[Q] secondaries, SOA checks, logging

Mark_Andrews at iengines.com Mark_Andrews at iengines.com
Thu Nov 25 02:55:02 UTC 1999

> I have a script that checks bind's logfiles (I have one logfile for each
> channel, works fine) for failed AXFRs/uptodate checks for zones that we are
> secondary.
> We're using bind-8.2.2-P5.
> bind is reloaded 3 times a day (03:50, 11:50, 15:50)
> We have a zone that is a hidden primary (dialup customer).
> SOA says:
>      (
>      1998082000      ; serial
>      8H              ; refresh
>      30M             ; retry
>      1w3d            ; expiry
>      1D )            ; minimum
> as expected I see
>     xfer-in: info: Err/TO getting serial# for "example.com"
> every 30 minutes, except for the times, when the customers DNS server
> is online. In my script I'd like to add special processing, if there
> had been successful AXFRs/checks for that kind of domains within the
> last 12 hours or so and remove them from the error section of the
> output.

	The better solution is if the customer has a recent enough
	release to mark the zone as dialup on *both* the master and
	your server.  This will cause the master to send gratitious
	NOTIFY messages periodically, bringing up the line.  It will
	also suppress the check from you end, you will only check in
	response to a NOTIFY, when the line should be up.

> Currently I cannot get any information about successful *checks*
> from the logfiles. On other servers (internal "caching" bind, with only
> three or five secondary zone, that are not "reloaded" frequently) I see
> messages like
>    default: info: qserial_answer: Zone "example.com" serial is still OK
> Whilst I have a lot of other "default: info:" messages in my logfiles
> I can't see the qserial_answer messages in the logfiles of our
> "official" servers. The logging statements on both types of servers
> are identical (except for filenames).

	The best way I found to check whether zones checks are succeeding
	is to look at the modify times for the cached zone files.  I used
	to only report those that were not modified in the last 2 days. I
	ran the check twice daily.

> Any ideas why I don't get those "still OK" message or another easy solution
> around the problem?

	The algorithm for checking multiple masters changed. It no longer
	stops checking on up to date but continues to check the other masters
	to see if they have a newer version.
> While trying to investigate this problem I also looked at the source of
> named-xfer. If the connect() to the remote host fails, "error" is set
> and at the end of the loop "XFER_FAIL" is returned.
> In named/ns_maint.c however there is and error message logging
>     "zoneref: Masters for secondary zone \"%s\" unreachable"
> Wouldn't it be nice to have that error output on connect() failure, too?
> And one more question: is there an easy way to trick bind into not
> adding the "-q" switch to named-xfer without modifying the source?

> Thanks,
> 	\Maex
> P.S. Many thanks to all the people on the list that patiently answer all
>      the questions, even those coming over and over again. You're doing
>      a great job and I have learned at lot over the past months by simply
>      lurking on the list and reading your answers. Thanks!
> -- 
> SpaceNet GmbH             |   http://www.Space.Net/   | Yeah, yo mama dresses
> Research & Development    | mailto:maex-sig at Space.Net | you funny and you nee
> d
> Joseph-Dollinger-Bogen 14 |  Tel: +49 (89) 32356-0    | a mouse to delete fil
> es
> D-80807 Muenchen          |  Fax: +49 (89) 32356-299  |
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com

More information about the bind-users mailing list