BIND 9.9.0 Inline-Signing Out of Control

Mon Mar 5 14:16:42 UTC 2012

On 05.03.12 07:46, David Kreindler wrote:
>We thought of two other differences between this zone and the others:
>
>1. this zone has NS records with servers that are in the zone itself, and
>2. our global "also-notify" option contain IP addresses that resolve to host names in this zone.
>
>Could the problem be the result of the servers notifying each other?

This should not cause a problem, unless they would change the SOA each 
time.

As far as I understand your loks and Mark's reply, it's the same 
version of a zone, but the server is incrementally signing the zone, 
and after signong a bunch of names, it gets IXFRed to slaves.

>On 2 Mar 2012, at 5:13 PM, David Kreindler wrote:
>> 	Mar  2 14:33:15 ns0 named[806928]: zone pesky.zone/IN (signed): loaded serial 2012030200
>> 	Mar  2 14:33:15 ns0 daemon:err|error named[806928]: zone pesky.zone/IN (signed): receive_secure_serial: unchanged
>> 	Mar  2 14:33:15 ns0 named[806928]: zone pesky.zone/IN (signed): reconfiguring zone keys
>> 	Mar  2 14:33:16 ns0 named[806928]: zone pesky.zone/IN (signed): next key event: 02-Mar-2012 15:33:15.740
>> 	Mar  2 14:33:16 ns0 named[806928]: client [ns3]#42941/key ns0-ns3 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR started: TSIG ns0-ns3
>> 	Mar  2 14:33:17 ns0 named[806928]: client [ns4]#48695/key ns0-ns4 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR started: TSIG ns0-ns4
>> 	Mar  2 14:33:17 ns0 named[806928]: client [ns2]#52228/key ns0-ns2 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR started: TSIG ns0-ns2
>> 	Mar  2 14:33:17 ns0 named[806928]: client [ns3]#42941/key ns0-ns3 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR ended
>> 	Mar  2 14:33:17 ns0 named[806928]: client [ns1]#51606/key ns0-ns1 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR started: TSIG ns0-ns1
>> 	Mar  2 14:33:18 ns0 named[806928]: client [ns4]#48695/key ns0-ns4 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR ended
>> 	Mar  2 14:33:18 ns0 named[806928]: client [ns2]#52228/key ns0-ns2 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR ended
>> 	Mar  2 14:33:18 ns0 named[806928]: client [ns1]#51606/key ns0-ns1 (pesky.zone): transfer of 'pesky.zone/IN': AXFR-style IXFR ended
>> 	Mar  2 14:33:21 ns0 named[806928]: client [ns3]#42944/key ns0-ns3 (pesky.zone): transfer of 'pesky.zone/IN': IXFR started: TSIG ns0-ns3
>> 	Mar  2 14:33:21 ns0 named[806928]: client [ns3]#42944/key ns0-ns3 (pesky.zone): transfer of 'pesky.zone/IN': IXFR ended
>> 	Mar  2 14:33:21 ns0 named[806928]: client [ns2]#52229/key ns0-ns2 (pesky.zone): transfer of 'pesky.zone/IN': IXFR started: TSIG ns0-ns2
>> 	Mar  2 14:33:21 ns0 named[806928]: client [ns4]#48700/key ns0-ns4 (pesky.zone): transfer of 'pesky.zone/IN': IXFR started: TSIG ns0-ns4
>> 	Mar  2 14:33:21 ns0 named[806928]: client [ns1]#51607/key ns0-ns1 (pesky.zone): transfer of 'pesky.zone/IN': IXFR started: TSIG ns0-ns1
>> 	Mar  2 14:33:22 ns0 named[806928]: client [ns2]#52229/key ns0-ns2 (pesky.zone): transfer of 'pesky.zone/IN': IXFR ended
>> 	Mar  2 14:33:22 ns0 named[806928]: client [ns4]#48700/key ns0-ns4 (pesky.zone): transfer of 'pesky.zone/IN': IXFR ended
>> 	Mar  2 14:33:22 ns0 named[806928]: client [ns1]#51607/key ns0-ns1 (pesky.zone): transfer of 'pesky.zone/IN': IXFR ended

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !