weird transfer-source problems with one DNS node
Ian Veach
ian_veach at nshe.nevada.edu
Mon Jul 18 17:28:17 UTC 2016
Der, sorry. Machines are all RHEL 6.8, running the BIND provided by RH:
9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
Restarting BIND (or even the OS) doesn't seem to change anything. I don't
seem to have scan as an option for rndc. I assume it's in a newer version
that RH doesn't yet provide for RHEL 6.
Logs are confusing. I tailed the general log and xfer log, while running
tcpdump.
The xfer log and general log indicate that the CORRECT address is being
used:
18-Jul-2016 10:13:18.120 general: zone
153.10.10.IN-ADDR.ARPA/IN/internal-in: Transfer started.
18-Jul-2016 10:13:18.121 transfer of
'153.10.10.IN-ADDR.ARPA/IN/internal-in' from 10.10.153.225#53: connected
using 10.10.205.230#46673
However, I also ran tcpdump during that time (tcpdump -n host
10.10.153.225):
10:13:18.121138 IP 10.10.205.240.46673 > 10.10.153.225.domain: Flags [S],
seq 1847532073, win 14600, options [mss 1460,sackOK,TS val 255805503 ecr
0,nop ,wscale 7], length 0
10:13:18.121911 IP 10.10.153.225.domain > 10.10.205.240.46673: Flags [S.],
seq 1696697219, ack 1847532074, win 8192, options [mss 1380,nop,wscale
8,sack OK,TS val 329780493 ecr 255805503,nop,Unknown Option
1403], length 0
10:13:18.121937 IP 10.10.205.240.46673 > 10.10.153.225.domain: Flags [.],
ack 1, win 115, options [nop,nop,TS val 255805503 ecr 329780493], length 0
[me at foo:/var/named/log]# host foo
foo.scsr.nevada.edu has address 10.10.205.240
[me at foo:/var/named/log]# host foo-xfer
foo-xfer.scsr.nevada.edu has address 10.10.205.230
So unless I'm crazy (possible, regardless)... named is reporting using 230,
but OS is showing 240 (and remote host logs confirm 240)!?
Thanks!!
cheers and thanks,
Ian Veach, Senior Systems Analyst
System Computing Services, Nevada System of Higher Education
On Mon, Jul 18, 2016 at 9:28 AM, Tony Finch <dot at dotat.at> wrote:
> Ian Veach <ian_veach at nshe.nevada.edu> wrote:
> >
> > So, any ideas on why I would see that slave initiate transfers on it's OS
> > IP versus the transfer-source IP... especially when the other three work
> > fine?
>
> What does the log say about interface addresses? Which version of BIND are
> you running? Has the xfer interface been reconfigured on the problematic
> host? Does `rndc scan` or restarting named help?
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h
> punycode
> Biscay: East 3 or 4, becoming cyclonic 4 or 5. Slight or moderate. Showers
> later. Good, occasionally moderate.
>
--
PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and
responses, unless otherwise made confidential by law, may be subject to the
Nevada Public Records laws and may be disclosed to the public upon request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160718/937fd2ae/attachment-0001.html>
More information about the bind-users
mailing list