ixfr (?) problems in 8.3.4
Someone Somewhere
spam at txrx.org
Wed Dec 3 15:04:02 UTC 2003
Barry Finkel wrote:
>
> Please post your config file. And don't change anything in the posting.
> I doubt that you are using the abc.com zone.
Indeed I'm not using abc.com, but it is a 3 letter .com zone we're
talking about. Below is the config file from the master, with the only
change being a regexp to replace the 3 letters of the domain name.
Following that is a config from one of the 5 slaves, again the only
change being the regexp on the name.
Amongst the other zones below there are 3 complete AD environments
listed- ds.abc.com - the production AD env, testad.abc.om, the
engineering test AD env, and adroot.adc.com, the production test AD env.
/******************************************
* Master config 8.3.4
******************************************/
options {
directory "/named/etc";
recursion yes;
statistics-file "/var/dnslogs/named.stats";
statistics-interval 60;
cleaning-interval 180;
use-ixfr yes;
maintain-ixfr-base yes;
max-ixfr-log-size 100M;
transfers-per-ns 50;
};
server 10.1.112.102 {
transfer-format many-answers;
support-ixfr yes;
};
server 10.1.112.103 {
transfer-format many-answers;
support-ixfr yes;
};
server 10.1.112.104 {
transfer-format many-answers;
support-ixfr yes;
};
server 10.90.40.106 {
transfer-format many-answers;
support-ixfr yes;
};
server 10.90.40.105 {
transfer-format many-answers;
support-ixfr yes;
};
controls {
unix "/opt/named/etc/ndc.d/ndc" perm 0660 owner 0 group 3;
};
logging {
channel default.log {
file "/var/dnslogs/default" versions 5 size 10M;
print-time yes;
};
channel stat {
file "/var/dnslogs/dns_stats" versions 5 size 1M;
print-time yes;
};
channel queries {
file "/var/dnslogs/queries" versions 1 size 10M;
print-time yes;
};
channel security {
file "/var/dnslogs/security" versions 5 size 10M;
print-time yes;
};
channel zonem.log {
file "/var/dnslogs/zonem" versions 5 size 10M;
print-time yes;
print-category yes;
};
channel update {
file "/var/dnslogs/update" versions 5 size 10M;
print-time yes;
print-category yes;
};
channel db {
print-time yes;
print-category yes;
file "/var/dnslogs/db" versions 5 size 10M;
};
channel events {
file "/var/dnslogs/events" versions 5 size 10M;
};
channel consist {
file "/var/dnslogs/consist" versions 5 size 10M;
};
category default { default.log; };
category xfer-in { zonem.log; };
category xfer-out { zonem.log; };
category notify { zonem.log; };
category load { zonem.log; };
category security { security; };
category response-checks { security; };
category statistics { stat; };
category queries { queries; };
category update { update; };
category lame-servers { null; };
category cname { null; };
category db { db; };
category eventlib { events; };
category insist { consist; };
};
acl "abc-ad-dc" { 10.0.0.0/8; };
acl "abc-dns" { 10.7.136.101/32; 10.1.112.102/32; 10.7.136.103/32;
10.1.112.104/32; 10.90.40.105/32; 10.90.40.106/32; };
zone "adroot.abc.com" {
type master;
file "manual/db.adroot.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "adacct.adroot.abc.com" {
type master;
file "manual/db.adacct.adroot.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "forestdnszones.adroot.abc.com" {
type master;
file "manual/db.forestdnszones.adroot.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "domaindnszones.adroot.abc.com" {
type master;
file "manual/db.domaindnszones.adroot.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "domaindnszones.adacct.adroot.abc.com" {
type master;
file "manual/db.domaindnszones.adacct.adroot.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_udp.ds.abc.com" {
type master;
file "manual/db._udp.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_tcp.ds.abc.com" {
type master;
file "manual/db._tcp.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_sites.ds.abc.com" {
type master;
file "manual/db._sites.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_msdcs.ds.abc.com" {
type master;
file "manual/db._msdcs.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "domaindnszones.ds.abc.com" {
type master;
file "manual/db.domaindnszones.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "forestdnszones.ds.abc.com" {
type master;
file "manual/db.forestdnszones.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_udp.ms.ds.abc.com" {
type master;
file "manual/db._udp.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_tcp.ms.ds.abc.com" {
type master;
file "manual/db._tcp.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_sites.ms.ds.abc.com" {
type master;
file "manual/db._sites.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_msdcs.ms.ds.abc.com" {
type master;
file "manual/db._msdcs.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "domaindnszones.ms.ds.abc.com" {
type master;
