Secondary DNS is not updated quickly from Primary

Borhade Ganesh (vMoksha) Ganesh.Borhade at UCB-Group.com
Sun Dec 4 16:08:14 UTC 2005 

Dear All,
1. Zone transfer problem :  still problem

   a. Secondary DNS is configured in Primary DNS named.conf & zone file with
PTR record
   b. I have tried with notify yes option but notification send by Primary
DNS but zone doesn't transfer without 
      rndc reload <zone name>
   c. Primary is able to resolve Secondary A & PTR records
   d. SOA MNAME match 

2. patch update:  OK now 
   OK, I have install BIND 9.2.3 on Solaris thus not to worry

3. TSIG ? Still pending but OK till now
   OK, my rndc key is working for zone transfer between Primary & Secondary,
but i will think TSIG afterward.


    Mark, Thanks for valuable update.

Regards
Ganesh
91-9880537357

-----Original Message-----
From: Mark_Andrews at isc.org [mailto:Mark_Andrews at isc.org] 
Sent: Sunday, December 04, 2005 1:51 PM
To: Borhade Ganesh (vMoksha)
Cc: 'Barry Margolin'; comp-protocols-dns-bind at isc.org
Subject: Re: Secondary DNS is not updated quickly from Primary 



> Dear All,
>      
> DNS Setup: 
> 1. Primary DNS on Solaris 9 with BIND 9.2.3 ( Solaris package )
> 2. Secondary DNS is on Solaris 10 with Bind 9.2.4 ( build in of Solaris 10
)
> Problem :
> 
> 1. When i changed "Zone" on "Primary DNS" with updated "Serial no" in Zone
> file & then used  "rndc reload / rndc reload 
>    <zone name>" on Primary DNS.
>    "Secondary DNS" zone is not updated immediately even i kept "refresh
rate
> as 5 min".(i uses rndc reload on 
>     Secondary DNS) but when i uses "rndc reload <zone name>" on "Secondary
> DNS" then zone gets transfer immediately.
>    Is this bug in BIND 9.2.3? because i had not faced problem with "BIND
8"
> for Zone Transfer.   

	Firstly is the secondary listed in the NS RRset?
	Secondly can the primary resolve the addresses of the secondary?
	Thirdly is the primary sending the notify messages from the same
	address as that listed in the masters clause on the secondary?
	Fourthly does the SOA MNAME match the name of the primary servers?
	Fifthly is there a firewall/NAT blocking or otherwise changing the
	notify message.

	There are ways to address most/all of the potential issues but
	without answers to the above questions people won't be able to
	help you.

	NOTIFY is simple.  The master loads the zone.  It looks up
	the addresses for the nameservers.  It sends the NOTIFY
	message to the slaves (the master is identified by the SOA
	MNAME).  The slave looks at the NOTIFY and the address the
	NOTIFY was from and decided to accept or reject it.  It
	then looks at any SOA record to see if the serial is greater
	than it currently has.  If it is or there was no SOA record
	it starts the standard refresh processing.
 
> 2. Is any BIND patch available for BIND 9.2.3 on Solaris 9? 

	A patch for what?  BIND is distributed freely in source form.
	You can just compile and install the latest release.
 
> 3. If instead of rndc key if i uses tsig key then will security will
> increase?

	Yes but get everything else working first before you look at
	TSIG.
 
> Best Regards
> Ganesh Borhade
> 91-9880537357
> 
> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf
> Of Barry Margolin
> Sent: Saturday, December 03, 2005 4:30 AM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Secondary DNS is not updated quickly from Primary
> 
> 
> In article <dmq2tg$cun$1 at sf1.isc.org>,
>  "Borhade Ganesh (vMoksha)" <Ganesh.Borhade at UCB-Group.com> wrote:
> 
> > Dear All,
> >      I have configured Primary DNS Server --> Bind 9.2.3 on Solaris 9
with
> > private IP address  & Secondary DNS Server --> Bind 9 on Solaris 10 with
> > private IP address.
> > My zones are transfer from Primary DNS to Secondary DNS only when i
reload
> > zone from secondary  [ rndc reload <zone name > ].
> >     I wants to make DNS Server's  live on Monday with Public IP address
> but
> > before that i wants to make sure that if i restart rndc service ( rndc
> > stop/start ) on primary ( Zone updated with serial no ) then it should
> > automatically transfer the zone  to Secondary DNS 
> >     Can anyone help me how to resolve it?
> 
> The slave should automatically refresh the zone every <refresh> seconds, 
> where this is the Refresh parameter in the zone's SOA record.  So if you 
> want to ensure that it updates within 15 minutes, set this to 900.
> 
> You should also be able to use the DNS Notify mechanism.  Make sure that 
> the slaves are listed in the NS records of the zone, and the master will 
> send a Notify message to the slaves within a few seconds of your 
> reloading the zone on the master.
> 
> Of course, make sure you increment the serial number on the master after 
> making chances.
> 
> Are there any messages in the slave's log when it should be refreshing 
> the zone?
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> 
> 
> 
> --------------------------------------------------------- 
> Legal Notice: This electronic mail and its attachments are intended solely
> for the person(s) to whom they are addressed and contain information which
> is confidential or otherwise protected from disclosure, except for the
> purpose for which they are intended. Dissemination, distribution, or
> reproduction by anyone other than the intended recipients is prohibited
and
> may be illegal. If you are not an intended recipient, please immediately
> inform the sender and return the electronic mail and its attachments and
> destroy any copies which may be in your possession. UCB screens electronic
> mails for viruses but does not warrant that this electronic mail is free
of
> any viruses. UCB accepts no liability for any damage caused by any virus
> transmitted by this electronic mail. 
> ---------------------------------------------------------
> 
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


--------------------------------------------------------- 
Legal Notice: This electronic mail and its attachments are intended solely
for the person(s) to whom they are addressed and contain information which
is confidential or otherwise protected from disclosure, except for the
purpose for which they are intended. Dissemination, distribution, or
reproduction by anyone other than the intended recipients is prohibited and
may be illegal. If you are not an intended recipient, please immediately
inform the sender and return the electronic mail and its attachments and
destroy any copies which may be in your possession. UCB screens electronic
mails for viruses but does not warrant that this electronic mail is free of
any viruses. UCB accepts no liability for any damage caused by any virus
transmitted by this electronic mail. 
---------------------------------------------------------

More information about the bind-users mailing list