[SANOG] bind9 question .. does IXFR fallback to AXFR?

Suresh Ramasubramanian suresh at outblaze.com
Fri Dec 31 06:51:05 UTC 2004 

Hi

I have a weird issue .. which I just saw when I added an IP to my zone
for hserus.net (tinydns pri NS on frodo.hserus.net served by two bind
secondaries)

Updating the serial number on djbdns, loading the zone serves it ok.

> frodo# dnsq soa hserus.net frodo.hserus.net
> 6 hserus.net:
> 187 bytes, 1+1+3+2 records, response, authoritative, noerror
> query: 6 hserus.net
> answer: hserus.net 7200 SOA frodo.hserus.net postmaster.hserus.net 
2005010101 14400 7200 950400 7200
> authority: hserus.net 7200 NS ns4.zoneedit.com
> authority: hserus.net 7200 NS ns3.zoneedit.com
> authority: hserus.net 7200 NS frodo.hserus.net
> additional: frodo.hserus.net 7200 AAAA 3ffe:401d:2022:b::2
> additional: frodo.hserus.net 7200 A 204.74.68.40

I then used the dnsnotify perl script available on the djbdns.org site
to send a NOTIFY to my two bind secondaries ns{3,4).zoneedit.com (which
are probably bind 9 now, though digging for version.bind from their
chaos.txt just doesnt work)

frodo# dnsnotify hserus.net ns3.zoneedit.com ns4.zoneedit.com
Received NOTIFY answer from 66.180.174.61
Received NOTIFY answer from 216.98.150.236

However - the secondaries are not updating themselves .. possibly
because bind9 sends IXFR requests rather than AXFR first .. and djbdns
doesn't do IXFR, just AXFR.  So, when an IXFR doesnt return anything,
does bind fall back to doing an AXFR to update itself from the
primary?

> frodo# dnsq soa hserus.net ns3.zoneedit.com
> 6 hserus.net:
> 143 bytes, 1+1+3+0 records, response, authoritative, noerror
> query: 6 hserus.net
> answer: hserus.net 7200 SOA frodo.hserus.net postmaster.hserus.net 
200409201 14400 7200 950400 7200
> authority: hserus.net 7200 NS ns4.zoneedit.com
> authority: hserus.net 7200 NS ns3.zoneedit.com
> authority: hserus.net 7200 NS frodo.hserus.net

> frodo# dnsq soa hserus.net ns4.zoneedit.com
> 6 hserus.net:
> 143 bytes, 1+1+3+0 records, response, authoritative, noerror
> query: 6 hserus.net
> answer: hserus.net 7200 SOA frodo.hserus.net postmaster.hserus.net 
200409201 14400 7200 950400 7200
> authority: hserus.net 7200 NS ns4.zoneedit.com
> authority: hserus.net 7200 NS ns3.zoneedit.com
> authority: hserus.net 7200 NS frodo.hserus.net

-- 
This is the SANOG (http://www.sanog.org/) mailing list.

More information about the bind-users mailing list