AXFR Problems sind Upgrade to 9.16.12

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

AXFR Problems sind Upgrade to 9.16.12

Klaus Darilion-2
Hello!

Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries (NSD/bind)

Today we upgraded bind-1 and bind-2 from:
9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1

AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can not transfer the zone from bind-1 anymore:

bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-internal (example): transfer of 'example/IN': send: operation canceled
bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while receiving responses: end of file
bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status: end of file
bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs (11072186 bytes/sec) (serial 1069865757)

I tried "dig axfr @bind-1 ..." which also fails:
;; communications error to xx.xx.xx.22#53: end of file

Same with kdig:
;; WARNING: can't connect to 83.136.34.24@53(TCP)
;; ERROR: failed to query server 83.136.34.24@53(TCP)

The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.

Of course also AXFR from bind-2 to our public secondaries fail to. So I suspect this is problem on the "sending" side of bind9. As it worked without problem until the upgrade I think this is a regression.

Are there any known issues with 9.16.12?
Do you provide old PPA packages so that we can downgrade?

Thanks
Klaus

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

AW: AXFR Problems sind Upgrade to 9.16.12

Klaus Darilion-2
I just wanted to add, that AXFR of all other hosted zones work fine (even bigger ones). Only this single zone fails.
Thanks
Klaus

> -----Ursprüngliche Nachricht-----
> Von: bind-users <[hidden email]> Im Auftrag von Klaus
> Darilion
> Gesendet: Donnerstag, 11. März 2021 21:24
> An: [hidden email]
> Betreff: AXFR Problems sind Upgrade to 9.16.12
>
> Hello!
>
> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
> (NSD/bind)
>
> Today we upgraded bind-1 and bind-2 from:
> 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
>
> AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can
> not transfer the zone from bind-1 anymore:
>
> bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-
> internal (example): transfer of 'example/IN': send: operation canceled
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while
> receiving responses: end of file
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status:
> end of file
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer
> completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs
> (11072186 bytes/sec) (serial 1069865757)
>
> I tried "dig axfr @bind-1 ..." which also fails:
> ;; communications error to xx.xx.xx.22#53: end of file
>
> Same with kdig:
> ;; WARNING: can't connect to 83.136.34.24@53(TCP)
> ;; ERROR: failed to query server 83.136.34.24@53(TCP)
>
> The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
>
> Of course also AXFR from bind-2 to our public secondaries fail to. So I suspect
> this is problem on the "sending" side of bind9. As it worked without problem
> until the upgrade I think this is a regression.
>
> Are there any known issues with 9.16.12?
> Do you provide old PPA packages so that we can downgrade?
>
> Thanks
> Klaus
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: AXFR Problems sind Upgrade to 9.16.12

Ondřej Surý
In reply to this post by Klaus Darilion-2
Hi Klaus,

can you please fill a proper issue in the gitlab.isc.org?  We are going to need
more details and anonymizing the logs isn’t a good way to go forward. In the
GitLab you can make the issue confidential and we will sanitize any user data
before making it public.

Thanks,
Ondrej
--
Ondřej Surý (He/Him)
[hidden email]

> On 11. 3. 2021, at 21:24, Klaus Darilion <[hidden email]> wrote:
>
> Hello!
>
> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries (NSD/bind)
>
> Today we upgraded bind-1 and bind-2 from:
> 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
>
> AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can not transfer the zone from bind-1 anymore:
>
> bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-internal (example): transfer of 'example/IN': send: operation canceled
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while receiving responses: end of file
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status: end of file
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs (11072186 bytes/sec) (serial 1069865757)
>
> I tried "dig axfr @bind-1 ..." which also fails:
> ;; communications error to xx.xx.xx.22#53: end of file
>
> Same with kdig:
> ;; WARNING: can't connect to 83.136.34.24@53(TCP)
> ;; ERROR: failed to query server 83.136.34.24@53(TCP)
>
> The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
>
> Of course also AXFR from bind-2 to our public secondaries fail to. So I suspect this is problem on the "sending" side of bind9. As it worked without problem until the upgrade I think this is a regression.
>
> Are there any known issues with 9.16.12?
> Do you provide old PPA packages so that we can downgrade?
>
> Thanks
> Klaus
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

AW: AXFR Problems sind Upgrade to 9.16.12

Klaus Darilion-2
I will - in the meantime: do you have older ppa packages somewhere on archive?

