Heres some tips and trix for setting up an named server on CentOS 7.
Disable IPv6
IPv6 is enabled by default in bind9. Bind9 will try to resolve som AAAA records at startup giving you error messages like below in /var/log/messages
Jan 22 22:20:07 ns2 named[16442]: error (network unreachable) resolving 'dns4.easydns.info/A/IN': 2001:500:49::1#53
You can disable ipv6 by editing /etc/sysconfig/named
# Disable ipv6 as ipv6 connection is missing # https://serverfault.com/questions/639061/network-unreachable-error-in-my-server-logs OPTIONS="-4"
Test Zone transfer
Zone transfers should be turned off according to nixCraft. To test using dig, run the command below.
dig dalesjo.com axfr @ns1.fnf.nu
If zone transfer is turned you should get the response below.
; <<>> DiG 9.8.3-P1-RedHat-9.8.3-2.P1.fc15 <<>> dalesjo.com axfr @ns1.fnf.nu ;; global options: +cmd ; Transfer failed.
If zone transfer is enabled you get a result that looks something like below.
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.2 <<>> dalesjo.com axfr @ns1.fnf.nu ;; global options: +cmd dalesjo.com. 3600 IN SOA ns1.fnf.nu. hostmaster.fnf.nu. 1516655448 21600 3600 1209600 3600 dalesjo.com. 86400 IN NS ns1.fnf.nu. dalesjo.com. 86400 IN NS ns2.fnf.nu. dalesjo.com. 86400 IN NS cdn2.dalesjo.com. dalesjo.com. 3600 IN A 83.223.14.89 ...
Serial
serial number is only used between Master and Slave servers. a slave only updates if the serial number is higher than before. you can solve this by forcing a transfer on the slave with this command.
rndc retransfer dalesjo.com