone, but the new DNS server is not doing zone tranfsers.

What do I need to do to enable this? Is there a contrib to cover this? The ISP said that they could take over the zone for us, but I would rather be able to add IP's on the fly.

Help!

Mark Ehle
COmputer Support Librarian
Willard Public Library
Battle Creek, MI

[markehle]

Forgot to mention (don't know if this makes any difference) that we are using the SME server in server-mode. It sits in the DMZ of a checkpoint-1 firewwall.

Mark

[markehle]

More info on our situation:

My ISP guy says that they are using BIND 9. He is of the oppinion that TinyDNS only supports zone transfers between other TinyDNS servers.

He also said that one solution is to  "switch all authoritative DNS to <our isp>". Is that how you all run it?

Thanks again -

Mark

[smeghead]

Hmm, methinks that a bit more reading on SME might have helped

SME uses TinyDNS in caching mode only!!!  On a standard install it is not capable of running as an authoratative (read Public) DNS server for any domain.

There has been quite a lot of discussion here regarding TinyDNS and changing it to run as a public DNS server.

A howto has been cobbled together and I have scripted this to provide both an install (and as important if it doesn't work) an un-install process.  Email for the scripts if you want them.

A word of warning, only run a Public DNS if you really have to and are prepared to keep it monitored for attempted abuse.

I would suggest using the free Zoneedit DNS servers to host your domain so they worry about the DNS server security and you get worldwide redundant DNS serving for nothing; all controlled via your web browser.

BTW make sure your ISP is setup as your backup mx and sets up their system to treat your domain as allowed (cos they are not hosting your domain it will otherwise be seen as foreign)

HTH

[markehle]

Hmm, methinks that a bit more reading on SME might have helped

Yup, I'm sure it would have. Please point me to where the info is. I searched this site and googled about it and came up with very little. Maybe if I knew more about DNS, I would have been able to see this coming.

All I know is that I have used SME at home for 2 years and it has worked great. I just expected that it would do the same at work. My oppinion is that it would be nice to have the option on SME to handle this.

Thanks -

Mark

[dmac]

How is your domain name (www, FTP,mail) being handled at this time?  

The fact that you are authoritive for your domain is good, it means that you control the addition of hosts to your domain.  I would be curious why your ISP wants your domain to be replicated outside of your network.  Usually domain replication is used between Primary and Secondary DNS Servers on your network.

Is the SME Server the only DNS server, or do you have another DNS Server that is sitting behind the firewall?

[markehle]

How is your domain name (www, FTP,mail) being handled at this time?  

We were using an old sun sparcstation that must have been running some kind of BIND. It has since died, so there is no going back. It was authoritive for our domain, and our ISP was running a secondary DNS server. We have no other DNS servers. The problem is that the new SME box will not talk "zone transfers" with the ISP's servers, so they eventually decide that we are not around anymore.

We have changed to letting our ISP handle our zone, and let the SME box be a caching DNS server (apparently what it was designed to do anyway). I will know tomorrow morning if this works, as that is when the ISP will make the switch.

Thanks -

Mark

[PsyDuck]

It's quite easy to get the zonetransfer thing to run.

I've set up a Primary DNS server with Zonetransfer using only the 'default' installed SME components.

If you have a working 'Public DNS' then all you need to do is to enable the 'axfrdns' service, there is a link to a howto somewhere in the forum.

[markehle]

I found this howto: http://www.eviltyrant.com/sme_6b3_public_dns_howto.txt

Will it work when talking to DNS servers running BIND?

Thanks -

Mark

[PsyDuck]

I used http://forums.contribs.org/index.php?topic=22204.0

to set up a 'Public DNS'....had to modify the templates a bit to suite my needs.

Then I enabled the axfrdns service and pointed it to my 'Public DNS' database.

Just to clarify how I'm using the DNS:
I've set up my SME to act as a Primary DNS for my domain. Secondary DNS and MX Backup are services that I've bought from my ISP.

The Secondary DNS are the one that initates the Zone Transfers (And I guess they are using BIND? Shouldn't matter...) and all I need to do for the ZT to work is to enable the axfrdns service and add the Secondary DNS to the list of permitted IPs.

If this is the way things will work for you then I probably can be of some assistance.