Serial number question..

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Serial number question..

Bruce  Johnson
Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.

Primary:

bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400


Secondaries:

bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400

Is the fix here just setting the serial number on the primary to 1762233708 ?

The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...


--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group

Institutions do not have opinions, merely customs


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Serial number question..

Reindl Harald


Am 17.12.20 um 19:56 schrieb Bruce Johnson:

> Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.
>
> Primary:
>
> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400
>
>
> Secondaries:
>
> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
>
> Is the fix here just setting the serial number on the primary to 1762233708 ?
>
> The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...

just set it *higher* on the master and you are done
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Serial number question..

Ricardo Stella
Suggestion I learned ages ago...

Set the serial number to match the date the change is made such as YYYYMMDDvv (Year, month, date, version).  For example: 2020121701

Of course, if you do more than 99 changes in a single day, you probably have other problems..


On Thu, Dec 17, 2020 at 2:02 PM Reindl Harald <[hidden email]> wrote:


Am 17.12.20 um 19:56 schrieb Bruce Johnson:
> Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.
>
> Primary:
>
> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu. 86404   IN      SOA     elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400
>
>
> Secondaries:
>
> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu. 86404   IN      SOA     elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu. 86404   IN      SOA     elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
>
> Is the fix here just setting the serial number on the primary to 1762233708 ?
>
> The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...

just set it *higher* on the master and you are done
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users


--
°(((=((===°°°(((================================================

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Serial number question..

Sten Carlsen
In reply to this post by Reindl Harald
The modulo arithmetic comes if you need it to be lower than in the slaves since they will consider a lower numbered transfer to be out of date and refuse to update. Meaning you will need to go to the top and round back to where you need to be.

-- 
Best regards 
Sten Carlsen


"No trees were killed in the making of this e-mail... however,
a large number of electrons were terribly inconvenienced."

On 17 Dec 2020, at 20.02, Reindl Harald <[hidden email]> wrote:



Am 17.12.20 um 19:56 schrieb Bruce Johnson:
Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.
Primary:
bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400
Secondaries:
bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
Is the fix here just setting the serial number on the primary to 1762233708 ?
The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...

just set it *higher* on the master and you are done
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Serial number question..

Ondřej Surý
In reply to this post by Bruce Johnson
Bruce,

you should start by picking a policy for your serial number. Both unixtime and datetime are viable, but you should pick one.

Then rotate to your desired policy by doing the serial number arithmetic. For datetime, you would just bump it, but for unixtime you will need to do that in more steps (as you have found on the Internet).

Ondrej
--
Ondřej Surý — ISC (He/Him)

> On 17. 12. 2020, at 19:56, Bruce Johnson <[hidden email]> wrote:
>
> Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.
>
> Primary:
>
> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu.    86404    IN    SOA    elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400
>
>
> Secondaries:
>
> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu.    86404    IN    SOA    elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
> pharmacy.arizona.edu.    86404    IN    SOA    elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
>
> Is the fix here just setting the serial number on the primary to 1762233708 ?
>
> The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...
>
>
> --
> Bruce Johnson
> University of Arizona
> College of Pharmacy
> Information Technology Group
>
> Institutions do not have opinions, merely customs
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Serial number question..

Bruce  Johnson
In reply to this post by Reindl Harald
Thanks, that worked perfectly!

> On Dec 17, 2020, at 12:02 PM, Reindl Harald <[hidden email]> wrote:
>
>
>
> Am 17.12.20 um 19:56 schrieb Bruce Johnson:
>> Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.
>> Primary:
>> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400
>> Secondaries:
>> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
>> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu. 86404 IN SOA elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
>> Is the fix here just setting the serial number on the primary to 1762233708 ?
>> The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...
>
> just set it *higher* on the master and you are done
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group

Institutions do not have opinions, merely customs


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Serial number question..

Mark Elkins
In reply to this post by Bruce Johnson

I was wondering if there was any significance in the SOA serial value....

$ date --date='@1297117089'
Tue Feb  8 00:18:09 SAST 2011
$ date --date='@1762233707'
Tue Nov  4 07:21:47 SAST 2025

...so nope (but sort of close?)

Personally - I try and use a YYYYMMDDxx format in my SOA Serial number - so in an easily understandable human readable format (as long as there are no more than 99 updates in a day - or one change every 15 minute clock tick). Another option is the current seconds since Unix epoch - which is what I thought might be going on. That could work for very busy or dynamic zones.

It then allows for simple sanity checking of the SOA Serial number based on the current date (and time) - before telling your authoritative nameserver software a change has happened.

Years ago - I had to rotate an SOA Serial past 2^31, negative and down, past Zero to the format we wanted when an uncontrolled SOA update happened. Pain in the rear end.

Anyway - the Secondaries will only update again once the Primary SOA Serial number is "bigger" than they are.

On 12/17/20 8:56 PM, Bruce Johnson wrote:
Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly.

Primary:

bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu.	86404	IN	SOA	elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400


Secondaries:

bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu.	86404	IN	SOA	elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu
pharmacy.arizona.edu.	86404	IN	SOA	elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400

Is the fix here just setting the serial number on the primary to 1762233708 ?

The various things online I’ve found are all based on “you accidentally set the primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...


--

Mark James ELKINS  -  Posix Systems - (South) Africa
[hidden email]       Tel: <a href="tel:+27826010496">+27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

Posix
          SystemsVCARD for
          MJ Elkins


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users