Zone transfer timeout

Danny Mayer mayer at gis.net
Fri Aug 6 19:48:54 UTC 2004 

At 06:57 PM 8/5/2004, Michael Barber wrote:
>No, the whole secondary quit slaving.  There is an error for each of the
>changed (expired) zones.  The only changes I can recall that could
>potentially cause this are:
>
>1)  We put are zone files on the primary under source code control.
>However, I just had that removed to troubleshoot it and it didn't change
>anything.

That should make no difference.

>2)  We put the primary dns in a totally different domain to improve
>security.  However, there is nothing fancy here.

In what way does that improve security? did you update the NS records
both in the zone files AND in the parent's records?

>named.conf file is:
>// generated by named-bootconf.pl
>
>options {
>  directory "b:\\bind";
>  named-xfer "c:\winnt\system32\dns\bin\named-xfer";

Why is this here? It's never been necessary.

>  /*
>   * If there is a firewall between you and nameservers you want
>   * to talk to, you might need to uncomment the query-source
>   * directive below.  Previous versions of BIND always asked
>   * questions using port 53, but BIND 8.1 uses an unprivileged
>   * port by default.
>   */
>  // query-source address * port 53;
>};
>
>//
>// File:       named.boot
>// Purpose:    give the DNS its startup parameters and
>// list of startup files.
>
>//
>// establish a loopback entry for this machine, and tell
>// it to load its identity from db.127.0.0
>//
>zone "0.0.127.IN-ADDR.ARPA" {
>  type master;
>  file "db.127.0.0";
>};
>
>// $$<$$
>// set ourselves as primary server for the zone
>//
>// ***************** primary changes ***********************
>zone "somedomain.com" {
>  type slave;
>  file "_db_COMCITY.zone";
>  masters {
>   207.168.174.130;
>  };
>};
>....etc....

Why bother to hide the domain name since it's obviously comcity.com?
Why are you not running bind 9 instead of BIND 8. It's much more stable
and reliable.

Danny

>8< snip
>Is it a new zone for the slave server?
>
>-----Original Message-----
>From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
>Behalf Of Michael Barber
>Sent: Thursday, August 05, 2004 3:40 PM
>To: bind-users at isc.org
>Subject: Zone transfer timeout
>
>Our slave suddenly stopped working.  We are getting this error message
>-->
>
>zone transfer timeout for "somedomain.com"; second kill pid 644 -
>forgetting, processes may accumulate
>
>Any ideas?
>
>Thank You very much.
>Michael B
>
>
>

More information about the bind-users mailing list