slow zone propagation
Jerome Tytgat
jerome.tytgat at asterion.fr
Wed Oct 27 15:27:29 UTC 2004
Hello list,
I need you to help me resolve one big problem we have here.
We have 1 central cluster server (1.2.3.20) with 1 master zone and 100+ r=
everse zones (with
have a lot of networks...), running bind 9.2.1 on Debian Linux Woody 3.
We have 12 sites and on each sites we have a slave DNS server running bin=
d 9.2.2rc1 on Sun
Solaris 8.
We have a very slow propagation of the master zone to the
slaves servers.
I wonder if I made something wrong and if it's possible to accelerate
the propagation.
The most important zone for us, is the master zone (domain.fr), could it =
be possible to priorize it ?
Thanks for you advice.
--
Notify is working from what I can see in the logs :
Oct 27 16:13:11 h35aredmsga named[10730]: zone domain.fr/IN: sending noti=
fies (serial 2004102704)
Oct 27 16:13:11 h35aredmsga named[10730]: zone 0.10.10.in-addr.arpa/IN: s=
ending notifies (serial 125)
=2E..
Oct 27 16:26:08 h35aredmsga named[10731]: client 10.10.10.33#54824: trans=
fer of 'domain.fr/IN': AXFR-style IXFR started
As you see, the transfert started on this server (10.10.10.33) only 13 mi=
nutes after the notify !
I have nothing in my firewall log telling that the notify has not been bl=
ocked.
The slave server receive well the notify :
message has 12 byte(s) of trailing garbage
received notify for zone '33.168.192.in-addr.arpa': not authoritative <=3D=
this IS not configured
zone_timer: zone 168.108.10.in-addr.arpa/IN: enter
zone_maintenance: zone domain.fr/IN: enter
queue_soa_query: zone domain.fr/IN: enter
soa_query: zone domain.fr/IN: enter
refresh_callback: zone domain.fr/IN: enter
refresh_callback: zone domain.fr/IN: serial: new 2004102704, old 20041027=
03
queue_xfrin: zone asterion.fr/IN: enter
zone asterion.fr/IN: zone transfer finished: success
zone asterion.fr/IN: transfered serial 2004102704
zone_timer: zone asterion.fr/IN: enter
zone_maintenance: zone asterion.fr/IN: enter
zone asterion.fr/IN: sending notifies (serial 2004102704)
-- Next are the different configurations --
(i've changed only some names to preserve some privacy)
here is the SOA of the master zone :
$TTL 43200 ; default TTL for zone (12 heures)
@ IN SOA ns0nsserver.domain.fr. root.ns0nsserver.d=
omain.fr. (
2004102704 ; Serial (genere automa=
tiquement)
1h ; Refresh (1 heure)
3m ; Retry (3 minutes)
5w ; Expire (5 semaines)
3h ; Minimum (3 heures)
)
the liste of NS server (one for each site) :
IN NS ns0nsserver.domain.fr.
IN NS ns1nsserver.domain.fr.
IN NS ns2nsserver.domain.fr.
IN NS ns3nsserver.domain.fr.
IN NS ns4nsserver.domain.fr.
IN NS ns5nsserver.domain.fr.
IN NS ns6nsserver.domain.fr.
IN NS ns7nsserver.domain.fr.
IN NS ns8nsserver.domain.fr.
IN NS ns9nsserver.domain.fr.
IN NS ns10nsserver.domain.fr.
IN NS ns11nsserver.domain.fr.
After follow the A,CNAME,MX, etc.
Here is the SOA for one reverse zone :
; Fichier: /var/named/10.10.0.in-addr.arpa
; Reseau: 10.10.0.0/24
;
$TTL 43200 ; default TTL for zone (12 heures)
@ IN SOA ns0nsserver.domain.fr. root.ns0nsserver.d=
omain.fr. (
125 ; Serial (genere automatiqu=
ement)
6m ; Refresh (5 minutes)
3m ; Retry (3 minutes)
5w ; Expire (5 semaines)
3h ; Minimum (3 heures)
)
IN NS ns0nsserver.domain.fr.
IN NS ns1nsserver.domain.fr.
IN NS ns2nsserver.domain.fr.
IN NS ns3nsserver.domain.fr.
IN NS ns4nsserver.domain.fr.
IN NS ns5nsserver.domain.fr.
IN NS ns6nsserver.domain.fr.
IN NS ns7nsserver.domain.fr.
IN NS ns8nsserver.domain.fr.
IN NS ns9nsserver.domain.fr.
IN NS ns10nsserver.domain.fr.
IN NS ns11nsserver.domain.fr.
** here is an extract of the master named.conf :
acl srv2 { [list of NS servers] };
acl myself { 127.0.0.1; 1.2.3.20; 1.2.3.21; 1.2.3.22; 1.2.3.23; 1.2.3.24;=
1.2.3.25; 1.2.3.26; };
options {
// Provide recursive service to internal clients only.
recursion yes;
allow-recursion { myself; };
notify yes;
directory "/var/named";
forwarders {
212.30.96.210;
212.30.96.211;
213.203.124.147;
};
// forward only;
listen-on { 1.2.3.20; 127.0.0.1; };
transfer-format one-answer;
};
zone "." {
type hint;
# 2003-05-09/VNet/SNa
# Pour Debian
file "/etc/bind/db.root";
};
zone "0.0.127.in-addr.arpa" {
type master;
# 2003-05-09/VNet/SNa
# Pour Debian
// file "/etc/bind/db.local";
file "127.0.0.in-addr.arpa";
};
zone "domain.fr" {
type master;
notify yes;
file "domain.fr";
allow-transfer { srv2; };
};
zone "0.10.10.in-addr.arpa" {
type master;
notify yes;
file "10.10.0.in-addr.arpa";
allow-transfer { srv2; };
};
[... only zones declarations follows ...]
** Here is an extract of the named.conf on one slave (identical on all sl=
aves)
options {
directory "/var/named";
recursion no;
// forwarders {
// 10.10.10.25;
// };
// forward only;
// query-source address * port 53;
};
//
// a caching only nameserver config
//
///*zone "." {
// type hint;
// file "named.ca";
//};*/
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "domain.fr." {
type slave;
file "domain.fr.sec";
masters {
1.2.3.20;
};
};
zone "0.10.10.in-addr.arpa" {
type slave;
file "10.10.0.in-addr.arpa.sec";
masters {
1.2.3.20;
};
};
[... only zones declarations follows ...]
--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> J=E9r=F4me Tytgat
Network and Security Manager
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
More information about the bind-users
mailing list