Zones not getting transferred after a restart

Mark Andrews marka at isc.org
Tue Mar 15 22:29:27 UTC 2011 

In message <ilo4hp$s5g$1 at dough.gmane.org>, Bernhard Schmidt writes:
> Hi,
> 
> we have an internal distribution point running BIND 9.5.0-P2 (SLES 11.1
> distribution package). It slaves about 1800 zones from a commercial DNS
> management software running on 127.0.0.1:8054 and distributes them
> towards our servers.
> 
> Whenever we restart BIND on that system, the 1800 zones are loaded
> within two seconds (1800 loaded serial xxxxx entries, running), but it
> takes up to 30 minutes (26 minutes the last time) where it does not do
> any AXFR upstream and logs 
> 
> 15-Mar-2011 09:36:47.334 zone kongress.xxx.de/IN: notify from
> 127.0.0.1#8054: refresh in progress, refresh check queued
> 
> on every notify it receives. I cannot really see SOA queries upstream
> either. When that time has passed by it catches up with the zone
> transfers.
> 
> Other than having "edns no" and "request-ixfr no" set for the upstream
> server (due to bugs in this field) the configuration is pretty standard.
> I'm not really opposed to updating the BIND to a newer version, but
> given I'd have to go away from the distribution package where I feel
> fine using it (firewalled system, only reachable by our other servers)
> I'd rather know for sure that this problem is solved. I see similar
> issues on our frontend servers running 9.7.3.
> 
> Can anyone explain how I can speedup this progress?

Disable notify for the zones.  Increase soa-query-rate.  It also applies
to notifies.

> Also I'd like to disable/tune down the 
> 
> 15-Mar-2011 08:25:36.828 zone xxx.in-addr.arpa/IN: refresh:
> skipping zone transfer as master 127.0.0.1#8054 (source 0.0.0
> .0#0) is unreachable (cached)
> 
> thing. Good idea, but stopping all zone transfers for 10 minutes from
> the only master just because it was unreachable for a few seconds is a
> bad idea.

Adjust lame-ttl.

> I have searched for a named.conf knob and have failed to find any.
> Closest I have found is serial-query-rate, which is not set in our
> environment and should default to 20.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list