rndc reload <zone> doesn't send notify

Feargal Reilly feargal at fbi.ie
Thu Apr 12 13:00:49 UTC 2007 

Hi,
This is probably a very stupid problem, but I'm too stupid to
recognise it...

I've been having problems getting notify messages passed from a
master to a slave.

I have two nameservers, a master called ns1.example.com, and a
slave, ns2.example.com. Everything had worked fine, when I
updated a zone on ns1, rndc relad on the zone would notify ns2,
and it would successfully transfer the updated zone.

Today I moved ns1 on to a new host, by copying all the config
files to the new host, stopping the old host from listening on
that IP, and starting it on the new host. It appeared to work
fine, and is happily responding to queries.

However, I'm having a problem getting it to send notifies to ns2
when a zone is updated.

The old ns1 ran BIND 9.3.0, the new one is running 9.3.4

If I increment the serial for a zone and run "rndc reload
domain.example" the notify does not appear to get sent to ns2 -
certainly nothing shows up under notify or xfers on ns2.

On ns1, the following gets logged in the notify category:

12-Apr-2007 11:31:14.881 info: zone domain.example/IN: sending
notifies (serial 2007041214)

12-Apr-2007 12:18:23.360 debug 3: zone domain.example/IN:
sending notify to 10.0.115.27#53

12-Apr-2007 12:18:23.360 debug 2: zone domain.example/IN: notify
to 10.0.115.27#53 failed : operation canceled

When I proceed to restart named on ns2, it transfers the
domain.example zones correctly, so it doesn't appear to be a
problem with the transfer - it doesn't get that far.

Possible causes I've thought of and discounted are:

1) Serial not being incremented - Nope, I'm doing that.

2) Firewall - Don't think this is an issue, I've opened up all
tcp and udp traffic between the two hosts and can run:

ns1> dig @ns2.example.com domain.example soa
ns1> telnet ns2.example.com 53

ns2> dig @ns1.example.com domain.example soa
ns2> telnet ns1.example.com 53

3) Time syncronization - both servers run ntpd and show the same
time, and I can't find any relevant messages in the logs.

4) TSIG Key changes - I haven't changed the config at all, and I
can't find anything in the logs related to this.

5) IP changes - again, there shouldn't be any, as I did not have
to change any IP addresses for the move, just change which host
listened on the IP for ns1. ns2 isn't even on the same network,
and I use notify-source and transfer-source in my confif so it
really shouldn't have noticed any difference at all.

I've looked over CHANGES and can't see anything, the 'operation
canceled' message is defined as ISC_R_CANCELED, but there's
about 60 instances of it being used, and I can't see where it's
being triggered here.

Any suggestions?

Thanks,
-fr.

-- 
Feargal Reilly, Chief Techie, FBI.
PGP Key: 0xBD252C01 (expires: 2006-11-30)
Web: http://www.fbi.ie/ | Tel: +353.14988588 | Fax: +353.14988489
Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6.

More information about the bind-users mailing list