Hello,

We have 2 dns server, both on a different interworx-cp box

When we try to edit the name server for french registrar they do a zonecheck from AFNIC.

The zonecheck fails because the serial number is not the same for primary and secodnary DNS server.

Here is an example on how AFNIC does tests valifdation for zone .FR

http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=calleva.fr&ns0=ns1.carat-hosting.com&ips0=&ns1=ns2.carat-hosting.com&ips1=&ns2=&ips2=&ns3=&ips3=&ns4=&ips4=&ns5=&ips5=&ns6=&ips6=&ns7=&ips7=&intro=t&explain=t&details=t&progress=counter&report=byseverity&format=html&lang=en&errorlvl=&profile=afnic&chkmail=t&chkzone=t&chkrir=t&transp3=ipv4&transp3=ipv6&transp4=std


So we can't host .fr domain !!!

Before our name servers was one the same box, so we didn't have this pbm.

HOW is it possible to have the same serial number ?
How could we resolve this issue ?

Thaqnks for your help

Pascal

Thanks Pascal. We have a previous bug report already filed about a similar problem with DNS serial numbers (the serial numbers currently change every 5 minutes). I'll add this to the list.

Socheat

Forgot to ask, how are you keeping the two DNS servers in sync?

Forgot to ask, how are you keeping the two DNS servers in sync?

To have the 2 boxes in sync I've had to add a "Sleep 20; " for the iworx --fively cron job on the first box :)

Pascal

For what it's worth - I'm not having this problem (as long as I don't do a DNS check at the exact moment the boxes are syncing).

I've got 2 different IWorx boxes syncing with a single (non-Iworx) djbdns installation for secondary (using the tweaked script located elsewhere in this forum).

JB

For what it's worth - I'm not having this problem (as long as I don't do a DNS check at the exact moment the boxes are syncing).

I've got 2 different IWorx boxes syncing with a single (non-Iworx) djbdns installation for secondary (using the tweaked script located elsewhere in this forum).

JB

This problem is only for some LTD as FR for example !

Indeed, every registrar that sell .FR must pass a Zonecheck from the AFNIC when they update the primary and secondary servernames

If the AFNIC Zonechechk fails then the registrar refused to setup your Primary/secondary server names !

Pascal

This problem is only for some LTD as FR for example !

Indeed, every registrar that sell .FR must pass a Zonecheck from the AFNIC when they update the primary and secondary servernames

If the AFNIC Zonechechk fails then the registrar refused to setup your Primary/secondary server names !

Pascal

Right - but, I thought the reason the zonecheck is failing is because the serial numbers aren't in sync.

I'm only indicating that I'm not having an "in-sync" issue (no pun intended - and in fact, I hope I *never* have *that* issue .. :) ) If you could get the sync-ing problem fixed, then the zonecheck would pass (unless I'm missing something else).

ha ha ha I think I explain very badly

You right I have this zonecheck problem, not because the sync is not well done, but because one box sync the other in a bad order.

The server A sync server B and server B sync server A (because ns1 is on server A and ns2 is on server B)

So there is a difference in the serial number

The only way I found to resolve this is set the 5 mn crontab at the exact same hours on the two box and then put a delay on one of the box of 10 or 20 seconds

Pascal

Got it.

Have you thought of just syncing all of your DNS to "secondary" servers? Think of staging yourself for the situation of when you may have 25 Iworx servers - and you'll probably still only want to have 2 functioning as DNS for resolution from the outside for your hosted domains (not 25+).

I currently sync more than 1 IWorx box to external DNS - which works great (esp. since we have MX resolution for certain domains outside of the originating IWorx box. This allows mail to flow even when the "primary" DNS" is down).

We tend to have less of the serial numbers not matching since it only has to sync one direction, not two.

JB

I already have more than 2 servers, but 2 of them are my ns. All of others servers sync to 1 (which sync to the secondary). There is only these 2 servers that sync themself :)

So we won't have 25+ dns servers :)

Thanks JB for the tips

Pascal