Discussion:
Zone transfer is happening intermittently between slave and master bind
Prasanna Mathivanan (pmathiva) via bind-users
2021-03-17 07:59:29 UTC
Permalink
Hi team,

I have a weird DNS issue where zone transfer between slave and master is happening intermittently or even if it happens it just says 0 records it got and then sometimes it gets all records.

Transfer completed: 0 messages, 1 records, 0 bytes, 0.001 secs (0 bytes/sec) • intermittent o/p

Transfer completed: 13 messages, 15423 records, 472336 bytes, 0.063 secs (7497396 bytes/sec) • excepted o/p which happens after two to three zone transfers with 0 messages.

When I initiate manual zone transfer via rndc retransfer <zone> it works fine.

Refresh interval set in zone is 4 hours but still even if it crosses this time zone transfer doesn’t work.

Is it something like if difference in serial number is big because of unsuccessful zone transfers and its taking time to catch up ?

I couldn’t find anything from logs (checked both xfer and messages)

Can anyone guide me if am missing something.
--
Thanks
Prasanna
Tony Finch
2021-03-17 12:51:44 UTC
Permalink
Post by Prasanna Mathivanan (pmathiva) via bind-users
I couldn’t find anything from logs (checked both xfer and messages)
The best way to find out if a secondary server thinks a zone is
out-of-date is to look at the notify log messages. On the primary you'll
see something like

17-Mar-2021 12:36:28.311 notify: info: zone cam.ac.uk/IN:
sending notifies (serial 1615984588)

and on a secondary you will see

17-Mar-2021 12:36:28.812 general: info: zone cam.ac.uk/IN/main:
notify from 2001:630:212:8::d:aa#43432: serial 1615984588

followed by xfer-out (on the primary) and xfer-in (on the secondary). The
xfer messages tell you how much of the zone was transferred but not the
serial number.

or if the zone is in sync you will see

17-Mar-2021 12:20:36.985 general: info: zone cl.cam.ac.uk/IN/main:
notify from 128.232.0.19#44340: zone is up to date

If the log messages do not match up like this then something isn't working
properly, such as the allow-notify ACL on the secondary - check there
aren't any erroneous "refused notify from..." messages in the secondary's
logs.

You can run `rndc notify` on the primary to trigger it on demand, which
can make debugging a bit more convenient. You can use `rndc zonestatus` on
the primary and secondary to see what they think the serial numbers are,
so you know whether the notify should trigger a transfer or not.

Tony.
--
f.anthony.n.finch <***@dotat.at> https://dotat.at/
Wight, Portland, Plymouth: Northwest veering north or northeast, 3 to 5.
Slight or moderate. Mainly fair. Mainly good.
Chuck Aurora
2021-03-17 13:54:55 UTC
Permalink
My guess comes from a hint in Tony's post,
Post by Tony Finch
notify from 2001:630:212:8::d:aa#43432: serial 1615984588
notify from 128.232.0.19#44340: zone is up to date
If the log messages do not match up like this then something isn't working
properly, such as the allow-notify ACL on the secondary - check there
aren't any erroneous "refused notify from..." messages in the
secondary's
logs.
My guess is that you are dual-stack but have not fully configured the
ipv6 side of things; maybe need to expand your masters {} list and
allow-transfer and allow-notify to include both protocol addresses?

[Exactly the situation I am in today, after enabling v6 on my second of
3 NS hosts. Just a thought.]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Matus UHLAR - fantomas
2021-03-17 08:53:14 UTC
Permalink
Post by Prasanna Mathivanan (pmathiva) via bind-users
I have a weird DNS issue where zone transfer between slave and master is
happening intermittently or even if it happens it just says 0 records it
got and then sometimes it gets all records.
that should be fine, there may be incremental transfer done, which only
transfers changes.
Post by Prasanna Mathivanan (pmathiva) via bind-users
Transfer completed: 0 messages, 1 records, 0 bytes, 0.001 secs (0 bytes/sec) • intermittent o/p
Transfer completed: 13 messages, 15423 records, 472336 bytes, 0.063 secs (7497396 bytes/sec) • excepted o/p which happens after two to three zone transfers with 0 messages.
When I initiate manual zone transfer via rndc retransfer <zone> it works fine.
I guess this forces full transfer.
Post by Prasanna Mathivanan (pmathiva) via bind-users
Refresh interval set in zone is 4 hours but still even if it crosses this time zone transfer doesn’t work.
refresh means how often to check for updates, but transfer happens only when
there's a change.
Post by Prasanna Mathivanan (pmathiva) via bind-users
Is it something like if difference in serial number is big because of unsuccessful zone transfers and its taking time to catch up ?
the difference in serial number is how change is detected.
Note that new serial must be bigger than the old one.

(there are measures if it's to be wrapped around zero).

what is your real problem?
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
Loading...