refresh timeouts

Tue Apr 18 12:40:12 UTC 2006

Unfortunately, the zones are never able to refresh and eventually expire, 
which is the real problem.  I can't imagine there not being a way to 
rectify this with BIND 9, at least thats what I am hoping.. hopefully 
someone that may have an idea sees this message eventually.. I do have 
some questions to bounce off everyone though:
Could a major time skew cause refresh issues?
Are there any known issues with BIND 9.3.2 and SUSE 9?
Are there any known issues with BIND 9.3.2 running on virtual servers? 
(VMWARE ESX)

Thanks,

Corey Flath
Server Administrator
Border States Electric

Peter Dambier <peter at echnaton.serveftp.com> 
Sent by: bind-users-bounce at isc.org
04/17/2006 04:45 PM
Please respond to
peter at echnaton.serveftp.com

To
bind-users at isc.org
cc

Subject
Re: refresh timeouts

Dont worry, be happy. Here is one day in the live of my late Bind 9:

named_axfr_in("Dec-21","01:35:33","192.33.4.12","arpa'").
named_axfr_in("Dec-21","12:06:20","192.33.4.12","in-addr.arpa'").
named_timeout("Dec-21","13:47:42","zone","timed").
named_timeout("Dec-21","13:48:27","zone","timed").
named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53: 
retries exceeded","Dec-21","13:48:27").
named_timeout("Dec-21","14:39:19","zone","timed").
named_timeout("Dec-21","14:40:04","zone","timed").
named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53: 
retries exceeded","Dec-21","14:40:04").
named_timeout("Dec-21","15:05:15","zone","timed").
named_timeout("Dec-21","15:05:30","zone","timed").
named_timeout("Dec-21","15:28:25","zone","timed").
named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53: 
retries exceeded","Dec-21","15:29:10").
named_timeout("Dec-21","16:22:39","zone","timed").
named_timeout("Dec-21","16:23:24","zone","timed").
named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53: 
retries exceeded","Dec-21","16:23:24").
named_timeout("Dec-21","17:17:24","zone","timed").
named_complained("refresh_callback: zone ffii.org/IN: 212.72.72.97#53: 
retries exceeded","Dec-21","17:18:09").
named_axfr_in("Dec-21","18:06:50","212.72.72.97","ffii.org'").
named_axfr_in("Dec-21","20:51:42","192.33.4.12","arpa'").
named_axfr_in("Dec-21","21:34:56","212.72.72.97","ffii.org'").
named_axfr_in("Dec-21","23:24:21","212.72.72.97","ffii.org'").
named_axfr_in("Dec-21","23:53:31","192.33.4.12","in-addr.arpa'").

I used to run Bind 9 on a handful of machines. Some of them still
run Bind 9 others run dnscache (djbdns resolver) or tinydns (djbdns 
server)
now.

The problem seems to be Bind 9 and older Binds too need to refresh memory
sometimes or they need to update their data from the master. IF you
happen to hit the refresh Bind is deaf. It wont answer.

I quess that special day other problems might have happened just as well.

It should not be anything to worry about as long as you get an update.
Nevertheless it is anoying.

Changeing to djbdns solved it on some machines especially on slow machines
and on long zone files. If it is a networkproblem then changeing does not
make sense.

Regards
Peter

CFlath at border-states.com wrote:
> Hello all,
> I hope everyone is well.  I have been out of the BIND scene for a few 
> years and have just recently got back into it, and so this is my first 
> real experience with 9.  Things have gone fairly smoothly.. except for 
the 
> refresh timeouts I have been getting.  I have looked through the 
archives 
> and google searched for days and I just cannot find an answer to this 
> problem.
> I continue to receive the following refresh error for all my zones:
> Apr 10 22:05:12.629 general: info: zone foo.bar.com/IN: refresh: failure 

> trying master v.v.v.v#53: timed out
> 
> Initial zone transfers have no issues at all. 
> If I do an rndc refresh foo.bar.com it works just fine as well.
> I added serial-query-rate 5; to my options, but it did not seem to have 
an 
> effect.
> dig +norec foo.bar.com soa @ v.v.v.v works just fine.
> 
> I had another admin take a look at things and he could not find the 
issue 
> either.. I am sure its probably something I am doing wrong with bind 9, 
> but I sure
> can't find what.. any help would be greatly appreciated... I included my 

