refresh timeouts
CFlath at border-states.com
CFlath at border-states.com
Wed Apr 19 14:23:44 UTC 2006
While yes, I could force manual updates, this would not be a practical
answer for my issue... still hoping someone out there has found a solution
to this issue. Thanks for the suggestions though, so far I am trying to
avoid switching to a different service such as djbdns, I have always been
a supporter of BIND and its writers and would only switch as a last
resort.
Corey Flath
Server Administrator
Border States Electric
Peter Dambier <peter at peter-dambier.de>
Sent by: bind-users-bounce at isc.org
04/18/2006 11:23 AM
Please respond to
peter at peter-dambier.de
To
bind-users at isc.org
cc
Subject
Re: refresh timeouts
CFlath at border-states.com wrote:
> Unfortunately, the zones are never able to refresh and eventually
expire,
> which is the real problem. I can't imagine there not being a way to
> rectify this with BIND 9, at least thats what I am hoping.. hopefully
> someone that may have an idea sees this message eventually.. I do have
> some questions to bounce off everyone though:
You should force your slaves by incrementing the serial of your master.
2006031000 ; serial
to 2006041800 for example.
The real time does not matter to Bind 9. It is only the serial that
is interesting.
Deleting
file "foo.bar.com.zone";
(the file, not the entry in named.conf :)
and restarting the slave should always work.
I did run Bind 9.3.2 on a SuSE 9.1 without problems.
> Could a major time skew cause refresh issues?
> Are there any known issues with BIND 9.3.2 and SUSE 9?
> Are there any known issues with BIND 9.3.2 running on virtual servers?
> (VMWARE ESX)
>
> Thanks,
>
> Corey Flath
> Server Administrator
> Border States Electric
>
>
I cannot imagine Bind 9 having problems on virtual machines, but I did
not try.
I had a problem with CoLinux running side by side with
windos e(XP)erimental. It is a problem with the shared network
adapter. It is not Bind specific.
djbdns showed the same problem on that combination :)
Regards
Peter and Karin
>
>
> Peter Dambier <peter at echnaton.serveftp.com>
> Sent by: bind-users-bounce at isc.org
> 04/17/2006 04:45 PM
> Please respond to
> peter at echnaton.serveftp.com
>
>
> To
> bind-users at isc.org
> cc
>
> Subject
> Re: refresh timeouts
>
>
>
>
>
>
> Dont worry, be happy. Here is one day in the live of my late Bind 9:
>
> named_axfr_in("Dec-21","01:35:33","192.33.4.12","arpa'").
> named_axfr_in("Dec-21","12:06:20","192.33.4.12","in-addr.arpa'").
> named_timeout("Dec-21","13:47:42","zone","timed").
> named_timeout("Dec-21","13:48:27","zone","timed").
> named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53:
> retries exceeded","Dec-21","13:48:27").
> named_timeout("Dec-21","14:39:19","zone","timed").
> named_timeout("Dec-21","14:40:04","zone","timed").
> named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53:
> retries exceeded","Dec-21","14:40:04").
> named_timeout("Dec-21","15:05:15","zone","timed").
> named_timeout("Dec-21","15:05:30","zone","timed").
> named_timeout("Dec-21","15:28:25","zone","timed").
> named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53:
> retries exceeded","Dec-21","15:29:10").
> named_timeout("Dec-21","16:22:39","zone","timed").
> named_timeout("Dec-21","16:23:24","zone","timed").
> named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53:
> retries exceeded","Dec-21","16:23:24").
> named_timeout("Dec-21","17:17:24","zone","timed").
> named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53:
> retries exceeded","Dec-21","17:18:09").
> named_axfr_in("Dec-21","18:06:50","212.72.72.97","ffii.org'").
> named_axfr_in("Dec-21","20:51:42","192.33.4.12","arpa'").
> named_axfr_in("Dec-21","21:34:56","212.72.72.97","ffii.org'").
> named_axfr_in("Dec-21","23:24:21","212.72.72.97","ffii.org'").
> named_axfr_in("Dec-21","23:53:31","192.33.4.12","in-addr.arpa'").
>
> I used to run Bind 9 on a handful of machines. Some of them still
> run Bind 9 others run dnscache (djbdns resolver) or tinydns (djbdns
> server)
> now.
>
> The problem seems to be Bind 9 and older Binds too need to refresh
memory
> sometimes or they need to update their data from the master. IF you
> happen to hit the refresh Bind is deaf. It wont answer.
>
> I quess that special day other problems might have happened just as
well.
>
> It should not be anything to worry about as long as you get an update.
> Nevertheless it is anoying.
>
> Changeing to djbdns solved it on some machines especially on slow
machines
> and on long zone files. If it is a networkproblem then changeing does
not
> make sense.
>
>
> Regards
> Peter
>
>
> CFlath at border-states.com wrote:
>
>>Hello all,
>>I hope everyone is well. I have been out of the BIND scene for a few
>>years and have just recently got back into it, and so this is my first
>>real experience with 9. Things have gone fairly smoothly.. except for
>
> the
>
>>refresh timeouts I have been getting. I have looked through the
>
> archives
>
>>and google searched for days and I just cannot find an answer to this
>>problem.
>>I continue to receive the following refresh error for all my zones:
>>Apr 10 22:05:12.629 general: info: zone foo.bar.com/IN: refresh: failure
>
>
>>trying master v.v.v.v#53: timed out
>>
>>Initial zone transfers have no issues at all.
>>If I do an rndc refresh foo.bar.com it works just fine as well.
