SOA/NS Question

Kevin Oberman oberman at es.net
Fri Sep 17 17:09:02 UTC 1999 

Jim Reid <jim at mpn.cp.philips.com> writes:

> >>>>> "Barry" == Barry Finkel <b19141 at achilles.ctd.anl.gov> writes:
> 
>     Barry> We have NOT listed dns0 in a NS record, as we do not want
>     Barry> machines to query that name server.  The SOA record points
>     Barry> to dns1, as that is the "primary" dns server we want
>     Barry> machines to be querying.  Our off-site secondaries are
>     Barry> generating error messages stating that dns1 is really not
>     Barry> the SOA.
> 
> What a strange thing to complain about. NS records have nothing to do
> with the zone's SOA record. So saying "dns1 is really not the SOA" is
> self-evident. It's as fatuous as saying "an A record is not the same
> thing as a PTR record". Presumably the error messages are actually
> about something else: like dns1 is not the master server for the
> domain. [Please note that this sort of confusion is why posters to
> this list should supply the *actual* messages from the error logs: not
> a paraphrased or garbled misinterpretation of them.]

I'm slightly embarrassed. I was mis-interpreting the messages.

The problem is that NOTIFY requests come from dns0 which is not
listed as the master for the zone. Secondaries receive the NOTIFY and
complain that they are getting NOTIFY messages from a system that is not 
master for the zone.

Barry could not include actual error log messages since he does not
have access to the secondary system. (Due to Floyd, neither did I.)

The [slightly sanitized] message is:
Sep 15 15:33:28 ns2 named[224]: NOTIFY from non-master server (zone
xxx.anl.gov), from [xxx.yyy.z.a].32772

I now realize that the reason for this is NOT the SOA record, but
that the slave did not have dns0 in the list of masters for the
domain.

So the answer is to convert all slaves to use dns0 as master and that
will fix the NOTIFY problem. Dynamic update is another story, however.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest Orlando Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net				Phone: +1 510 486-8634

More information about the bind-users mailing list