Reply

External secondary servers updates

Authority
Posts: 23
255     0

Hello guys,

 

I contact you regarding a big issue that I am facing.

I have a NS group with grid primary and external secondary (Microsoft)

Since this morning, the secondary servers are not getting updates. Here are the errors we have for all of them: 

 

client 10.X.X.X#51475: update 'example.com/IN' denied 
 
Have you ever seen that?
 
Thanks  
Highlighted

Re: External secondary servers updates

Adviser
Posts: 210
255     0

The log message quoted here indicates that the client is attempting a dynamic (DDNS) update and that is not allowed. This is separate from any zone transfers that the secondary servers may be attempting, and it is not clear from where this log message is being pulled from (the primary or secondary name servers).

 

With DDNS, the workflow should look like this:

 

  1. Client sends an SOA query for its own name (FQDN).
  2. DNS server returns an nxdomain response (an SOA record for the clients name is not expected to exist), which also includes the SOA for the zone (example.com).
  3. Client sends an update request to the primary name server learned from the mname value in the SOA record for the zone in question.

 

What is not clear here is where things are not working here. To get to the bottom of this, it would be important to answer the following:

  • Is the client sending its update to the wrong server? If so, check that the client isconfigured to resolve against the correct DNS server(s), and edit the properties for the zone and under the Settings tab, verify that the Primary name server (for SOA MNAME field) value is set correctly (if in doubt, do NOT override the default value).
  • Are zone transfers failing for some reason? Verify that the secondary servers are configured as external secondary name servers and under the Zone Transfers tab in the properties for the zone, that nothing is denying the secondary name servers` IP address(es).

 

To fully troubleshoot this type of issue, one would need to be able to analyze the configurations on each of the servers, all related log messages from the system logs, and possibly test with queries to verify responses. Infoblox Support would be able to assist you with going through all of that if needed.

 

Regards,

Tony

Re: External secondary servers updates

Authority
Posts: 23
256     0

Hello, 

Thank you for your reply.
 
Here is the configuration :
Example.com was hosted on the DC.
DHCP was configured on the grid and DDNS for example.com was forwarded to that DC.
 
Now, example.com has been migrated to the grid. I created a ns group : infoblox as grid primary and DC as external grid.
 
I removed the ddns forward as example.com is now in the grid.
 
We noticed that DC is not getting updates from infoblox (different SOA)
 
It was working before.
I believe DHCP and DNS are separated so it cannot be caused by the DHCP changes. Can it?
 
Here is how it should work:
- the machine has DC as preferred DNS and infoblox as DHCP server.
- it requests an IP from infoblox.
- DHCP server provides an IP and make a ddns to the primary server.
- primary server notifies external secondary (DC)
- DC requests an update.
- DC gets the update of example.com
 
thanks

Re: External secondary servers updates

Adviser
Posts: 210
256     0

Thank you for the additional information. The next thing that I would verify is that DDNS is enabled in Infoblox (Data Management -> DHCP -> Grid DHCP Properties -> IPv4 DDNS). After that, verify that the primary name server will accept updates from the (Infoblox) DHCP server(s).

 

Because of all of the different pieces involved here, I would recommend opening a case with Infoblox Support and they should be able to walk through this fairly quickly with you.

Showing results for 
Search instead for 
Do you mean 

Recommended for You