slow zone propagation
SilentRage
bind-users at dollardns.net
Wed Oct 27 17:31:03 UTC 2004
Ensure you've got notification going on from the master to the slaves. Make sure your NS records accurately describe the master and slaves. Make sure the master is specified in the SOA record. Also with each zone revision the serial number should be incremented, preferably in yyyymmddss (year,month,day,serial) format. Make sure your SOA refresh interval has a sane value. Something like 30-60 min is my recommendation.
Dave
--- Reply to: Jerome Tytgat <jerome.tytgat at asterion.fr> ---
>
> Hello list,
>
> I need you to help me resolve one big problem we have here.
>
> We have 1 central cluster server (1.2.3.20) with 1 master zone and
> 100+ r=
> everse zones (with
> have a lot of networks...), running bind 9.2.1 on Debian Linux Woody
> 3.
> We have 12 sites and on each sites we have a slave DNS server running
> bin=
> d 9.2.2rc1 on Sun
> Solaris 8.
>
> We have a very slow propagation of the master zone to the
> slaves servers.
>
> I wonder if I made something wrong and if it's possible to accelerate
> the propagation.
>
> The most important zone for us, is the master zone (domain.fr), could
> it =
> be possible to priorize it ?
>
> Thanks for you advice.
>
> --
>
> Notify is working from what I can see in the logs :
>
> Oct 27 16:13:11 h35aredmsga named[10730]: zone domain.fr/IN: sending
> noti=
> fies (serial 2004102704)
> Oct 27 16:13:11 h35aredmsga named[10730]: zone
> 0.10.10.in-addr.arpa/IN: s=
> ending notifies (serial 125)
> =2E..
> Oct 27 16:26:08 h35aredmsga named[10731]: client 10.10.10.33#54824:
> trans=
> fer of 'domain.fr/IN': AXFR-style IXFR started
>
> As you see, the transfert started on this server (10.10.10.33) only 13
> mi=
> nutes after the notify !
>
> I have nothing in my firewall log telling that the notify has not been
> bl=
> ocked.
>
> The slave server receive well the notify :
>
> message has 12 byte(s) of trailing garbage
> received notify for zone '33.168.192.in-addr.arpa': not authoritative
> <=3D=
> this IS not configured
> zone_timer: zone 168.108.10.in-addr.arpa/IN: enter
> zone_maintenance: zone domain.fr/IN: enter
> queue_soa_query: zone domain.fr/IN: enter
> soa_query: zone domain.fr/IN: enter
> refresh_callback: zone domain.fr/IN: enter
> refresh_callback: zone domain.fr/IN: serial: new 2004102704, old
> 20041027=
> 03
> queue_xfrin: zone asterion.fr/IN: enter
> zone asterion.fr/IN: zone transfer finished: success
> zone asterion.fr/IN: transfered serial 2004102704
> zone_timer: zone asterion.fr/IN: enter
> zone_maintenance: zone asterion.fr/IN: enter
> zone asterion.fr/IN: sending notifies (serial 2004102704)
>
>
> -- Next are the different configurations --
> (i've changed only some names to preserve some privacy)
>
> here is the SOA of the master zone :
>
> $TTL 43200 ; default TTL for zone (12 heures)
> @ IN SOA ns0nsserver.domain.fr.
> root.ns0nsserver.d=
> omain.fr. (
> 2004102704 ; Serial (genere
> automa=
> tiquement)
> 1h ; Refresh (1 heure)
> 3m ; Retry (3 minutes)
> 5w ; Expire (5
> semaines)
> 3h ; Minimum (3 heures)
> )
>
> the liste of NS server (one for each site) :
>
> IN NS ns0nsserver.domain.fr.
> IN NS ns1nsserver.domain.fr.
> IN NS ns2nsserver.domain.fr.
> IN NS ns3nsserver.domain.fr.
> IN NS ns4nsserver.domain.fr.
> IN NS ns5nsserver.domain.fr.
> IN NS ns6nsserver.domain.fr.
