My IXFR/AXFR stopped suddenly

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

My IXFR/AXFR stopped suddenly

blason16
Hi Team,

Any clue how do I troubleshoot why master to Slave IXFR/AXFR stopped? It was working before even my logs shows notifies..I can connect to my slave on customised port that NOTIFY messages are sent but then PULL from slave to master is not working.

Master
zone "block.now" {
        type master;
        file "/var/lib/bind/zones/block.now.db";
        notify explicit;
        also-notify {
               2.2.2.2 port 15455;
        };
        allow-transfer {
                2.2.2.2;
        };
                       

ON SLAVE
zone "block.now" {
        type slave;
        file "/var/lib/bind/zones/block.now.db";
        masters { x.x.x.x; };
        allow-transfer { none; };
        allow-query { localhost;};
        allow-notify { x.x.x.x; };
        };

06-Jul-2018 14:10:28.341 client x.x.x.x#10090: received notify for zone 'block.now'
06-Jul-2018 14:14:54.988 client x.x.x.x#10093: received notify for zone 'block.now'




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Sten Carlsen
Hi

On 06/07/2018 15.46, Blason R wrote:
Hi Team,

Any clue how do I troubleshoot why master to Slave IXFR/AXFR stopped? It was working before even my logs shows notifies..I can connect to my slave on customised port that NOTIFY messages are sent but then PULL from slave to master is not working.

Master
zone "block.now" {
        type master;
        file "/var/lib/bind/zones/block.now.db";
        notify explicit;
        also-notify {
               2.2.2.2 port 15455;
        };
        allow-transfer {
                2.2.2.2;
        };
                       

ON SLAVE
zone "block.now" {
        type slave;
        file "/var/lib/bind/zones/block.now.db";
        masters { x.x.x.x; };
        allow-transfer { none; };
        allow-query { localhost;};
        allow-notify { x.x.x.x; };
        };

Maybe I am missing something but how will the slave know that it must use port 15455?
06-Jul-2018 14:10:28.341 client x.x.x.x#10090: received notify for zone 'block.now'
06-Jul-2018 14:14:54.988 client x.x.x.x#10093: received notify for zone 'block.now'





_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

pEpkey.asc (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Matus UHLAR - fantomas
>On 06/07/2018 15.46, Blason R wrote:
>> Any clue how do I troubleshoot why master to Slave IXFR/AXFR stopped?
>> It was working before even my logs shows notifies..I can connect to my
>> slave on customised port that NOTIFY messages are sent but then PULL
>> from slave to master is not working.

customised port, that's why transfers stopped working.

>> Master
>> zone "block.now" {
>>         type master;
>>         file "/var/lib/bind/zones/block.now.db";
>>         notify explicit;
>>         also-notify {
>>                2.2.2.2 port 15455;
>>         };
>>         allow-transfer {
>>                 2.2.2.2;
>>         };
>>                        
>>
>> ON SLAVE
>> zone "block.now" {
>>         type slave;
>>         file "/var/lib/bind/zones/block.now.db";
>>         masters { x.x.x.x; };
>>         allow-transfer { none; };
>>         allow-query { localhost;};
>>         allow-notify { x.x.x.x; };
>>         };

On 06.07.18 19:28, Sten Carlsen wrote:
>Maybe I am missing something but how will the slave know that it must
>use port 15455?

on the slave, you must configure the master with port 15455.
see "server" directive.
of course, it will use port 15455 for all queries then.

>> 06-Jul-2018 14:10:28.341 client x.x.x.x#10090: received notify for

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Anand Buddhdev
On 06/07/2018 19:36, Matus UHLAR - fantomas wrote:

> customised port, that's why transfers stopped working.

No Matus, you're wrong.

> on the slave, you must configure the master with port 15455.
> see "server" directive.
> of course, it will use port 15455 for all queries then.

No, you're off the track here.

