DNS Server failed to notify name server

[Sysadminfromhell]

Hello everyone,

I have a problem that the notify to the other name servers always fail.

I just dont know why the error code is REFUSED: [2024-01-15 09:13:00 Local] DNS Server failed to notify name server 'dns02.fritz.box' (RCODE=Refused) for zone: fritz.box [2024-01-15 09:13:00 Local] DNS Server failed to notify name server 'dns02.fritz.box' (RCODE=Refused) for zone: 178.168.192.in-addr.arpa There is no Firewall in between. On both servers the Zones are primary and the SOA is, as you can see, DNS01.

Kind regards,

[Sysadminfromhell]

The funny part: Even dns02 says the notify failed for dns02. How does this work?

[ShreyasZare]

Thanks for the post. The issue is as you state:

On both servers the Zones are primary

There must be only one primary zone and the other zone on the second server must be secondary zone. The notify mechanism is to alert secondary zones to start zone transfer when primary zone has any updates.

Since, both your zones are primary, both are sending notify requests to each other and thus both will refuse to accept them.

[Sysadminfromhell]

Okay, but in a secondary Zone I cannot make any changes, right? So It´s not really failover...

[ShreyasZare]

Okay, but in a secondary Zone I cannot make any changes, right? So It´s not really failover...

Yes. Secondary zone is read only and will get updates only from primary zone. When primary server is down for any reason, the secondary will respond to queries but you wont be able to update the zone until your primary is back up or that you use the Convert Zone option to change the zone from secondary to primary manually.

[Sysadminfromhell]

But as far As I understand any other DNS Server the SOA detemerm which is the primary (master) and which not. Changes should be able to be done on all NS Servers.

[Sysadminfromhell]

Yes. Secondary zone is read only and will get updates only from primary zone. When primary server is down for any reason, the secondary will respond to queries but you wont be able to update the zone until your primary is back up or that you use the Convert Zone option to change the zone from secondary to primary manually.

Its nor really failover / loadbalancing then in my opinion. I I can´t make changes on both DNS Servers the DHCP Server won´t be able to update the DynDNS Names to both Servers because the DNS02 can't accept these changes.

[ShreyasZare]

But as far As I understand any other DNS Server the SOA detemerm which is the primary (master) and which not.

The SOA specified the primary name server which holds the primary zone. Note that its not necessary that the SOA record specified the actual server that holds the primary zone.

Changes should be able to be done on all NS Servers.

Changes are permitted only on primary zone which in DNS is only a single server unless the DNS server has some kind of non-standard/proprietary clustering feature.

[Sysadminfromhell]

Okay, so the non-standard clustering Feature, for example, from Microsoft in a Windows Domain is non-standard. As far as I'm aware DNS is not failover this is true, but as far as I know even BIND9 has some kind of feature for that? At least in the company I work in you can send Update requests to both DNS Servers and it will be transfered successfully. I will see if I can find a documentation for it and maybe create a FR?

[ShreyasZare]

Its nor really failover / loadbalancing then in my opinion. I I can´t make changes on both DNS Servers the DHCP Server won´t be able to update the DynDNS Names to both Servers because the DNS02 can't accept these changes.

In DNS, load balancing is just having more than one name server. Failover too is same from client's perspective. In your case, its that when primary zone is down, your DHCP updates would fail.

The standard model is that primary zone can only update records. This becomes even more strict when the zone is signed since the primary zone holds the private keys for the zone.

[ShreyasZare]

Okay, so the non-standard clustering Feature, for example, from Microsoft in a Windows Domain is non-standard. As far as I'm aware DNS is not failover this is true, but as far as I know even BIND9 has some kind of feature for that? At least in the company I work in you can send Update requests to both DNS Servers and it will be transfered successfully. I will see if I can find a documentation for it and maybe create a FR?

Secondary zone server will automatically forward the Dynamic Updates RFC 2136 requests to primary server so its not that the secondary zone is being updated directly.

[Sysadminfromhell]

Alright, so even when the RFC2136 request comes to dns02 he will forward the request. Good to know I wasn't aware of that.

[Sysadminfromhell]

Is there a way to change the Zone type from primary to secondary?

[ShreyasZare]

Alright, so even when the RFC2136 request comes to dns02 he will forward the request. Good to know I wasn't aware of that.

Yes, its just being forwarded to primary zone as specified in the RFC.

[ShreyasZare]

Is there a way to change the Zone type from primary to secondary?

Yes, you will find it in Options > Convert Zone when you edit the zone.

[Sysadminfromhell]

Is there a way to change the Zone type from primary to secondary?

Yes, you will find it in Options > Convert Zone when you edit the zone.

no can do:

[ShreyasZare]

no can do

Ohh right. Convert works from secondary to primary. In your case, you have to delete the primary zone on the second server and use Add Zone option to add secondary zone where you will need to specify the primary server's IP address and it will sync immediately.

[Sysadminfromhell]

Yea I just did that 👍 Thanks for the Input tho :)

[ShreyasZare]

You're welcome :)