Zones-unable-update

Fajar A. Nugraha fajar at fajar.net
Mon Jan 6 06:23:08 UTC 2020 

On Thu, Jan 2, 2020 at 7:58 PM MEjaz <mejaz at cyberia.net.sa> wrote:
>
> Hello all.
>
> My setup which has one primary and slave server was working fine since years.
>
> All of sudden I started  getting the  problem of zones updates on slaves. Which are not happening on time. it takes two hours to take the updates.
>
>
>
> Below logs for the reference, when I do required changes on masters, the slave getting notified but without transferring the updated zone.
>
>
>
> Jan  2 09:17:50 ns2 named[25563]: zone kalam.com.sa/IN: notify from 212.119.92.5#34424: serial 2019434243
>
> Jan  2 09:24:45 ns2 named[25563]: zone kalam.com.sa/IN: notify from 212.119.92.5#54651: serial 2019434245: refresh in progress, refresh check queued
>
> Jan  2 11:12:53 ns2 named[25563]: zone kalam.com.sa/IN: Transfer started.
>
> Jan  2 11:12:53 ns2 named[25563]: zone kalam.com.sa/IN: transferred serial 2019434245


Are you cutting out some logs?
If yes, please include all logs for the zone (kalam.com.sa) and the
master (212.119.92.5)

>
> Therefore, I wanted to know. How to force secondary/slave Name server to update/refresh dns zones from primary DNS server? Just I  want a slave name server to initiate a zone transfer immediately


>From https://kb.isc.org/docs/aa-00726:

notify from 192.0.2.1#62160: refresh in progress, refresh check queued

A notify was received, but the zone being notified was already in the
process of being refreshed or is waiting to be refreshed, so the check
is queued and will be processed later.


You can try:
- check your logs for what previously triggered the refresh process
(another notify?), and when did it happen
- check your logs on WHY the previous transfer took a long time (and
check what the log means on the KB). e.g does it show "connection
reset"? something else?
- are there lots of other slaves or zones currently transferring data
from the master at the same time?
- test whether you can manually request all records. Something like
running this on the slave: "dig kalam.com.sa @ns1.cyberia.net.sa axfr"

Some possible problems which comes to mind:
- there's something in the middle (e.g. IPS) that's sending TCP
resets, that might cause your transfers to fail
- TCP MTU or similar problems

-- 
Fajar

More information about the bind-users mailing list