Blason's config means this:

The slave is configured to listen on port 15455. The master has been
told to send a NOTIFY to the slave. The master will originate this
NOTIFY message from a random source port, and send it to the slave on
destination port 15455.

The slave is obviously receiving the NOTIFY message, as evidence by the
log message on the slave:

06-Jul-2018 14:10:28.341 client x.x.x.x#10090: received notify for zone
'block.now'

At this point, the slave should refresh the zone from the master. Blason
says it's not refreshing.

Blason, try debugging by using "dig" on the slave to manually transfer
the zone from the master. Maybe that will give you a clue to the problem.

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Sten Carlsen


On 06-07-2018 23.49, Anand Buddhdev wrote:

> On 06/07/2018 19:36, Matus UHLAR - fantomas wrote:
>
>> customised port, that's why transfers stopped working.
> No Matus, you're wrong.
>
>> on the slave, you must configure the master with port 15455.
>> see "server" directive.
>> of course, it will use port 15455 for all queries then.
> No, you're off the track here.
>
> Blason's config means this:
>
> The slave is configured to listen on port 15455.
Where in the slave's configuration is that specified? Rather the master
sends notifys on two ports: 53 and 15455.

>  The master has been
> told to send a NOTIFY to the slave. The master will originate this
> NOTIFY message from a random source port, and send it to the slave on
> destination port 15455.
>
> The slave is obviously receiving the NOTIFY message, as evidence by the
> log message on the slave:
>
> 06-Jul-2018 14:10:28.341 client x.x.x.x#10090: received notify for zone
> 'block.now'
>
> At this point, the slave should refresh the zone from the master. Blason
> says it's not refreshing.
>
> Blason, try debugging by using "dig" on the slave to manually transfer
> the zone from the master. Maybe that will give you a clue to the problem.
>
> Anand
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Best regards

Sten Carlsen

No improvements come from shouting:

"MALE BOVINE MANURE!!!"

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Anand Buddhdev
On 06/07/2018 23:52, Sten Carlsen wrote:

Hello Sten,

>> The slave is configured to listen on port 15455.
> Where in the slave's configuration is that specified? Rather the master
> sends notifys on two ports: 53 and 15455.

Blason has not shown his full config, but it must be listening on port
15455 to be receiving the NOTIFY message, as shown by the log entry.

The master has:

notify explicit;
also-notify {
    2.2.2.2 port 15455;
};

This tells the master to notify 2.2.2.2 on port 15455. There is no
notify on port 53. What made you think that port 53 is being used?

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

blason16
Yes Anand is right; I didnt diclose the full config at Slave but its been configured to listen on port 15455 and that UDP port is listening and I can connect to that port using nc.

It was in fact working absolutely fine but suddenly it stopped. 

@Ananad - can you confirm what command should I run on slave to debug and that is what I wanted which I am not aware of.

On Sat, Jul 7, 2018 at 3:28 AM Anand Buddhdev <[hidden email]> wrote:
On 06/07/2018 23:52, Sten Carlsen wrote:

Hello Sten,

>> The slave is configured to listen on port 15455.
> Where in the slave's configuration is that specified? Rather the master
> sends notifys on two ports: 53 and 15455.

Blason has not shown his full config, but it must be listening on port
15455 to be receiving the NOTIFY message, as shown by the log entry.

The master has:

notify explicit;
also-notify {
    2.2.2.2 port 15455;
};

This tells the master to notify 2.2.2.2 on port 15455. There is no
notify on port 53. What made you think that port 53 is being used?

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

blason16
Well, I just tried transferring zone using dig and it was successful from slave

On slave
dig AXFR block.now @xx.xx.xx.xx

On master xfer-out.log

07-Jul-2018 09:53:11.520 client xx.xx.xx.xx#16129 (immediate.block): transfer of 'block.now/IN': AXFR started (serial 2018061016)
07-Jul-2018 09:53:11.521 client xx.xx.xx.xx#16129 (immediate.block): transfer of 'block.now/IN': AXFR ended



On Sat, Jul 7, 2018 at 9:07 AM Blason R <[hidden email]> wrote:
Yes Anand is right; I didnt diclose the full config at Slave but its been configured to listen on port 15455 and that UDP port is listening and I can connect to that port using nc.

