ISC Bind as secondary to Windows Server: bad bitmap error on named xfer.

Stoffel, John (TAI) John.Stoffel at toshiba.com
Tue May 11 20:24:02 UTC 2021 

Hi,
I'm setting up an ISC Bind 9.11.20-RedHat-9.11.20-5  on a CentOS 8.3.2011 server and I'm running into a problem transferring a domain from our primary to this new secondary.  The primary is a Windows Server 2012R2 system.  I have 300+ domains setup and most of them are working just fine, and I can see the data for them in /var/named/secondary/<zone> files.

But my main domain isn't transferring, I keep getting the following:

May 11 20:06:42 foo-dns-p03 named[71418]: zone foo.com/IN: Transfer started.
May 11 20:06:42 foo-dns-p03 named[71418]: transfer of 'foo.com/IN' from xxx.xxx.xxx.xxx#53: connected using yyy.yyy.yyy.yyy#39861
May 11 20:06:43 foo-dns-p03 named[71418]: transfer of 'foo.com/IN' from xxx.xxx.xxx.xxx#53: failed while receiving responses: bad bitmap
May 11 20:06:43 foo-dns-p03 named[71418]: transfer of 'foo.com/IN' from xxx.xxx.xxx.xxx#53: Transfer status: bad bitmap
May 11 20:06:43 foo-dns-p03 named[71418]: transfer of 'foo.com/IN' from xxx.xxx.xxx.xxx#53: Transfer completed: 19 messages, 2518 records, 309684 bytes, 0.355 secs (872349 bytes/sec)

Which really implies to me that we have some issues on the source Windows DNS server, but it's not easy to find.  Is there anyway I can relax named to access this domain transfer, even with a bad bitmap?   Or is there a good way to bump up the logging so I can find out which record(s) are causing the problem so I can maybe fix them on the source?

None of my googling has given me any hints on what this error could be.    My config looks like this:

options {
  listen-on port 53 { any; };
  listen-on-v6 port 53 { ::1; };
  directory   "/var/named";
  dump-file   "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  allow-query     { any; };

  recursion no;

  rrset-order { order random; };

  dnssec-enable False;
  dnssec-validation False;

  /* Path to ISC DLV key */
  bindkeys-file "/etc/named.iscdlv.key";

  managed-keys-directory "/var/named/dynamic";

  pid-file "/run/named/named.pid";
  session-keyfile "/run/named/session.key";
};


logging {
  channel default_debug {
    file "data/named.run";
    severity dynamic;
    print-time yes;
  };
};

zone "foo.com" IN {
   type slave;
   masters { xxx.xxx.xxx.xxx; } ;
};

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210511/58f0aa04/attachment.htm>

More information about the bind-users mailing list