Zone transfer is happening intermittently between slave and master bind

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

On 17.03.21 07:59, Prasanna Mathivanan (pmathiva) via bind-users wrote:
>I have a weird DNS issue where zone transfer between slave and master is
> happening intermittently or even if it happens it just says 0 records it
> got and then sometimes it gets all records.

that should be fine, there may be incremental transfer done, which only
transfers changes.

>Transfer completed: 0 messages, 1 records, 0 bytes, 0.001 secs (0 bytes/sec) • intermittent o/p
>
>Transfer completed: 13 messages, 15423 records, 472336 bytes, 0.063 secs (7497396 bytes/sec) • excepted o/p which happens after two to three zone transfers with 0 messages.
>
>When I initiate manual zone transfer via rndc retransfer <zone> it works fine.

I guess this forces full transfer.

>Refresh interval set in zone is 4 hours but still even if it crosses this time zone transfer doesn’t work.

refresh means how often to check for updates, but transfer happens only when
there's a change.

>Is it something like if difference in serial number is big because of unsuccessful zone transfers and its taking time to catch up ?

the difference in serial number is how change is detected.
Note that new serial must be bigger than the old one.

(there are measures if it's to be wrapped around zero).

what is your real problem?
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

Prasanna Mathivanan (pmathiva) via bind-users <[hidden email]> wrote:
>
> I couldn’t find anything from logs (checked both xfer and messages)

The best way to find out if a secondary server thinks a zone is
out-of-date is to look at the notify log messages. On the primary you'll
see something like

17-Mar-2021 12:36:28.311 notify: info: zone cam.ac.uk/IN:
        sending notifies (serial 1615984588)

and on a secondary you will see

17-Mar-2021 12:36:28.812 general: info: zone cam.ac.uk/IN/main:
        notify from 2001:630:212:8::d:aa#43432: serial 1615984588

followed by xfer-out (on the primary) and xfer-in (on the secondary). The
xfer messages tell you how much of the zone was transferred but not the
serial number.

or if the zone is in sync you will see

17-Mar-2021 12:20:36.985 general: info: zone cl.cam.ac.uk/IN/main:
        notify from 128.232.0.19#44340: zone is up to date

If the log messages do not match up like this then something isn't working
properly, such as the allow-notify ACL on the secondary - check there
aren't any erroneous "refused notify from..." messages in the secondary's
logs.

You can run `rndc notify` on the primary to trigger it on demand, which
can make debugging a bit more convenient. You can use `rndc zonestatus` on
the primary and secondary to see what they think the serial numbers are,
so you know whether the notify should trigger a transfer or not.

Tony.
--
f.anthony.n.finch  <[hidden email]>  https://dotat.at/
Wight, Portland, Plymouth: Northwest veering north or northeast, 3 to 5.
Slight or moderate. Mainly fair. Mainly good.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

My guess comes from a hint in Tony's post,

On 2021-03-17 07:51, Tony Finch wrote:
> 17-Mar-2021 12:36:28.812 general: info: zone cam.ac.uk/IN/main:
> notify from 2001:630:212:8::d:aa#43432: serial 1615984588

> 17-Mar-2021 12:20:36.985 general: info: zone cl.cam.ac.uk/IN/main:
> notify from 128.232.0.19#44340: zone is up to date
>
> If the log messages do not match up like this then something isn't
> working
> properly, such as the allow-notify ACL on the secondary - check there
> aren't any erroneous "refused notify from..." messages in the
> secondary's
> logs.

My guess is that you are dual-stack but have not fully configured the
ipv6 side of things; maybe need to expand your masters {} list and
allow-transfer and allow-notify to include both protocol addresses?

[Exactly the situation I am in today, after enabling v6 on my second of
3 NS hosts.  Just a thought.]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users