failed NT4 zone transfers

Kimberly O'Brien/OTT/OTI Kimberly_O'Brien at oti.com
Sat Nov 17 00:55:59 UTC 2001 

Barry Margolin <barmar at genuity.net>
Sent by: bind-users-bounce at isc.org
11/16/01 04:35 PM

 
        To:     comp-protocols-dns-bind at moderators.isc.org
        cc: 
        Subject:        Re: failed NT4 zone transfers

In article <9t3vn4$qqr at pub3.rc.vix.com>, Danny Mayer  <mayer at gis.net> 
wrote:
>
>At 10:52 AM 11/16/01, Barry Margolin wrote:
>>In article <9t25fc$bnv at pub3.rc.vix.com>, Danny Mayer  <mayer at gis.net> 
wrote:
>> >
>> >At 06:23 PM 11/15/01, Kimberly O'Brien/OTT/OTI wrote:
>> >>15-Nov-2001 17:51:14.000 xfer-in: Err/TO getting serial# for 
"vame.net"
>> >>15-Nov-2001 18:10:14.000 xfer-in: Err/TO getting serial# for 
"vame.net"
>> >>
>> >>In addition, here's the zone file from the master:
>> >>
>> >>$ORIGIN vame.net.
>> >>$TTL    24h
>> >>@       24h IN SOA      bapa.oti.com. infott.oti.com. (
>> >>                         2000102501      ;Serial
>> >>                         3h              ;Refresh
>> >>                         1h              ;Retry
>> >>                         7d              ;Expire
>> >>                         3h )            ;NXDOMAIN cache TTL
>> >>
>> >>                 IN NS   bapa.oti.com.
>> >>                 IN NS   mumu.oti.com.
>> >>
>> >>vame.net.        IN MX            10 www.oti.com.
>> >>www                IN CNAME  www.oti.com.
>> >
>> >The serial number is too big.  There are 3 0's in the 'year'. This 
makes
>> >the serial
>> >number need more than 32 bits which is invalid.
>>
>>No it isn't.  32 bits allows serial numbers up to 4294967295, i.e. up to 
a
>>10-digit number starting with 0-4.  That serial number is exactly 10 
digits
>>long.  The year in it is 2000 (the 1 is the beginning of the month 10).
>
>Right. I sent out a correction this morning.  In fact this problem is 
>likely to be
>that they got the 'year' incorrect and typed 2000 when they meant 2001.
>The slave probably now has a larger serial number than the master.

But that's not the error message that's logged when that happens.  In that
case the log message would be:

Zone "vame.net" (IN) SOA serial# (2000102501) rcvd from [<ip address>] is 
< ours (<serial#>)

"Err/TO getting serial#" means that it didn't get any response at all to
the SOA query ("Err/TO" is short for "Error or timeout").


**********************

That helped immensely. ATT has now fixed the packet filtering on the 
router. :-)

I'm not getting the timeout anymore, now I get this:

16-Nov-2001 17:11:54.000 load: db_load could not open: vame.db: Errcode: 
2: Errcode: 2: Errcode: 2: E

Interestingly enough, having all the router traffic syslogged now, I can 
see udp 53 messages from the NT to Linux box but no tcp messages. Aren't 
zone transfers supposed to happen on tcp 53?

Kimberly

More information about the bind-users mailing list