v9.3.0 alt-transfer-source redundent? - was {Re: IXFR journal dump making 9.2.4 server non-responsive}

Derek D. googlegroups20041216 at comp-u-port.net
Tue Dec 21 17:06:28 UTC 2004 

OK, I have added "use-alt-transfer-source yes;" and
"alt-transfer-source 172.30.30.43;" to the zone definition and it seems
to fix the problem.  (It sends and receives a SOA query to the masters
listed in the zone definition.)

My questions is that as noted above in my options stanza, we already
have query-source and transfer-source set to the same address that the
alt-transfer-source is now set to.  This seems a little redundent to
me.

Here is a snoop of the traffic doing a "rndc refresh ${ZONE}" WITH
alt-transfer-source enabled:

________________________________
172.30.30.43 -> aaa.bb.c.ddd UDP D=53 S=58565 LEN=60
172.30.30.43 -> aaa.bb.c.ddd DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
aaa.bb.c.ddd -> 172.30.30.43 UDP D=58565 S=53 LEN=356
aaa.bb.c.ddd -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA
________________________________
172.30.30.43 -> aaa.bb.c.eee UDP D=53 S=58565 LEN=60
172.30.30.43 -> aaa.bb.c.eee DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
aaa.bb.c.eee -> 172.30.30.43 UDP D=58565 S=53 LEN=388
aaa.bb.c.eee -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA
________________________________
172.30.30.43 -> fff.ggg.hhh.iii UDP D=53 S=58565 LEN=60
172.30.30.43 -> fff.ggg.hhh.iii DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
fff.ggg.hhh.iii -> 172.30.30.43 UDP D=58565 S=53 LEN=356
fff.ggg.hhh.iii -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA
________________________________
172.30.30.43 -> fff.ggg.hhh.jjj UDP D=53 S=58565 LEN=60
172.30.30.43 -> fff.ggg.hhh.jjj DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
fff.ggg.hhh.jjj -> 172.30.30.43 UDP D=58565 S=53 LEN=372
fff.ggg.hhh.jjj -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA


That looks good to me and don't get any errors in the logs.

Now here is a snood doing a "rndc refresh ${SONE}" wihtOUT the
alt-transfer-source set:

________________________________
172.30.30.43 -> aaa.bb.c.ddd UDP D=53 S=58565 LEN=60
172.30.30.43 -> aaa.bb.c.ddd DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
aaa.bb.c.ddd -> 172.30.30.43 UDP D=58565 S=53 LEN=388
aaa.bb.c.ddd -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA
________________________________
172.30.30.43 -> aaa.bb.c.eee UDP D=53 S=58565 LEN=60
172.30.30.43 -> aaa.bb.c.eee DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
aaa.bb.c.eee -> 172.30.30.43 UDP D=58565 S=53 LEN=388
aaa.bb.c.eee -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA
________________________________
172.30.30.43 -> fff.ggg.hhh.jjj UDP D=53 S=58565 LEN=60
172.30.30.43 -> fff.ggg.hhh.jjj DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
fff.ggg.hhh.jjj -> 172.30.30.43 UDP D=58565 S=53 LEN=356
fff.ggg.hhh.jjj -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA
________________________________
172.30.30.43 -> fff.ggg.hhh.iii UDP D=53 S=58565 LEN=60
172.30.30.43 -> fff.ggg.hhh.iii DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
fff.ggg.hhh.iii -> 172.30.30.43 UDP D=58565 S=53 LEN=388
fff.ggg.hhh.iii -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
SOA

So far, the above looks just like the snoop with
alt-transfer-source.
So why does it not work without alt-transfer-source set?

(The follow all fail as 172.30.30.33 is not allowed out the
load
balancer and our reasoning for using the query-source and
transfer-source options.)

________________________________
172.30.30.33 -> aaa.bb.c.ddd UDP D=53 S=56726 LEN=60
172.30.30.33 -> aaa.bb.c.ddd DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
aaa.bb.c.ddd -> 172.30.30.33 UDP D=56726 S=53 LEN=60
aaa.bb.c.ddd -> 172.30.30.33 DNS R  Error: 3(Name Error)
________________________________
172.30.30.33 -> aaa.bb.c.eee UDP D=53 S=56739 LEN=60
172.30.30.33 -> aaa.bb.c.eee DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
aaa.bb.c.eee -> 172.30.30.33 UDP D=56739 S=53 LEN=60
aaa.bb.c.eee -> 172.30.30.33 DNS R  Error: 3(Name Error)
________________________________
172.30.30.33 -> fff.ggg.hhh.jjj UDP D=53 S=56740 LEN=60
172.30.30.33 -> fff.ggg.hhh.jjj DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
fff.ggg.hhh.jjj -> 172.30.30.33 UDP D=56740 S=53 LEN=60
fff.ggg.hhh.jjj -> 172.30.30.33 DNS R  Error: 3(Name Error)
________________________________
172.30.30.33 -> fff.ggg.hhh.iii UDP D=53 S=56741 LEN=60
172.30.30.33 -> fff.ggg.hhh.iii DNS C rbl-plus.mail-abuse.org. Internet
SOA ?
________________________________
fff.ggg.hhh.iii -> 172.30.30.33 UDP D=56741 S=53 LEN=60
fff.ggg.hhh.iii -> 172.30.30.33 DNS R  Error: 3(Name Error)


Again, why when not using alt-transfer-source, the first querys to the
masters look just like it does with alt-transfer-srouce, but then it
continues on and sources from an interface we are trying to have bind
not use?

Again, thanks for the help.

More information about the bind-users mailing list