failed NT4 zone transfers
Kimberly O'Brien/OTT/OTI
Kimberly_O'Brien at oti.com
Sat Nov 17 00:55:59 UTC 2001
Barry Margolin <barmar at genuity.net>
Sent by: bind-users-bounce at isc.org
11/16/01 04:35 PM
To: comp-protocols-dns-bind at moderators.isc.org
cc:
Subject: Re: failed NT4 zone transfers
In article <9t3vn4$qqr at pub3.rc.vix.com>, Danny Mayer <mayer at gis.net>
wrote:
>
>At 10:52 AM 11/16/01, Barry Margolin wrote:
>>In article <9t25fc$bnv at pub3.rc.vix.com>, Danny Mayer <mayer at gis.net>
wrote:
>> >
>> >At 06:23 PM 11/15/01, Kimberly O'Brien/OTT/OTI wrote:
>> >>15-Nov-2001 17:51:14.000 xfer-in: Err/TO getting serial# for
"vame.net"
>> >>15-Nov-2001 18:10:14.000 xfer-in: Err/TO getting serial# for
"vame.net"
>> >>
>> >>In addition, here's the zone file from the master:
>> >>
>> >>$ORIGIN vame.net.
>> >>$TTL 24h
>> >>@ 24h IN SOA bapa.oti.com. infott.oti.com. (
>> >> 2000102501 ;Serial
>> >> 3h ;Refresh
>> >> 1h ;Retry
>> >> 7d ;Expire
>> >> 3h ) ;NXDOMAIN cache TTL
>> >>
>> >> IN NS bapa.oti.com.
>> >> IN NS mumu.oti.com.
>> >>
>> >>vame.net. IN MX 10 www.oti.com.
>> >>www IN CNAME www.oti.com.
>> >
>> >The serial number is too big. There are 3 0's in the 'year'. This
makes
>> >the serial
>> >number need more than 32 bits which is invalid.
>>
>>No it isn't. 32 bits allows serial numbers up to 4294967295, i.e. up to
a
>>10-digit number starting with 0-4. That serial number is exactly 10
digits
>>long. The year in it is 2000 (the 1 is the beginning of the month 10).
>
>Right. I sent out a correction this morning. In fact this problem is
>likely to be
>that they got the 'year' incorrect and typed 2000 when they meant 2001.
>The slave probably now has a larger serial number than the master.
But that's not the error message that's logged when that happens. In that
case the log message would be:
Zone "vame.net" (IN) SOA serial# (2000102501) rcvd from [<ip address>] is
< ours (<serial#>)
"Err/TO getting serial#" means that it didn't get any response at all to
the SOA query ("Err/TO" is short for "Error or timeout").
**********************
That helped immensely. ATT has now fixed the packet filtering on the
router. :-)
I'm not getting the timeout anymore, now I get this:
16-Nov-2001 17:11:54.000 load: db_load could not open: vame.db: Errcode:
2: Errcode: 2: Errcode: 2: E
Interestingly enough, having all the router traffic syslogged now, I can
see udp 53 messages from the NT to Linux box but no tcp messages. Aren't
zone transfers supposed to happen on tcp 53?
Kimberly
More information about the bind-users
mailing list