I agonized long and hard with this mistake. Where did – it is unknown. What is clear is that dnsmanager (dnsmgr) changed the permissions of the directory.
Error manifests itself to the server bind9, used as a Secondary DNS.
If your secondary server when prompted type host -a domain.tld. ns1.domaint.tld reports an error SERVFAIL – restart bind9 (/etc/init.d/bind9 restart) and check / var / log / syslog on the presence of about following lines:
Jul 12 05:56:16 Debian named : transfer of ‘domain.tld / IN / ns1.domain.tld’ from 178.63.xxx.xxx # 53: failed while receiving responses: permission denied
Yes, it would be logical first step to stamp on the master and watch closely, why does not give master record. So I went and spent a week on studying config bind9. But, as usually happens, if you use products ispsystem Debian, it was quite commonplace problem:
Debian: ~ # ps aux | grep bind
bind 22734 0.0 0.1 11152 253116? Ssl Jul12 0:02 / usr / sbin / named -u bind
root 23260 0.0 0.0 5160 772 pts / 4 R + 13:46 0:00 grep bind
Debian: ~ # ls -al / etc / bind
drwxr-xr-x 2 root root 4.0K 2010-07-12 16:37 ns1.domain.biz
This directory (ns1.domain.biz) – directory with files created in domains for bind9 area called ns1.domain.biz
User bind can not write any files to this directory. Therefore, he can not accept the zone files from the master NS.
Corrected very easily, many guessed as:
Debian: ~ # chown -R bind: root /etc/bind/ns1.domain.biz
Debian: ~ # /etc/init.d/bind9 restart
All your Secondary NS must now obtain records from the master.
P.S. – Thank you very much for such a company ispsystem buggy product as dnsmanager. And thanks for the support that has not bothered to read carefully the ticket. Enchanting to read response from tech support – read the logs, look, why do not server2 gets record c server3, though server2 and server3 – both of slaves for server1.
P.P.S. – Problem appeared already in operation dnsmanager. aptitude upgrade on the server is not running. And in general about the server as it is dnsmanager forgotten. Customers are worried that they can not delegate the new domains to our NS.