>>I added serial-query-rate 5; to my options, but it did not seem to have
>
> an
>
>>effect.
>>dig +norec foo.bar.com soa @ v.v.v.v works just fine.
>>
>>I had another admin take a look at things and he could not find the
>
> issue
>
>>either.. I am sure its probably something I am doing wrong with bind 9,
>>but I sure
>>can't find what.. any help would be greatly appreciated... I included my
>
>
>>named.confs and a zone example below.
>>
>>
>>MASTER named.conf:
>>options {
>> directory "/var/named";
>> forwarders { x.x.x.x; y.y.y.y; };
>> version "1.0 - really!";
>> allow-transfer { z.z.z.z; };
>> allow-recursion {any; };
>> forward only;
>># listen-on port 53 { 127.0.0.1; };
>># listen-on-v6 { any; };
>> query-source address * port 53;
>> transfer-source * port 53;
>> notify-source * port 53;
>># allow-query { 127.0.0.1; };
>> notify yes;
>>};
>>######################################################
>>logging {
>> channel debug {
>> file "/tmp/bindlog.log" versions 2 size 50m;
>> severity dynamic;
>> print-time yes;
>> print-category yes;
>> print-severity yes;
>> };
>> category "default" { "debug"; };
>> category "general" { "debug"; };
>> category "database" { "debug"; };
>> category "security" { "debug"; };
>> category "config" { "debug"; };
>> category "resolver" { "debug"; };
>> category "xfer-in" { "debug"; };
>> category "xfer-out" { "debug"; };
>> category "notify" { "debug"; };
>> category "client" { "debug"; };
>> category "unmatched" { "debug"; };
>> category "network" { "debug"; };
>> category "update" { "debug"; };
>># category "queries" { "debug"; };
>> category "dispatch" { "debug"; };
>> category "dnssec" { "debug"; };
>> category "lame-servers" { "debug"; };
>>};
>>######################################################
>>zone "localhost" in {
>> type master;
>> file "localhost.zone";
>>};
>>
>>zone "0.0.127.in-addr.arpa" in {
>> type master;
>> file "127.0.0.zone";
>>};
>>
>>zone "." in {
>> type hint;
>> file "root.hint";
>>};
>>
>># You can insert further zone records for your own domains below.
>>
>>controls {
>> inet 127.0.0.1 allow {127.0.0.1; v.v.v.v; } keys {rndc_key;};
>>};
>>
>>key "rndc_key" {
>> algorithm hmac-md5;
>> secret "FredFlintstone";
>>};
>>zone "foo.bar.com" in {
>> type master;
>> file "foo.bar.com.zone";
>> allow-transfer {
>> z.z.z.z;
>> };
>>};
>>
>>
>>SLAVE named.conf:
>>options {
>>
>> directory "/var/named";
>> forwarders { x.x.x.x; y.y.y.y; };
>> allow-recursion { any; };
>> forward only;
>># listen-on port 53 { 127.0.0.1; };
>># listen-on-v6 { any; };
>> query-source address * port 53;
>> transfer-source * port 53;
>> notify-source * port 53;
>> #allow-query { 127.0.0.1; };
>> notify no;
>>};
>>#############################################################
>>logging {
>> category "default" { "debug"; };
>> category "general" { "debug"; };
>> category "database" { "debug"; };
>> category "security" { "debug"; };
>> category "config" { "debug"; };
>> category "resolver" { "debug"; };
>> category "xfer-in" { "debug"; };
>> category "xfer-out" { "debug"; };
>> category "notify" { "debug"; };
>> category "client" { "debug"; };
>> category "unmatched" { "debug"; };
>> category "network" { "debug"; };
>> category "update" { "debug"; };
>># category "queries" { "debug"; };
>> category "dispatch" { "debug"; };
>> category "dnssec" { "debug"; };
>> category "lame-servers" { "debug"; };
>> channel "debug" {
>> file "/tmp/bindlog.log" versions 2 size 50m;
>> print-time yes;
>> print-category yes;
>> print-severity yes;
>> };
>>};
>>#########################################################
>>zone "localhost" in {
>> type master;
>> file "localhost.zone";
>>};
>>
>>
>>zone "0.0.127.in-addr.arpa" in {
>> type master;
>> file "127.0.0.zone";
>>};
>>
>>zone "." in {
>> type hint;
>> file "root.hint";
>>};
>>
>>#You can insert further zone records for your own domains below.
>>key "rndc-key" {
>> algorithm hmac-md5;
>> secret "FredFlintstone";
>>};
>>
>>controls {
>> inet 127.0.0.1 port 953
>> allow { 127.0.0.1; v.v.v.v; z.z.z.z;} keys { "rndc-k
>>ey"; };
>>};
>>
>>zone "foo.bar.com" in {
>> type slave;
>> file "foo.bar.com.zone";
>> masters { v.v.v.v; };
>>};
>>
>>ZONE FILE:
>>
>>$TTL 3600 ; 1 hour
>>@ IN SOA ns3.foo.bar.com.
>
> admin.border-stat
>
>>es.com. (
>> 2006031000 ; serial
>> 900 ; refresh (15 minutes)
>> 600 ; retry (10 minutes)
>> 86400 ; expire (1 day)
>> 3600 ; minimum (1 hour)
>> )
>> NS ns3.foo.bar.com.
>> NS ns4.border-states.com.
>>
>>www A q.q.q.q
>>
>>
>>Corey Flath
>>Server Administrator
>>Border States Electric
>>
>>
>>
>
>
>
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the bind-users
mailing list