AW: Unable to completely transfer root zone
von Dein, Thomas
Thomas.vonDein at f-i-ts.de
Fri Feb 14 09:32:04 UTC 2020
I've got one follow-up question:
As reported we were unable to transfer the root zone for 1 week, then the expire time was over and we had an outage. Now we've seen in the logs many many log entries as the following on slave nameservers during that week when our local copy were still valid but the transfer was failing:
09-Jan-2020 16:24:23.361 edns-disabled: success resolving 'some-random-hostname.some-domain.de/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
Besides the EDNS problem: it says (in '.'?). What does this mean?
The setup is like this:
Proxy dmz with local forwarding bind => internet bind => internet
The error above occurred on the forwarding bind in the proxy dmz.
best regards,
Tom
-----Ursprüngliche Nachricht-----
Von: von Dein, Thomas
Gesendet: Dienstag, 11. Februar 2020 14:45
An: 'Tony Finch' <dot at dotat.at>; Warren Kumari <warren at kumari.net>
Cc: bind-users at lists.isc.org
Betreff: AW: Unable to completely transfer root zone
Hi,
> So maybe try setting `request-ixfr no;` and see if that improves matters.
Nope, didn't change anything. Also, I was wrong when I stated that dig works, it does not. It transfers only a part of the zone as well.
However, in the meantime we found, that some component drops packets. I implemented my own "root nameserver" and lots of packets sent out from it are not arriving here.
So, not bind9's fault.
Thanks a lot for your help anyway people!
best,
Tom
More information about the bind-users
mailing list