It was in fact working absolutely fine but suddenly it stopped. 

@Ananad - can you confirm what command should I run on slave to debug and that is what I wanted which I am not aware of.

On Sat, Jul 7, 2018 at 3:28 AM Anand Buddhdev <[hidden email]> wrote:
On 06/07/2018 23:52, Sten Carlsen wrote:

Hello Sten,

>> The slave is configured to listen on port 15455.
> Where in the slave's configuration is that specified? Rather the master
> sends notifys on two ports: 53 and 15455.

Blason has not shown his full config, but it must be listening on port
15455 to be receiving the NOTIFY message, as shown by the log entry.

The master has:

notify explicit;
also-notify {
    2.2.2.2 port 15455;
};

This tells the master to notify 2.2.2.2 on port 15455. There is no
notify on port 53. What made you think that port 53 is being used?

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

blason16
Well after numerous try I could not succeed hence then I had to delete the block.now.db file and had to restart the service 
it then done the AXFR and later IXFR started as well.

On Sat, Jul 7, 2018 at 9:55 AM Blason R <[hidden email]> wrote:
Well, I just tried transferring zone using dig and it was successful from slave

On slave
dig AXFR block.now @xx.xx.xx.xx

On master xfer-out.log

07-Jul-2018 09:53:11.520 client xx.xx.xx.xx#16129 (immediate.block): transfer of 'block.now/IN': AXFR started (serial 2018061016)
07-Jul-2018 09:53:11.521 client xx.xx.xx.xx#16129 (immediate.block): transfer of 'block.now/IN': AXFR ended



On Sat, Jul 7, 2018 at 9:07 AM Blason R <[hidden email]> wrote:
Yes Anand is right; I didnt diclose the full config at Slave but its been configured to listen on port 15455 and that UDP port is listening and I can connect to that port using nc.

It was in fact working absolutely fine but suddenly it stopped. 

@Ananad - can you confirm what command should I run on slave to debug and that is what I wanted which I am not aware of.

On Sat, Jul 7, 2018 at 3:28 AM Anand Buddhdev <[hidden email]> wrote:
On 06/07/2018 23:52, Sten Carlsen wrote:

Hello Sten,

>> The slave is configured to listen on port 15455.
> Where in the slave's configuration is that specified? Rather the master
> sends notifys on two ports: 53 and 15455.

Blason has not shown his full config, but it must be listening on port
15455 to be receiving the NOTIFY message, as shown by the log entry.

The master has:

notify explicit;
also-notify {
    2.2.2.2 port 15455;
};

This tells the master to notify 2.2.2.2 on port 15455. There is no
notify on port 53. What made you think that port 53 is being used?

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Alan Clegg
In reply to this post by blason16
On 7/7/18 12:25 AM, Blason R wrote:

> Well, I just tried transferring zone using dig and it was successful
> from slave
>
> On slave
> dig AXFR block.now @xx.xx.xx.xx
>
> On master xfer-out.log
>
> 07-Jul-2018 09:53:11.520 client xx.xx.xx.xx#16129 (immediate.block):
> transfer of 'block.now/IN': AXFR started (serial 2018061016)
> 07-Jul-2018 09:53:11.521 client xx.xx.xx.xx#16129 (immediate.block):
> transfer of 'block.now/IN': AXFR ended
>
This isn't using port 15455.

AlanC
--
Why don't we wander and follow la vie dansante.