Thanks
Klaus

> -----Ursprüngliche Nachricht-----
> Von: Ondřej Surý <[hidden email]>
> Gesendet: Donnerstag, 11. März 2021 21:49
> An: Klaus Darilion <[hidden email]>
> Cc: [hidden email]
> Betreff: Re: AXFR Problems sind Upgrade to 9.16.12
>
> Hi Klaus,
>
> can you please fill a proper issue in the gitlab.isc.org?  We are going to need
> more details and anonymizing the logs isn’t a good way to go forward. In the
> GitLab you can make the issue confidential and we will sanitize any user data
> before making it public.
>
> Thanks,
> Ondrej
> --
> Ondřej Surý (He/Him)
> [hidden email]
>
> > On 11. 3. 2021, at 21:24, Klaus Darilion <[hidden email]> wrote:
> >
> > Hello!
> >
> > Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
> (NSD/bind)
> >
> > Today we upgraded bind-1 and bind-2 from:
> > 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
> >
> > AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can
> not transfer the zone from bind-1 anymore:
> >
> > bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-
> internal (example): transfer of 'example/IN': send: operation canceled
> > bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while
> receiving responses: end of file
> > bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status:
> end of file
> > bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer
> completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs
> (11072186 bytes/sec) (serial 1069865757)
> >
> > I tried "dig axfr @bind-1 ..." which also fails:
> > ;; communications error to xx.xx.xx.22#53: end of file
> >
> > Same with kdig:
> > ;; WARNING: can't connect to 83.136.34.24@53(TCP)
> > ;; ERROR: failed to query server 83.136.34.24@53(TCP)
> >
> > The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
> >
> > Of course also AXFR from bind-2 to our public secondaries fail to. So I
> suspect this is problem on the "sending" side of bind9. As it worked without
> problem until the upgrade I think this is a regression.
> >
> > Are there any known issues with 9.16.12?
> > Do you provide old PPA packages so that we can downgrade?
> >
> > Thanks
> > Klaus
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> >
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> >
> > bind-users mailing list
> > [hidden email]
> > https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: AXFR Problems sind Upgrade to 9.16.12

Ondřej Surý
Unfortunately, we don’t, the PPA doesn’t keep old binaries when replaced with
newer once. I would not recommend running anything older than 9.16.11 as
the TCP code earlier than that is prone to data races.

Ondrej
--
Ondřej Surý (He/Him)
[hidden email]

> On 11. 3. 2021, at 22:05, Klaus Darilion <[hidden email]> wrote:
>
> I will - in the meantime: do you have older ppa packages somewhere on archive?
>
> Thanks
> Klaus
>
>> -----Ursprüngliche Nachricht-----
>> Von: Ondřej Surý <[hidden email]>
>> Gesendet: Donnerstag, 11. März 2021 21:49
>> An: Klaus Darilion <[hidden email]>
>> Cc: [hidden email]
>> Betreff: Re: AXFR Problems sind Upgrade to 9.16.12
>>
>> Hi Klaus,
>>
>> can you please fill a proper issue in the gitlab.isc.org?  We are going to need
>> more details and anonymizing the logs isn’t a good way to go forward. In the
>> GitLab you can make the issue confidential and we will sanitize any user data
>> before making it public.
>>
>> Thanks,
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> [hidden email]
>>
>>> On 11. 3. 2021, at 21:24, Klaus Darilion <[hidden email]> wrote:
>>>
>>> Hello!
>>>
>>> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
>> (NSD/bind)
>>>
>>> Today we upgraded bind-1 and bind-2 from:
>>> 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
>>>
>>> AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can
>> not transfer the zone from bind-1 anymore:
>>>
>>> bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-
>> internal (example): transfer of 'example/IN': send: operation canceled
>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while
>> receiving responses: end of file
>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status:
>> end of file
>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer
>> completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs
>> (11072186 bytes/sec) (serial 1069865757)
>>>
>>> I tried "dig axfr @bind-1 ..." which also fails:
>>> ;; communications error to xx.xx.xx.22#53: end of file
>>>
>>> Same with kdig:
>>> ;; WARNING: can't connect to 83.136.34.24@53(TCP)
>>> ;; ERROR: failed to query server 83.136.34.24@53(TCP)
>>>
>>> The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
>>>
>>> Of course also AXFR from bind-2 to our public secondaries fail to. So I
>> suspect this is problem on the "sending" side of bind9. As it worked without
>> problem until the upgrade I think this is a regression.
>>>
>>> Are there any known issues with 9.16.12?
>>> Do you provide old PPA packages so that we can downgrade?
>>>
>>> Thanks
>>> Klaus
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>> from this list
>>>
>>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>>
>>>
>>> bind-users mailing list
>>> [hidden email]
>>> https://lists.isc.org/mailman/listinfo/bind-users
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AXFR Problems sind Upgrade to 9.16.12

Ondřej Surý
Here’s the thought - could you be hit by issue [#2505](https://gitlab.isc.org/isc-projects/bind9/-/issues/2505)?

