BIND 9.7 Serial Number Decrease Problem
Barry Finkel
bsfinkel at anl.gov
Fri Jun 10 16:01:08 UTC 2011
On 07/06/11 13:51, I wrote:
> I now have this situation on one Solaris 10 slave; the problem
> probably also exists on the other Sol 10 slave and the two
> Ubuntu hardy slaves:
>
>The _tcp zone on the master MS DNS Server:
>
> 1238 600 86400 3600
>
>The _tcp zone on the BIND 9.7.3-P1 Solaris 10 server disk:
>
> 1239 ; serial
> 900 ; refresh (15 minutes)
> 600 ; retry (10 minutes)
> 86400 ; expire (1 day)
> 3600 ; minimum (1 hour)
>
>The _udp zone on the master MS DNS Server:
>
> 842 900 600 86400 3600
>
>The _udp zone on the BIND 9.7.3-P1 Solaris 10 server disk:
> 843 ; serial
> 900 ; refresh (15 minutes)
> 600 ; retry (10 minutes)
> 86400 ; expire (1 day)
> 3600 ; minimum (1 hour)
>
>Note that the zone serial number for both zones on the master is
>one LESS than the serial number on the slave. The last messages
>in /var/adm/messages are
>
> _tcp:
> Jun 4 07:46:57 serial number (1238) received from master ... <
>ours (1239)
> Jun 4 07:47:35 zone ... expired
> Jun 4 07:47:35 zone ... transfer started
> Jun 4 07:47:35 zone ... transferred serial 1238
> Jun 4 07:47:35 zone ... Transfer completed: ...
>
> _udp:
> Jun 4 07:39:22 serial number (842) received from master ... <
>ours (843)
> Jun 4 07:42:22 zone ... expired
> Jun 4 07:42:22 zone ... transfer started
> Jun 4 07:42:22 zone ... transferred serial 842
> Jun 4 07:42:22 zone ... Transfer completed
>
>There was a zone serial number mismatch, each zone expired three days
>ago, and new zones were transferred from the master. But the zone
>files on disk still have the higher serial numbers. There are no .jnl
>files on the disk. A "dig" on the server for the zone serial numbers
>shows the lower numbers, so BIND has those correct serial numbers. I
>assume that if I stopped BIND (rndc stop) and restarted it, then I
>would again see the serial number mismatches. I can try this during
>the day, as this server is not heavily used. Is there any debugging I
>need to run? Thanks.
I ran a test this morning on one of the Solaris 10 slave servers.
A query to the server showed serial numbers:
_tcp 1238
_udp 842
Both of these match the zone on the MS Windows DNS Server.
I checked the zone files on the slave server:
_tcp 1239
_udp 843
Both of these are increased by one from what BIND returns in
response to a query.
The two zones have NO .jnl files.
I did
./rndc stop
<<Wait for the "exiting" message.>>
/etc/init.d/named.anl start;tail -f /var/adm/messages
Once BIND started, the serial numbers were INCREASED, as I
expected they would be, given the lack of .jnl files.
And a few minutes later BIND complained about the serial
number on the master being less than that on the slave
for both zones. I consider this a bug in BIND 9.
What further diagnostics do I need to get?
I have another Solaris 10 slave on which, I assume, I can
duplicate this. And from past experience, in one day, after
the zone has expired and been refreshed, I will be in the same
state on this slave.
-
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list