Err/TO getting serial# !

[Barry Margolin]

In article <a9i448$c5t at pub3.rc.vix.com>,
Éric Allard  <bind_ml at telusquebec.net> wrote:
>
>I have 3 DNS, 1 master and 2 slaves. I changed my DNS master
>for another machine in the same network with the same configuration
>and then I changed the named.conf of my 2 DNS slaves for this new
>master (masters {142.169.1.118;};).

I try to query that server and I don't get a response.  Is it behind a
firewall?

>I finally killed and restarted all of the named.
>
>After this One of my slave named work wonderfully with my new
>DNS master but the the other receives the "notify" but logs
>these errors on my namedlog instead of tranfering the zone:

The NOTIFY message is for the 169.142.in-addr.arpa domain, not the
quebecpub.qc.ca domain that's getting errors.  The NOTIFY message is also
coming from a different maste: 142.169.1.16.

Could the firewall be blocking UDP port 53 from empress, but
allowing it from the slave that works?

>Apr 16 00:34:49 empress named[15410]: [ID 295310 local0.info] rcvd
>NOTIFY(169.142.in-addr.arpa, IN, SOA) from [142.169.1.16].34167

>Apr 16 00:09:50 empress named[15410]: [ID 295310 local0.info] Err/TO
>getting serial# for "quebecpub.qc.ca"
>Apr 16 00:19:50 empress named[15410]: [ID 295310 local0.info] Err/TO
>getting serial# for "quebecpub.qc.ca"
>Apr 16 00:29:50 empress named[15410]: [ID 295310 local0.info] Err/TO
>getting serial# for "quebecpub.qc.ca"
>
>P.S.: If I add a completely new zone, this slave DNS accept this zone
>but I can't modify this zone with a new serial!

This sounds like you're allowing TCP through, but not allowing UDP.  The
initial zone transfer doesn't need to perform an SOA query.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.