AW: Problems with Zone transfers

Fernando Costa de Almeida falmeida at computeasy.com.br
Thu Dec 9 15:17:21 UTC 2004 

I also noticed something very strange...

When I change some data in the master, and notifies are sent to the
slaves, the transfer occurs without problems.

-------
named[45256]: zone ibdb.org.br/IN: transferred serial 2002061216
named[45256]: transfer of 'ibdb.org.br/IN' from 200.150.208.2#53: end of 
transfer
-------

The problem occurs only when the REFRESH time expires and the slaves 
automatically try to refresh the zone.

The other strange behaviour is that the slaves are trying to transfer 
the zones even though they are not newer than the version they have.

Is that normal?

Below is an excerpt of a zone configuration:


-------------------------------------------------------------------------------------
$TTL 3600
@               IN      SOA   ns1.computeasy.com.br. 
root.computeasy.com.br. (
                         2002062390      ; Serial
                         3600            ; Refresh
                         901             ; Retry
                         604800          ; Expiration
                         3600 )          ; Minimum

;
; NAME SERVERS
;
                 IN      NS ns1
                 IN      NS ns2
                 IN      NS ns3

;
; MAIL EXCHANGERS
;
                 IN      MX 10 mcl01mx

;
; HOSTS
;
@                   IN  A       200.150.209.213
admin               IN  A       200.150.208.2

-------------------------------------------------------------------------------------

Thanks in advance,


Walkenhorst, Benjamin wrote:
> Hello,
> 
>>From your description I don't see what is causing your problem,
> and it is unlike anything I have experienced.
> However, there are some thing you can start looking at; these are rather
> generic, though:
> - Was there any change on the machines when the problem started occuring?
>   Like, an upgrade to the operating system, anything?
> - Are these machines dedicated DNS-servers or do they run other services, too?
>   If so, your machines might be overloaded or something like that
> - When a zone transfer is aborted due to a timeout, incomplete zone files named tmp-XXXXXXXXX
>   should show up in your namedb-directory. You can inspect these to see if transfers are
>   failing at a specific point.
> - BIND allows you to configure the timeout value for zone transfers. If nothing else helps,
>   you can try increasing these. Similarly, you can also set a timeout vale for idle connections
>   (i.e. if a zone transfer is going on and no data is transmitted for <n> seconds, the master
>   aborts the connection).
> - Just in case, you might want to explicitly enable "transfer-format many-answers;". In my experience
>   this can greatly speed up zone transfers.
> - I suggest, you do some thorough debugging, e.g. if the server is hitting its limit in TCP connections?
>   When the answer to a request does not fit into a single UDP-packet, the client will re-query the server
>   using a TCP-connection. (Although I think this would produce a different error message.)
>   Do zone-transfers begin to fail altogether after some time, or do they just fail increasingly often?
>   In the latter case, you can e.g. increase the rate at which the slaves will retry to transfer the
>   zone.
> 
> Kind regards,
> Benjamin
> 
> 
> 

-- 
_______________________________________
ALMEIDA, Fernando Costa de
Computeasy Informática
www.computeasy.com.br
BSD USER BSD050945
ICQ 72293951

More information about the bind-users mailing list