refresh times out from Win DNS

Mon Jul 19 03:29:17 UTC 2004

On Sun, 18 Jul 2004, Vinny Abello wrote:

> At 05:15 PM 7/16/2004, Barry Finkel wrote:
> >Mark Jeftovic <mark at jeftovic.net> wrote:
> >
> > >>>We've been seeing this sporadically for awhile and it is possible this
> > >>>happens more often with Win DNS masters (we're not sure but the latest
> > >>>case is definitely a WIN DNS box)
> > >>>
> > >>>We are able to do the first transfer OK after which point subsequent
> > >>>refreshes fail with the usual complaint of
> > >>>
> > >>>Jul 12 07:23:26 ds2 named[1879]: zone example.com/IN: refresh:
> > >>>failure  trying master 10.2.229.181#53: timed out
> > >>>
> > >>>Left to its own the zone eventually expires.
> > >>>
> > >>>The thing is, we can do AXFR and IXFR from the command line just fine
> > >>>using host or dig. Also, the slave is not clogged up with transfers
> > >>>in progress (there are 6 SOA queries in progress and 0 xfers running
> > >>>as I type this, on a slave with approx. 85K zones configured).
> > >>>
> > >>>This is bind9.2.3
> >
> >At 09:55 AM 7/16/2004, Barry Finkel wrote:
> > >>I am assuming that the Windows DNS masters are either W2k or W2k+3.
> > >>The only idea I have is to turn on full logging on the Windows DNS
> > >>Server and see what it logs.  The MS W2k DNS code does not log failed
> > >>zone transfers in the EventLog, only successful ones.  (The MS
> > >>developers did not want to fill up the event log.)  So the only way
> > >>to see a failed zone transfer on the MS side is to look at the dns.log
> > >>file.  That will tell you if the AXFR/IXFR request is reaching the
> > >>windows DNS Server; it will not tell you why the transfer was refused.
> > >>If you find that the request is getting to the Windows DNS Server, then
> > >>report back as to what is in the log.
> >
> >And Danny Mayer <mayer at gis.net> replied:
> >
> > >Why bother logging something that needs to get fixed? Sigh.
> >
> >Unless I am misunderstanding the problem, Mark is trying to do a
> >zone transfer on his BIND server from a W2k DNS Server and is getting
> >a timeout reported on the BIND side.  I was suggesting seeing on the
> >W2k side whether the AXFR/IXFR request ever gets to the W2k DNS Server.
> >I have no idea what is causing the timeout.
>
> Win2k doesn't support EDNS which BIND will attempt to do when querying for
> an SOA record. MS DNS seems to rate limit the "bad" queries because it
> doesn't know how to handle them. Try turning off EDNS to that particular
> server in your configuration and see if that corrects it.
>
> In named.conf:
>
> server 1.2.3.4 {
>          edns no;
> };
>
>
> Vinny Abello
> Network Engineer
> Server Management
> vinny at tellurian.com
> (973)300-9211 x 125
> (973)940-6125 (Direct)
> PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A
>
> Tellurian Networks - The Ultimate Internet Connection
> http://www.tellurian.com (888)TELLURIAN
>
> There are 10 kinds of people in the world. Those who understand binary and
> those that don't.
>
>

-- 
Mark Jeftovic <markjr at easydns.com>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237