Unable to completely transfer root zone
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Feb 14 12:19:27 UTC 2020
On 14.02.20 09:32, von Dein, Thomas wrote:
>As reported we were unable to transfer the root zone for 1 week, then the
> expire time was over and we had an outage.
unfortunately this happens when you decide to mirror root zone and it fails.
you should use more primary servers when possible and change root zone type from secondary
to hint if it fails.
Note that rarely someone needs to have local copy of the root zone.
> Now we've seen in the logs
> many many log entries as the following on slave nameservers during that
> week when our local copy were still valid but the transfer was failing:
>
>09-Jan-2020 16:24:23.361 edns-disabled: success resolving
> 'some-random-hostname.some-domain.de/A' (in '.'?) after reducing the
> advertised EDNS UDP packet size to 512 octets
>
>Besides the EDNS problem: it says (in '.'?). What does this mean?
don't you have any problem with "intelligent" firewall on your side?
If you use cisco routers, ask network admins to disable any DNS "fixup"
functionality, because that usually causes problems.
>The setup is like this:
>
>Proxy dmz with local forwarding bind => internet bind => internet
why not client => bind => internet?
one bind is superflous there, isdn't it?
>The error above occurred on the forwarding bind in the proxy dmz.
so the problem firewall is between "forwarding bind" and
"internet bind"
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
More information about the bind-users
mailing list