file "manual/db.domaindnszones.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_udp.testad.abc.com" {
type master;
file "manual/db._udp.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_tcp.testad.abc.com" {
type master;
file "manual/db._tcp.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_sites.testad.abc.com" {
type master;
file "manual/db._sites.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_msdcs.testad.abc.com" {
type master;
file "manual/db._msdcs.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "domaindnszones.testad.abc.com" {
type master;
file "manual/db.domaindnszones.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "forestdnszones.testad.abc.com" {
type master;
file "manual/db.forestdnszones.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_udp.testacct.testad.abc.com" {
type master;
file "manual/db._udp.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_tcp.testacct.testad.abc.com" {
type master;
file "manual/db._tcp.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_sites.testacct.testad.abc.com" {
type master;
file "manual/db._sites.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "_msdcs.testacct.testad.abc.com" {
type master;
file "manual/db._msdcs.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "domaindnszones.testacct.testad.abc.com" {
type master;
file "manual/db.domaindnszones.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
allow-update { abc-ad-dc; };
allow-transfer { abc-dns; abc-ad-dc; };
notify yes;
};
zone "." in {
type hint;
file "db.cache";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
zone "10.in-addr.arpa" in {
type master;
file "db.10";
check-names ignore;
allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "ds.abc.com" in {
type master;
file "db.ds.abc.com";
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "forums.abc.com" in {
type master;
file "db.forums.abc.com";
check-names ignore;
allow-update {
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255;
};
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "ms.ds.abc.com" in {
type master;
file "db.ms.ds.abc.com";
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "myabc.abc.com" in {
type master;
file "db.myabc.abc.com";
check-names ignore;
allow-update {
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255;
};
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "card.abc.com" in {
type master;
file "db.card.abc.com";
check-names ignore;
allow-update {
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255;
};
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "testacct.testad.abc.com" in {
type master;
file "db.testacct.testad.abc.com";
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "testad.abc.com" in {
type master;
file "db.testad.abc.com";
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "abc.com" in {
type master;
file "db.abc.com";
check-names ignore;
allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
Below is the config from one of the 5 slaves. All the other slaves are
identical.
/******************************************
* Slave config 8.3.4
******************************************/
options {
directory "/opt/named/etc";
host-statistics yes;
statistics-file "/var/dnslogs/named.stats";
statistics-interval 60;
cleaning-interval 180;
use-ixfr yes;
notify no;
transfers-per-ns 50;
transfers-in 20;
};
server 10.7.136.101 {
support-ixfr yes;
transfer-format many-answers;
};
controls {
unix "/opt/named/etc/ndc.d/ndc" perm 0660 owner 0 group 3;
};
acl "abc-ad-dc" { 10.0.0.0/8; };
acl "abc-dns" { 10.7.136.101/32; 10.1.112.102/32; 10.7.136.103/32;
10.1.112.104/32; 10.90.40.105/32; 10.90.40.106/32; };
logging {
channel default.log {
file "/var/dnslogs/default" versions 5 size 10M;
print-time yes;
};
channel stat {
file "/var/dnslogs/dns_stats" versions 5 size 1M;
print-time yes;
};
channel queries {
file "/var/dnslogs/queries" versions 1 size 10M;
print-time yes;
};
channel security {
file "/var/dnslogs/security" versions 5 size 10M;
print-time yes;
};
channel zonem.log {
file "/var/dnslogs/zonem" versions 5 size 10M;
print-time yes;
};
category default { default.log; };
category xfer-in { zonem.log; };
category xfer-out { zonem.log; };
category notify { zonem.log; };
category load { zonem.log; };
category security { security; };
category response-checks { security; };
category statistics { stat; };
category queries { queries; };
category update { null; };
category lame-servers { null; };
category cname { null; };
};
zone "adroot.abc.com" {
type slave;
file "sec_slv/db.adroot.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "adacct.adroot.abc.com" {
type slave;
file "sec_slv/db.adacct.adroot.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "forestdnszones.adroot.abc.com" {
type slave;