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (607 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Anand Buddhdev
On 07/07/2018 13:31, Alan Clegg wrote:

>> Well, I just tried transferring zone using dig and it was successful
>> from slave
>>
>> On slave
>> dig AXFR block.now @xx.xx.xx.xx
>>
>> On master xfer-out.log
>>
>> 07-Jul-2018 09:53:11.520 client xx.xx.xx.xx#16129 (immediate.block):
>> transfer of 'block.now/IN': AXFR started (serial 2018061016)
>> 07-Jul-2018 09:53:11.521 client xx.xx.xx.xx#16129 (immediate.block):
>> transfer of 'block.now/IN': AXFR ended
>
> This isn't using port 15455.

That's right Alan, but how does that matter? Everyone here seems
obssessed by port 15455. It seems everyone here needs a lesson in how
BIND works:

master:
-------
- Listens on port 53
- Serves zone block.now
- Sends UDP NOTIFY to slave at 2.2.2.2, from a RANDOM source port, and
destination port 15455.

slave:
------
- Listens in port 15455
- Loads zone block.now from the master at xx.xx.xx.xx
- AXFRs zone block.now from master xx.xx.xx.xx by initiating a TCP query
with a RANDOM source port, and destination port 53 (the default).
- Gets NOTIFY from master, from a RANDOM source port, and to destination
port 15455, when the zone block.now is updated

This is a perfectly legal setup. Blason says it wasn't working, but I
can't explain why. There may be something else wrong.

Of course, Blason is also being awkward with all of us, by showing us
only parts of his configuration, instead of showing all of it. Normally
I would try to help folk, but I have very little patience for folk who
deliberately hide their configs from us, and expect us to guess what the
problem may be.

Are you paying attention Blason? Help yourself by sharing your FULL
configs, and avoid all this second-guessing from people.

Regards,
Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

Matus UHLAR - fantomas
In reply to this post by blason16
On 07.07.18 11:31, Blason R wrote:
>Well after numerous try I could not succeed hence then I had to delete the
>block.now.db file and had to restart the service
>it then done the AXFR and later IXFR started as well.

have you incremented the serial number on master?

if the serial on the slave is bigger or the same as the one on the master
(or the one in the NOTIFY), slave does not try to xfer the zone.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: My IXFR/AXFR stopped suddenly

blason16
OK - It seems there is a lot of confusion on setup as I didnt give the entire config.

Here is my entire config

Master config
zone "block.now" {
        type master;
        file "/var/lib/bind/zones/block.now.db";
        notify explicit;
        also-notify {
         2.2.2.2 port 15455;
        };
        allow-transfer {
         2.2.2.2;
        };



Slave Config
zone "block.now" {
        type slave;
        file "/var/lib/bind/zones/block.now.db";
        masters { 3.3.3.3; };
        allow-transfer { none; };
        allow-query { localhost;};
        allow-notify { 3.3.3.3; };
        };



/etc/bind/named.conf.options
options {
        version "custombind";
        allow-query     { localhost;subnets; };
        directory "/var/cache/bind";
        recursion yes;
        querylog yes;
        forwarders {
                1.1.1.1;9.9.9.9;208.67.222.222;8.8.8.8;
         };
//      dnssec-validation auto;
        request-ixfr yes;
        auth-nxdomain no;    # conform to RFC1035
//      listen-on-v6 { any; };
        listen-on port 53 { any; };
        listen-on port 15455 {any;};
        response-policy { zone "whitelist.allow" policy passthru;
                        zone "block.now";  };
};


On Sat, Jul 7, 2018 at 9:30 PM Matus UHLAR - fantomas <[hidden email]> wrote:
On 07.07.18 11:31, Blason R wrote:
>Well after numerous try I could not succeed hence then I had to delete the
>block.now.db file and had to restart the service
>it then done the AXFR and later IXFR started as well.

have you incremented the serial number on master?

if the serial on the slave is bigger or the same as the one on the master
(or the one in the NOTIFY), slave does not try to xfer the zone.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users