Zone re-load problem with lame-server on 9.3.0 with views
Eric Pancer
epancer at gmail.com
Sun Sep 11 06:56:21 UTC 2005
I've been seeing some recent problems with an authoritative name
server that also acts as a cache. I have this built using views (see
config below). Basically, the symtoms are this:
1. When modifying a zone and incrementing the serial number, queries
against the server (host -t soa catastrophe.net ns1.catastrophe.net)
result in older serial numbers being displayed. Even when using the IP
address of the authoritative server, this behavior persists.
2. The following logs are generated as well....I don't understand what
is lame about ns1.catastrophe.net in the catastrophe.net zone as I
have glue in place. Could this be an issue with a AAAA record for a NS
record? Here are the logs..
11-Sep-2005 01:26:42.028 client 127.0.0.1#16427: view internal: query:
ns1.catastrophe.net IN AAAA +
11-Sep-2005 01:26:42.029 createfetch: ns1.catastrophe.net AAAA
11-Sep-2005 01:26:42.086 client 207.227.243.194#25826: view internal:
query: ns1 .catastrophe.net IN AAAA -E
11-Sep-2005 01:26:42.087 lame server resolving 'ns1.catastrophe.net'
(in 'catastrophe.NET'?): 207.227.243.194#53
11-Sep-2005 01:26:42.122 client 127.0.0.1#24233: view internal: query:
ns1.catastrophe.net IN A +
11-Sep-2005 01:26:42.122 createfetch: ns1.catastrophe.net A
11-Sep-2005 01:26:44.160 client 2001:4830:2280::53#27706: view
internal: query: catastrophe.net IN SOA +
11-Sep-2005 01:26:44.160 createfetch: catastrophe.net SOA
11-Sep-2005 01:26:44.161 client 2001:4830:2280::53#15288: view internal: qu=
ery:
catastrophe.net IN SOA -E
11-Sep-2005 01:26:44.162 lame server resolving 'catastrophe.net' (in
'catastrophe.NET'?): 2001:4830:2280::53#53
3. Basically, stopping and starting the server does not assist with
the problem. The old serial number is kept loaded.
If anyone can recommend a course of action I would greatly appreciate
it. Here is the zone file and configuration. This problem exists with
all zones. I'm using OpenBSD 3.7 with the delivered BIND 9.3.0.
Thanks in advance for help!
; catastrophe.net
$ORIGIN catastrophe.net.
@ IN SOA ns1.catastrophe.net. root.catastrophe.net. (
2005091102 ; se =3D serial number
2h ; ref =3D refresh
15m ; ret =3D update retry
3w ; ex =3D expiry
3h ) ; min =3D minimum
;
IN NS ns1.catastrophe.net.
IN NS ns2.catastrophe.net.
IN NS ns3.catastrophe.net.
IN MX 10 b.mx.nxio.us.
IN MX 20 c.mx.nxio.us.
IN A 207.227.243.196
;
; nameservers
ns1 IN A 207.227.243.194
IN AAAA 2001:4830:2280::53
ns2 IN A 140.192.81.181
IN AAAA 2001:468:1202:301:203:47ff:fea4:3e12
ns3 IN A 207.227.240.1
;
600 IN TXT "v=3Dspf1 a:mx.catastrophe.net
a:a.mx.nxio.us a:b.mx.nxio.us a:c.mx.nxio.us a:ictus.catastrophe.net
mx -all"
;
[snip A/AAAA records]
#---------------------#
// $Id: named.conf,v 1.5 2005/05/05 19:50:30 eric Exp $
//
acl clients {
localnets;
::1;
2001:x:y::/64;
2001:x:z:1135::/64;
2001:x:z:603::/64;
2001:x:e5:6::1;
};
acl public {
any;
};
acl dnsslave4 {
140.192.81.181; // lithium
207.227.240.1; // pulmonary.ispfh.org
207.227.240.5; // peabody.ispfh.org
};
acl dnsslave6 {
2001:468:1202:301:20a:5eff:fe21:2f6b; // lithium.sg.depaul.edu
2001:x:e5:8::2; // gw
2001:x:z:1135::999;
2001:x:z:603::999;
};
options {
version "apple ][ - appletalk v5.35 1995"; // remove this
to allow version queries
listen-on { 127.0.0.1; 207.227.243.194; };
listen-on-v6 { any; };
statistics-file "/named.stats";
zone-statistics yes;
notify yes;
transfer-format many-answers;
max-transfer-time-in 60;
interface-interval 0;
};
logging {
channel "default_syslog" {
syslog daemon;
severity debug;
};
channel "audit_log" {
syslog local2;
severity debug;
};
category lame-servers { default_syslog; };
category default { default_syslog; };
category general { default_syslog; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
view internal in {
match-clients { clients; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." {
type hint;
file "standard/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.ar=
pa" {
type master;
file "standard/loopback6.arpa";
};
};
view "external" in {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "nxio.us" in {
type master;
file "master/nxio.us";
allow-query { public; };
allow-transfer { dnsslave4; dnsslave6; };
};
zone "243.227.207.in-addr.arpa" in {
type master;
file "master/243.227.207.in-addr.arpa";
allow-query { public; };
allow-transfer { dnsslave4; dnsslave6; };
};
zone "catastrophe.net" in {
type master;
file "master/catastrophe.net";
allow-query { public; };
allow-transfer { dnsslave4; dnsslave6; };
};
[snip many other zones]
};
view "external-chaos" chaos {
match-clients { any; };
recursion no;
zone "." {
type hint;
file "master/null";
};
zone "bind" {
type master;
file "master/bind.db";
allow-query { clients; };
allow-transfer { none; };
};
};
More information about the bind-users
mailing list