Check you logs for errors about journal when loading the zone.

Ondrej
--
Ondřej Surý (He/Him)
[hidden email]

> On 11. 3. 2021, at 23:46, Ondřej Surý <[hidden email]> wrote:
>
> Unfortunately, we don’t, the PPA doesn’t keep old binaries when replaced with
> newer once. I would not recommend running anything older than 9.16.11 as
> the TCP code earlier than that is prone to data races.
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> [hidden email]
>
>> On 11. 3. 2021, at 22:05, Klaus Darilion <[hidden email]> wrote:
>>
>> I will - in the meantime: do you have older ppa packages somewhere on archive?
>>
>> Thanks
>> Klaus
>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Ondřej Surý <[hidden email]>
>>> Gesendet: Donnerstag, 11. März 2021 21:49
>>> An: Klaus Darilion <[hidden email]>
>>> Cc: [hidden email]
>>> Betreff: Re: AXFR Problems sind Upgrade to 9.16.12
>>>
>>> Hi Klaus,
>>>
>>> can you please fill a proper issue in the gitlab.isc.org?  We are going to need
>>> more details and anonymizing the logs isn’t a good way to go forward. In the
>>> GitLab you can make the issue confidential and we will sanitize any user data
>>> before making it public.
>>>
>>> Thanks,
>>> Ondrej
>>> --
>>> Ondřej Surý (He/Him)
>>> [hidden email]
>>>
>>>> On 11. 3. 2021, at 21:24, Klaus Darilion <[hidden email]> wrote:
>>>>
>>>> Hello!
>>>>
>>>> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
>>> (NSD/bind)
>>>>
>>>> Today we upgraded bind-1 and bind-2 from:
>>>> 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
>>>>
>>>> AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can
>>> not transfer the zone from bind-1 anymore:
>>>>
>>>> bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-
>>> internal (example): transfer of 'example/IN': send: operation canceled
>>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while
>>> receiving responses: end of file
>>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status:
>>> end of file
>>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer
>>> completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs
>>> (11072186 bytes/sec) (serial 1069865757)
>>>>
>>>> I tried "dig axfr @bind-1 ..." which also fails:
>>>> ;; communications error to xx.xx.xx.22#53: end of file
>>>>
>>>> Same with kdig:
>>>> ;; WARNING: can't connect to 83.136.34.24@53(TCP)
>>>> ;; ERROR: failed to query server 83.136.34.24@53(TCP)
>>>>
>>>> The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
>>>>
>>>> Of course also AXFR from bind-2 to our public secondaries fail to. So I
>>> suspect this is problem on the "sending" side of bind9. As it worked without
>>> problem until the upgrade I think this is a regression.
>>>>
>>>> Are there any known issues with 9.16.12?
>>>> Do you provide old PPA packages so that we can downgrade?
>>>>
>>>> Thanks
>>>> Klaus
>>>>
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>> from this list
>>>>
>>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>>
>>>>
>>>> bind-users mailing list
>>>> [hidden email]
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AXFR Problems sind Upgrade to 9.16.12

Ondřej Surý
In reply to this post by Klaus Darilion-2
Klaus,

I pulled couple of the most important patches into the Ubuntu packages. Could you please try whether the updated package exhibits the same behavior?