> named.confs and a zone example below.
> 
> 
> MASTER named.conf:
> options {
>         directory "/var/named";
>         forwarders { x.x.x.x; y.y.y.y; };
>         version "1.0 - really!";
>         allow-transfer { z.z.z.z; };
>         allow-recursion {any; };
>         forward only;
> #       listen-on port 53 { 127.0.0.1; };
> #       listen-on-v6 { any; };
>         query-source address * port 53;
>         transfer-source * port 53;
>         notify-source * port 53;
> #       allow-query { 127.0.0.1; };
>         notify yes;
> };
> ######################################################
> logging {
>   channel debug {
>   file "/tmp/bindlog.log" versions 2 size 50m;
>   severity dynamic;
>   print-time yes;
>   print-category yes;
>   print-severity yes;
>   };
>   category "default" { "debug"; };
>   category "general" { "debug"; };
>   category "database" { "debug"; };
>   category "security" { "debug"; };
>   category "config" { "debug"; };
>   category "resolver" { "debug"; };
>   category "xfer-in" { "debug"; };
>   category "xfer-out" { "debug"; };
>   category "notify" { "debug"; };
>   category "client" { "debug"; };
>   category "unmatched" { "debug"; };
>   category "network" { "debug"; };
>   category "update" { "debug"; };
> #  category "queries" { "debug"; };
>   category "dispatch" { "debug"; };
>   category "dnssec" { "debug"; };
>   category "lame-servers" { "debug"; };
> };
> ######################################################
> zone "localhost" in {
>         type master;
>         file "localhost.zone";
> };
> 
> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "127.0.0.zone";
> };
> 
> zone "." in {
>         type hint;
>         file "root.hint";
> };
> 
> # You can insert further zone records for your own domains below.
> 
> controls {
>         inet 127.0.0.1 allow {127.0.0.1; v.v.v.v; } keys {rndc_key;};
> };
> 
> key "rndc_key" {
>         algorithm hmac-md5;
>         secret "FredFlintstone";
> };
> zone "foo.bar.com" in {
>         type master;
>         file "foo.bar.com.zone";
>         allow-transfer {
>              z.z.z.z;
>         };
> };
> 
> 
> SLAVE named.conf:
> options {
> 
>         directory "/var/named";
>         forwarders { x.x.x.x; y.y.y.y; };
>         allow-recursion { any; };
>         forward only;
> #       listen-on port 53 { 127.0.0.1; };
> #       listen-on-v6 { any; };
>         query-source address * port 53;
>         transfer-source * port 53;
>         notify-source * port 53;
>         #allow-query { 127.0.0.1; };
>         notify no;
> };
> #############################################################
> logging {
>   category "default" { "debug"; };
>   category "general" { "debug"; };
>   category "database" { "debug"; };
>   category "security" { "debug"; };
>   category "config" { "debug"; };
>   category "resolver" { "debug"; };
>   category "xfer-in" { "debug"; };
>   category "xfer-out" { "debug"; };
>   category "notify" { "debug"; };
>   category "client" { "debug"; };
>   category "unmatched" { "debug"; };
>   category "network" { "debug"; };
>   category "update" { "debug"; };
> #  category "queries" { "debug"; };
>   category "dispatch" { "debug"; };
>   category "dnssec" { "debug"; };
>   category "lame-servers" { "debug"; };
>   channel "debug" {
>     file "/tmp/bindlog.log" versions 2 size 50m;
>     print-time yes;
>     print-category yes;
>     print-severity yes;
>   };
> };
> #########################################################
> zone "localhost" in {
>         type master;
>         file "localhost.zone";
> };
> 
> 
> zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "127.0.0.zone";
> };
> 
> zone "." in {
>         type hint;
>         file "root.hint";
> };
> 
> #You can insert further zone records for your own domains below.
> key "rndc-key" {
>       algorithm hmac-md5;
>       secret "FredFlintstone";
> };
> 
> controls {
>       inet 127.0.0.1 port 953
>               allow { 127.0.0.1; v.v.v.v; z.z.z.z;} keys { "rndc-k
> ey"; };
> };
> 
> zone "foo.bar.com" in {
>         type slave;
>         file "foo.bar.com.zone";
>         masters { v.v.v.v; };
> };
> 
> ZONE FILE:
> 
> $TTL 3600       ; 1 hour
> @                               IN SOA  ns3.foo.bar.com. 
admin.border-stat
> es.com. (
>                                 2006031000 ; serial
>                                 900        ; refresh (15 minutes)
>                                 600        ; retry (10 minutes)
>                                 86400      ; expire (1 day)
>                                 3600       ; minimum (1 hour)
>                                 )
>                         NS      ns3.foo.bar.com.
>                         NS      ns4.border-states.com.
> 
> www                     A       q.q.q.q
> 
> 
> Corey Flath
> Server Administrator
> Border States Electric
> 
> 
> 

-- 
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at echnaton.serveftp.com
mail: peter at peter-dambier.de
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/