> IN NS ns7nsserver.domain.fr.
> IN NS ns8nsserver.domain.fr.
> IN NS ns9nsserver.domain.fr.
> IN NS ns10nsserver.domain.fr.
> IN NS ns11nsserver.domain.fr.
>
> After follow the A,CNAME,MX, etc.
>
> Here is the SOA for one reverse zone :
>
> ; Fichier: /var/named/10.10.0.in-addr.arpa
> ; Reseau: 10.10.0.0/24
> ;
> $TTL 43200 ; default TTL for zone (12 heures)
> @ IN SOA ns0nsserver.domain.fr.
> root.ns0nsserver.d=
> omain.fr. (
> 125 ; Serial (genere
> automatiqu=
> ement)
> 6m ; Refresh (5
> minutes)
> 3m ; Retry (3 minutes)
> 5w ; Expire (5
> semaines)
> 3h ; Minimum (3 heures)
> )
>
> IN NS ns0nsserver.domain.fr.
> IN NS ns1nsserver.domain.fr.
> IN NS ns2nsserver.domain.fr.
> IN NS ns3nsserver.domain.fr.
> IN NS ns4nsserver.domain.fr.
> IN NS ns5nsserver.domain.fr.
> IN NS ns6nsserver.domain.fr.
> IN NS ns7nsserver.domain.fr.
> IN NS ns8nsserver.domain.fr.
> IN NS ns9nsserver.domain.fr.
> IN NS ns10nsserver.domain.fr.
> IN NS ns11nsserver.domain.fr.
>
>
>
> ** here is an extract of the master named.conf :
>
> acl srv2 { [list of NS servers] };
> acl myself { 127.0.0.1; 1.2.3.20; 1.2.3.21; 1.2.3.22; 1.2.3.23;
> 1.2.3.24;=
> 1.2.3.25; 1.2.3.26; };
>
> options {
> // Provide recursive service to internal clients only.
> recursion yes;
> allow-recursion { myself; };
> notify yes;
> directory "/var/named";
> forwarders {
> 212.30.96.210;
> 212.30.96.211;
> 213.203.124.147;
> };
> // forward only;
> listen-on { 1.2.3.20; 127.0.0.1; };
> transfer-format one-answer;
> };
>
> zone "." {
> type hint;
> # 2003-05-09/VNet/SNa
> # Pour Debian
> file "/etc/bind/db.root";
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> # 2003-05-09/VNet/SNa
> # Pour Debian
> // file "/etc/bind/db.local";
> file "127.0.0.in-addr.arpa";
> };
>
> zone "domain.fr" {
> type master;
> notify yes;
> file "domain.fr";
> allow-transfer { srv2; };
> };
>
> zone "0.10.10.in-addr.arpa" {
> type master;
> notify yes;
> file "10.10.0.in-addr.arpa";
> allow-transfer { srv2; };
> };
>
> [... only zones declarations follows ...]
>
>
> ** Here is an extract of the named.conf on one slave (identical on all
> sl=
> aves)
>
> options {
> directory "/var/named";
> recursion no;
> // forwarders {
> // 10.10.10.25;
> // };
> // forward only;
> // query-source address * port 53;
> };
>
>
> //
> // a caching only nameserver config
> //
> ///*zone "." {
> // type hint;
> // file "named.ca";
> //};*/
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "named.local";
> };
>
> zone "domain.fr." {
> type slave;
> file "domain.fr.sec";
> masters {
> 1.2.3.20;
> };
> };
>
> zone "0.10.10.in-addr.arpa" {
> type slave;
> file "10.10.0.in-addr.arpa.sec";
> masters {
> 1.2.3.20;
> };
> };
>
> [... only zones declarations follows ...]
>
> --=20
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> D=3D=
> =3D=3D=3D
> > J=E9r=F4me Tytgat
> Network and Security Manager
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> D=3D=
> =3D=3D=3D
>
>
>
>
More information about the bind-users
mailing list