file "sec_slv/db.forestdnszones.adroot.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "domaindnszones.adroot.abc.com" {
type slave;
file "sec_slv/db.domaindnszones.adroot.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "domaindnszones.adacct.adroot.abc.com" {
type slave;
file "sec_slv/db.domaindnszones.adacct.adroot.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_udp.ds.abc.com" {
type slave;
file "sec_slv/db._udp.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_tcp.ds.abc.com" {
type slave;
file "sec_slv/db._tcp.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_sites.ds.abc.com" {
type slave;
file "sec_slv/db._sites.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_msdcs.ds.abc.com" {
type slave;
file "sec_slv/db._msdcs.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "domaindnszones.ds.abc.com" {
type slave;
file "sec_slv/db.domaindnszones.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "forestdnszones.ds.abc.com" {
type slave;
file "sec_slv/db.forestdnszones.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_udp.ms.ds.abc.com" {
type slave;
file "sec_slv/db._udp.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_tcp.ms.ds.abc.com" {
type slave;
file "sec_slv/db._tcp.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_sites.ms.ds.abc.com" {
type slave;
file "sec_slv/db._sites.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_msdcs.ms.ds.abc.com" {
type slave;
file "sec_slv/db._msdcs.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "domaindnszones.ms.ds.abc.com" {
type slave;
file "sec_slv/db.domaindnszones.ms.ds.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_udp.testad.abc.com" {
type slave;
file "sec_slv/db._udp.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_tcp.testad.abc.com" {
type slave;
file "sec_slv/db._tcp.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_sites.testad.abc.com" {
type slave;
file "sec_slv/db._sites.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_msdcs.testad.abc.com" {
type slave;
file "sec_slv/db._msdcs.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "domaindnszones.testad.abc.com" {
type slave;
file "sec_slv/db.domaindnszones.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "forestdnszones.testad.abc.com" {
type slave;
file "sec_slv/db.forestdnszones.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_udp.testacct.testad.abc.com" {
type slave;
file "sec_slv/db._udp.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_tcp.testacct.testad.abc.com" {
type slave;
file "sec_slv/db._tcp.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_sites.testacct.testad.abc.com" {
type slave;
file "sec_slv/db._sites.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "_msdcs.testacct.testad.abc.com" {
type slave;
file "sec_slv/db._msdcs.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "domaindnszones.testacct.testad.abc.com" {
type slave;
file "sec_slv/db.domaindnszones.testacct.testad.abc.com";
check-names ignore;
allow-query { any; };
masters { 10.7.136.101; };
notify no;
};
zone "." in {
type hint;
file "db.cache";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};
zone "10.in-addr.arpa" in {
type slave;
file "sec_slv/db.10";
masters { 10.7.136.101; };
check-names ignore;
allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "ds.abc.com" in {
type slave;
file "sec_slv/db.ds.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "forums.abc.com" in {
type slave;
file "sec_slv/db.health.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update {
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255;
};
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "ms.ds.abc.com" in {
type slave;
file "sec_slv/db.ms.ds.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "myabc.abc.com" in {
type slave;
file "sec_slv/db.myabc.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update {
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255;
};
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "card.abc.com" in {
type slave;
file "sec_slv/db.card.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update {
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255;
};
allow-query { any; };
allow-transfer { abc-dns; };
notify yes;
};
zone "testacct.testad.abc.com" in {
type slave;
file "sec_slv/db.testacct.testad.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "testad.abc.com" in {
type slave;
file "sec_slv/db.testad.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update { none; };
allow-query { any; };
allow-transfer { any; };
notify yes;
};
zone "abc.com" in {
type slave;
file "sec_slv/db.abc.com";
masters { 10.7.136.101; };
check-names ignore;
allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
allow-query { any; };
allow-transfer { abc-dns; };
max-transfer-time-in 120;
notify yes;
};
More information about the bind-users
mailing list