slave transfer problems
Scott Haneda
talklists at newgeo.com
Thu Apr 30 03:36:39 UTC 2009
On Apr 29, 2009, at 5:03 PM, Barry Margolin wrote:
> In article <gtamqt$1k3$1 at sf1.isc.org>,
> Scott Haneda <talklists at newgeo.com> wrote:
>>
>>
>> like my machine, .14 is refusing their refresh request. Do I need to
>> allow-recursion for their NS0?
>
> No, you shouldn't need allow-recursion. You might need allow-query,
> if
> you're not allowing to all.
I do not have it set, and am not finding in the docs what the default
is, I assume all or my DNS would just not work?
>>> Computer: NS0
>>> Description:
>>> zone someone-else.com/IN: refused notify from non-master:
>>> xx.xx.37.6#56516
>>
>> This is a valid domain, current records, should be working fine. Is
>> the refusal because they are asking xx.xx.37.6? Yes, this IP is on
>> the same machine, but that IP is used for http, and not DNS. So in
>> this case, my transfer source is xx.xx.37.14, and they hit xx.xx.
>
> Unless your machine is a slave, it doesn't need the transfer-source
> option.
Yes, I am a slave for a few people, pretty low load, but indeed, I do
have a few hundred zones I am salving.
>> 37.6, which named is not listening on, and get the above error?
>
> Try setting notify-source to xx.xx.37.14.
Neat, I was not aware of that, so when my machine sends out a notify,
it probably is using whatever IP it wants to, maybe the first, this
would like it down?
>> Those are the only two they gave me, but the general problem is, I
>> can
>> update a zone, change the serial, issue rndc reload, and see my logs
>> show a notify sent their way. It can then take anywhere from a few
>> minutes, to hours, to sometimes days to get the change to hit the
>> secondary.
>
> Even if there's a problem with the notify, it shouldn't take much
> longer
> than the refresh time in the SOA record. I recommend setting this to
> something in the neighborhood of an hour, so that there isn't too much
> of a lag if the notify is lost.
This is pretty par for the course template I use
200810011 ; serial, todays date + todays serial #
8H ; refresh
2H ; retry
4W ; expire
1H ) ; minimum
Are you saying to drop the 8H one down to 1H? I was pretty sure I
followed RFC on the values above. That zone setting above means I am
looking at 8 Hours if the notify fails?
Thanks
--
Scott * If you contact me off list replace talklists@ with scott@ *
More information about the bind-users
mailing list