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 11. 3. 2021, at 22:05, Klaus Darilion <[hidden email]> wrote:
>
> I will - in the meantime: do you have older ppa packages somewhere on archive?
>
> Thanks
> Klaus
>
>> -----Ursprüngliche Nachricht-----
>> Von: Ondřej Surý <[hidden email]>
>> Gesendet: Donnerstag, 11. März 2021 21:49
>> An: Klaus Darilion <[hidden email]>
>> Cc: [hidden email]
>> Betreff: Re: AXFR Problems sind Upgrade to 9.16.12
>>
>> Hi Klaus,
>>
>> can you please fill a proper issue in the gitlab.isc.org?  We are going to need
>> more details and anonymizing the logs isn’t a good way to go forward. In the
>> GitLab you can make the issue confidential and we will sanitize any user data
>> before making it public.
>>
>> Thanks,
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> [hidden email]
>>
>>>> On 11. 3. 2021, at 21:24, Klaus Darilion <[hidden email]> wrote:
>>>
>>> Hello!
>>>
>>> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
>> (NSD/bind)
>>>
>>> Today we upgraded bind-1 and bind-2 from:
>>> 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
>>>
>>> AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can
>> not transfer the zone from bind-1 anymore:
>>>
>>> bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-
>> internal (example): transfer of 'example/IN': send: operation canceled
>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while
>> receiving responses: end of file
>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status:
>> end of file
>>> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer
>> completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs
>> (11072186 bytes/sec) (serial 1069865757)
>>>
>>> I tried "dig axfr @bind-1 ..." which also fails:
>>> ;; communications error to xx.xx.xx.22#53: end of file
>>>
>>> Same with kdig:
>>> ;; WARNING: can't connect to 83.136.34.24@53(TCP)
>>> ;; ERROR: failed to query server 83.136.34.24@53(TCP)
>>>
>>> The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
>>>
>>> Of course also AXFR from bind-2 to our public secondaries fail to. So I
>> suspect this is problem on the "sending" side of bind9. As it worked without
>> problem until the upgrade I think this is a regression.
>>>
>>> Are there any known issues with 9.16.12?
>>> Do you provide old PPA packages so that we can downgrade?
>>>
>>> Thanks
>>> Klaus
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>> from this list
>>>
>>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>>
>>>
>>> bind-users mailing list
>>> [hidden email]
>>> https://lists.isc.org/mailman/listinfo/bind-users
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

AW: AXFR Problems sind Upgrade to 9.16.12

Klaus Darilion-2
In reply to this post by Klaus Darilion-2
For the records. With the help of Ondrej we found the cause: The problem is related to TCP timeouts not working as expected. If you are affected set tcp-initial-timeout and tcp-idle-timeout to 1200 (=120s). If you have huge zones with AXFRs > 120s you can download the source, increase the max timeoutvalue to some higher value and rebuild bind9.
I guess the problem is not related with 9.16.12 but we didn't noticed it as we usually use IXFR. For whatever reason our Bind used AXFR and now the timeout problems appeared.

regards
Klaus

> -----Ursprüngliche Nachricht-----
> Von: bind-users <[hidden email]> Im Auftrag von Klaus
> Darilion
> Gesendet: Donnerstag, 11. März 2021 21:24
> An: [hidden email]
> Betreff: AXFR Problems sind Upgrade to 9.16.12
>
> Hello!
>
> Our setup: Customer Primary --> bind-1 --> bind-2 --> public secondaries
> (NSD/bind)
>
> Today we upgraded bind-1 and bind-2 from:
> 9.16.6-3+ubuntu18.04.1+isc+3   --->   9.16.12-2+ubuntu18.04.1+isc+1
>
> AXFR from customer to bind-1 still works. But since the upgrade, bind-2 can
> not transfer the zone from bind-1 anymore:
>
> bind-1[3591]: client @0x7f6090274c78 xx.xx.xx.20#42767/key rcode0-
> internal (example): transfer of 'example/IN': send: operation canceled
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: failed while
> receiving responses: end of file
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer status:
> end of file
> bind2[4699]: transfer of 'example/IN' from xx.xx.xx.22#53: Transfer
> completed: 25079 messages, 9787583 records, 334058940 bytes, 30.171 secs
> (11072186 bytes/sec) (serial 1069865757)
>
> I tried "dig axfr @bind-1 ..." which also fails:
> ;; communications error to xx.xx.xx.22#53: end of file
>
> Same with kdig:
> ;; WARNING: can't connect to 83.136.34.24@53(TCP)
> ;; ERROR: failed to query server 83.136.34.24@53(TCP)
>
> The AXFR fails after receiving ~ 400MB. The full zone would be ~600MB.
>
> Of course also AXFR from bind-2 to our public secondaries fail to. So I suspect
> this is problem on the "sending" side of bind9. As it worked without problem
> until the upgrade I think this is a regression.
>
> Are there any known issues with 9.16.12?
> Do you provide old PPA packages so that we can downgrade?
>
> Thanks
> Klaus
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users