Secondary DNS is not updated quickly from Primary

Mark Andrews Mark_Andrews at isc.org
Sun Dec 4 12:51:01 UTC 2005 

> Dear All,
>      
> DNS Setup: 
> 1. Primary DNS on Solaris 9 with BIND 9.2.3 ( Solaris package )
> 2. Secondary DNS is on Solaris 10 with Bind 9.2.4 ( build in of Solaris 10 )
> Problem :
> 
> 1. When i changed "Zone" on "Primary DNS" with updated "Serial no" in Zone
> file & then used  "rndc reload / rndc reload 
>    <zone name>" on Primary DNS.
>    "Secondary DNS" zone is not updated immediately even i kept "refresh rate
> as 5 min".(i uses rndc reload on 
>     Secondary DNS) but when i uses "rndc reload <zone name>" on "Secondary
> DNS" then zone gets transfer immediately.
>    Is this bug in BIND 9.2.3? because i had not faced problem with "BIND 8"
> for Zone Transfer.   

	Firstly is the secondary listed in the NS RRset?
	Secondly can the primary resolve the addresses of the secondary?
	Thirdly is the primary sending the notify messages from the same
	address as that listed in the masters clause on the secondary?
	Fourthly does the SOA MNAME match the name of the primary servers?
	Fifthly is there a firewall/NAT blocking or otherwise changing the
	notify message.

	There are ways to address most/all of the potential issues but
	without answers to the above questions people won't be able to
	help you.

	NOTIFY is simple.  The master loads the zone.  It looks up
	the addresses for the nameservers.  It sends the NOTIFY
	message to the slaves (the master is identified by the SOA
	MNAME).  The slave looks at the NOTIFY and the address the
	NOTIFY was from and decided to accept or reject it.  It
	then looks at any SOA record to see if the serial is greater
	than it currently has.  If it is or there was no SOA record
	it starts the standard refresh processing.
 
> 2. Is any BIND patch available for BIND 9.2.3 on Solaris 9? 

	A patch for what?  BIND is distributed freely in source form.
	You can just compile and install the latest release.
 
> 3. If instead of rndc key if i uses tsig key then will security will
> increase?

	Yes but get everything else working first before you look at
	TSIG.
 
> Best Regards
> Ganesh Borhade
> 91-9880537357
> 
> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
> Of Barry Margolin
> Sent: Saturday, December 03, 2005 4:30 AM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Secondary DNS is not updated quickly from Primary
> 
> 
> In article <dmq2tg$cun$1 at sf1.isc.org>,
>  "Borhade Ganesh (vMoksha)" <Ganesh.Borhade at UCB-Group.com> wrote:
> 
> > Dear All,
> >      I have configured Primary DNS Server --> Bind 9.2.3 on Solaris 9 with
> > private IP address  & Secondary DNS Server --> Bind 9 on Solaris 10 with
> > private IP address.
> > My zones are transfer from Primary DNS to Secondary DNS only when i reload
> > zone from secondary  [ rndc reload <zone name > ].
> >     I wants to make DNS Server's  live on Monday with Public IP address
> but
> > before that i wants to make sure that if i restart rndc service ( rndc
> > stop/start ) on primary ( Zone updated with serial no ) then it should
> > automatically transfer the zone  to Secondary DNS 
> >     Can anyone help me how to resolve it?
> 
> The slave should automatically refresh the zone every <refresh> seconds, 
> where this is the Refresh parameter in the zone's SOA record.  So if you 
> want to ensure that it updates within 15 minutes, set this to 900.
> 
> You should also be able to use the DNS Notify mechanism.  Make sure that 
> the slaves are listed in the NS records of the zone, and the master will 
> send a Notify message to the slaves within a few seconds of your 
> reloading the zone on the master.
> 
> Of course, make sure you increment the serial number on the master after 
> making chances.
> 
> Are there any messages in the slave's log when it should be refreshing 
> the zone?
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> 
> 
> 
> --------------------------------------------------------- 
> Legal Notice: This electronic mail and its attachments are intended solely
> for the person(s) to whom they are addressed and contain information which
> is confidential or otherwise protected from disclosure, except for the
> purpose for which they are intended. Dissemination, distribution, or
> reproduction by anyone other than the intended recipients is prohibited and
> may be illegal. If you are not an intended recipient, please immediately
> inform the sender and return the electronic mail and its attachments and
> destroy any copies which may be in your possession. UCB screens electronic
> mails for viruses but does not warrant that this electronic mail is free of
> any viruses. UCB accepts no liability for any damage caused by any virus
> transmitted by this electronic mail. 
> ---------------------------------------------------------
> 
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list