AXFR partially timed out

Thu Oct 7 15:55:35 UTC 2010

Warren Kumari
------
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.

On Oct 7, 2010, at 1:55 AM, Beat Jucker <beat at juckers.ch> wrote:

> Hello BIND users
> 
> I have a very strange problem with AXFR. We are using a master and a 
> secondary DNS Server with an internal and an external view. Depending 
> on the source address the secondary server will get the internal or 
> external view for zone transfer.
> 
> Everything is working correct so far except only one specific zone file
> won't get transferred. In the external view there are about 70 zones 
> defined. Every zone will get transferred except one and only one won't.
> Therefor there can't be a problem with the firewall.
> 
> Then I scaled down the seconday DNS server to just about 2 zones and
> again: this specific zone file won't get transfered even the master
> said "AXFR started" and "AXFR ended" for this particular zone. On
> the secondary server I'll get "giving up: timed out".
> 
> To test zone transfer by DIG I shut down the internal IP interface
> so the AXFR request used the external IP interface for the zone transfer
> and everything was ok (zone transfer succeeded). 
> 
> I also checkd the zonefile against nonASCII chars. Everything looks 
> correct. I'm realy confused (by the way: we are still using BIND-0.9.5)
> 
> Do you have any idea ... ?

Yes -- remove the firewall...

Your testing to rule out the firewall is far from comprehensive, and in almost all cases where there is a DNS problem and the words "firewall" or "load-balancer" are mentioned, they are the issue...

W

> 
> Best regards
> -- Beat
> 
> 
> Logfile of master DNS server:
> 
> --> Bsp-1: AXFR of 194.72.193 succeeded <--
> 20:42:18.301 client 62.2.231.99#40091: view external: query: 194.72.193.in-addr.arpa IN AXFR -
> 20:42:18.302 client 62.2.231.99#40091: view external: transfer of '194.72.193.in-addr.arpa/IN': AXFR started
> 20:42:18.303 client 62.2.231.99#40091: view external: transfer of '194.72.193.in-addr.arpa/IN': AXFR ended
> 
> --> Bsp-2: AXFR of glue.ch *NOT* succeeded ... ? <--
> 20:42:18.780 client 62.2.231.99#40092: view external: query: glue.ch IN AXFR -
> 20:42:18.780 client 62.2.231.99#40092: view external: transfer of 'glue.ch/IN': AXFR started
> 20:42:18.783 client 62.2.231.99#40092: view external: transfer of 'glue.ch/IN': AXFR ended
> 
> 
> Logfile of secondary DNS server:
> 
> --> Bsp-1: AXFR of 194.72.193 succeeded <--
> 20:42:18.252 transfer of '194.72.193.in-addr.arpa/IN/external' from 193.72.194.251#53: connected using 62.2.231.99#40091
> 20:42:18.253 transfer of '194.72.193.in-addr.arpa/IN/external' from 193.72.194.251#53: sent request length prefix
> 20:42:18.253 transfer of '194.72.193.in-addr.arpa/IN/external' from 193.72.194.251#53: sent request data
> 20:42:18.342 transfer of '194.72.193.in-addr.arpa/IN/external' from 193.72.194.251#53: received 462 bytes
> 20:42:18.342 transfer of '194.72.193.in-addr.arpa/IN/external' from 193.72.194.251#53: got nonincremental response
> 20:42:18.348 zone 194.72.193.in-addr.arpa/IN/external: zone transfer finished: success
> 20:42:18.348 zone 194.72.193.in-addr.arpa/IN/external: transferred serial 2009112701
> 20:42:18.348 transfer of '194.72.193.in-addr.arpa/IN/external' from 193.72.194.251#53: Transfer completed: 1 messages, 16 records, 462 bytes, 0.095 secs (4863 bytes/sec)
> 
> --> Bsp-2: AXFR of glue.ch *NOT* succeeded ... ? <--
> 20:42:18.730 transfer of 'glue.ch/IN/external' from 193.72.194.251#53: connected using 62.2.231.99#40092
> 20:42:18.731 transfer of 'glue.ch/IN/external' from 193.72.194.251#53: sent request length prefix
> 20:42:18.731 transfer of 'glue.ch/IN/external' from 193.72.194.251#53: sent request data
> 21:42:18.696 transfer of 'glue.ch/IN/external' from 193.72.194.251#53: giving up: timed out
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users