slave transfer problems

Barry Margolin barmar at alum.mit.edu
Thu Apr 30 23:36:55 UTC 2009 

In article <gtb6g9$bm2$1 at sf1.isc.org>,
 Scott Haneda <talklists at newgeo.com> wrote:

> On Apr 29, 2009, at 5:03 PM, Barry Margolin wrote:
> 
> > In article <gtamqt$1k3$1 at sf1.isc.org>,
> > Scott Haneda <talklists at newgeo.com> wrote:
> >>
> >>
> >> like my machine, .14 is refusing their refresh request.  Do I need to
> >> allow-recursion for their NS0?
> >
> > No, you shouldn't need allow-recursion.  You might need allow-query,  
> > if
> > you're not allowing to all.
> 
> I do not have it set, and am not finding in the docs what the default  
> is, I assume all or my DNS would just not work?

Yes, the default is to allow all.

> 
> >> 37.6, which named is not listening on, and get the above error?
> >
> > Try setting notify-source to xx.xx.37.14.
> 
> Neat, I was not aware of that, so when my machine sends out a notify,  
> it probably is using whatever IP it wants to, maybe the first, this  
> would like it down?

It uses the address of the outgoing interface that it uses to reach the 
slave that it's sending the notify to.  If you have multiple IPs on the 
same interface, I'm not sure what the preference list is.  But if you 
care, you should use that option.

> 
> >> Those are the only two they gave me, but the general problem is, I  
> >> can
> >> update a zone, change the serial, issue rndc reload, and see my logs
> >> show a notify sent their way.  It can then take anywhere from a few
> >> minutes, to hours, to sometimes days to get the change to hit the
> >> secondary.
> >
> > Even if there's a problem with the notify, it shouldn't take much  
> > longer
> > than the refresh time in the SOA record.  I recommend setting this to
> > something in the neighborhood of an hour, so that there isn't too much
> > of a lag if the notify is lost.
> 
> This is pretty par for the course template I use
>                  200810011       ; serial, todays date + todays serial #
>                  8H              ; refresh
>                  2H              ; retry
>                  4W              ; expire
>                  1H )            ; minimum
> 
> Are you saying to drop the 8H one down to 1H?  I was pretty sure I  
> followed RFC on the values above.  That zone setting above means I am  
> looking at 8 Hours if the notify fails?

If things are set up properly, notify rarely fails, so most 
recommendations say to set the refresh time long.  This is a good idea 
if the slave is slaving thousands of zones, so it doesn't spend all its 
time doing refreshes.  But if it's a smaller slave, the overhead of 
refreshing is negligible, so there's no reason not to set it lower.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list