Leases on Dynamic Updates?

Barry Finkel b19141 at britaine.ctd.anl.gov
Mon Feb 4 15:51:45 UTC 2008 

--On Friday, February 01, 2008 14:55:19 -0800 Chris Buxton 
<cbuxton at menandmice.com> wrote:

> Microsoft's implementation does not give identical IXFR's from
> different DC's. You cannot list multiple DC's in your masters
> statement and expect things to work right unless you use the multi-
> master option.
>
> And even the IXFR's from a particular DC cannot be 100% relied on -
> you need to use AXFR requests from your BIND slave in order to
> reliably get to a complete copy of the zone. The solution I've seen
> is, once per day or so, stop the slave, get an AXFR with dig, and
> restart the slave. This can be done via cron, of course, but it's
> hardly ideal.

I have 3 DCs, but I only treat ONE as a master for my BIND slaves.
I do not remember if I have DNS running on all three DCs.
I have no problem with the IXFR from the one DC to a BIND 9.4.1-P1
slave.  But I do occasionally have problems with IXFR from that one
BIND slave to the other BIND slaves, per this message:

     Feb  1 15:26:20 dns0 named[161]: [ID 873579 daemon.error]
       malformed transaction: cmt224.rev.jnl
       last serial 2001072827 != transaction first serial 2001072826

I have not completed the research to determine whether the problem is
in the IXFR packaging from the MS W2k+3 DNS Server or in the IXFR
re-packaging on the BIND slave during the transfer to another BIND
slave.  The zone in this message is dynamic, with many DDNS updates
throughout the day from an MS W2k+3 DHCP Server.  I would need to get
packet traces or detailed DNS logging of

     1) The DDNS update to the zone
     2) The IXFR from the MS DNS Server to the BIND slave
     3) The IXFR from the BIND slave to another BIND slave.

I did get some traces a few years ago with an older BIND 8, but I have
not gotten traces with BIND 9.

I have never (as far as I can remember) had any complaints that the
information for these dynamic zones (I have one forward and six
reverse zones) is not up-to-date.  All of my clients query the BIND
slave servers; none is supposed to be configured to query the MS DNS
Server running on the three DCs.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list