Slave to Win2003 DNS
Jukka Pakkanen
jukka.pakkanen at qnet.fi
Mon Nov 2 15:29:53 UTC 2009
bsfinkel at anl.gov kirjoitti:
> Jukka Pakkanen <jukka.pakkanen at qnet.fi> wrote:
>
>
>> Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS
>> server, zone "company.local".
>>
>> For some reason t he slaves don't update the zone unless I restart the
>> BIND service in the server, and after a while, fail to respond to queries.
>>
>> Example, after a couple of days since the last restart, the BIND servers
>> stops responding to queries to "company.local" (SERVFAIL), at the server
>> I can see that the cache file is not updated since the service was
>> previously started. I restart BIND service, and immediately the cache
>> file is updated, server again responses to queries etc.
>>
>> I suspect this is not a problem in the BIND, but in the Windows 2003
>> DNS, but any ideas anyway, what to look in the server? Haven't been
>> playing with the Windows DNS a lot...
>>
>
> I have seen the three replies to this, and I will add the following:
>
> Is the W2003 DNS Server sending NOTIFY packets to the BIND slaves
> when a zone is updated?
I suppose it is, because earlier today when I checked the serial number
was updated in the master since the weekend, and the two working slaves
had the updated serial as well. And when made a change to the zone, they
updated the zone file in a short time as well. Also if you check the
servers right now, they are already at "6278", so looks like the notify
& zone transfers work ok.
But for still unknown reason the slaves at some point stop responding
queries to this zone (servfail) and won't recover until service restart.
Maybe after the zone data is expired (24hrs), if not refreshed/updated
before that??
These same servers are slaves to a bind master, and have no problems there.
> Do you have DNS logging enabled on the MS DNS Server? I suggest that
> full logging be enabled, and the dns.log file be made sufficiently
> large so that you will be able to see what may be happening. Note
> that the dns.log file increases in size until it reaches its max
> size; then it is cleared, and new entries are added. The dns.log
> file is NOT a syslog file, as we in the Unix community are used to
> using.
>
I'll check that and enable if not already.
More information about the bind-users
mailing list