refresh: failure, after setting up new bind bind-9.2.0 server

Barry Margolin barmar at genuity.net
Wed Mar 27 21:23:00 UTC 2002


In article <a7tabd$kbi at pub3.rc.vix.com>,
Brett A. Hansen <brett at annis.com> wrote:
>tcpdump:
>-------------
>13:35:34.635569 secure3.annis.com.47721 >
>ip-216.168.47.colo.forest.net.domain:  60620 SOA? smartshopping.org. (35)
>(DF)
>13:35:35.145460 secure3.annis.com.47721 >
>ip-216.168.47.colo.forest.net.domain:  47894 SOA? dmainteractive.org. (36)
>(DF)
>13:35:35.535558 secure3.annis.com.47721 >
>ip-216.168.47.colo.forest.net.domain:  23947 SOA? orchidcafe.com. (32) (DF)
>13:35:36.145492 secure3.annis.com.47721 >
>ip-216.168.47.colo.forest.net.domain:  38879 SOA? buyland.com. (29) (DF)
>13:35:36.655511 secure3.annis.com.47721 >
>ip-216.168.47.colo.forest.net.domain:  58821 SOA? copycopycenter.com. (36)
>(DF)
>13:35:37.075528 secure3.annis.com.47721 >
>ip-216.168.47.colo.forest.net.domain:  62152 SOA? goodsite.org. (30) (DF)
>-------------------------
>
>Could the 'SOA?' message mean that the bind server is confused since reverse
>DNS isn't obviously setup to reflect that the IP is in the annis.com domain?
>Could I fix this problem if I have our ISP enter our IP information for
>reverse lookup?  If this is not the issue then I'm clueless and could use
>some help.

The '?' character indicates that it's a DNS query rather than a reply.  The
slave server is sending a query using UDP to the master, asking for the SOA
records of each domain.  The serial number in the SOA record is used to
determine if a new zone transfer needs to be done.

Since you're able to do the initial zone transfers when the slave server is
empty, your firewall obviously allows TCP connections from the slave to the
master.  But it looks like something is blocking UDP.  Are you absolutely,
positively sure that your firewall allows *both* TCP and UDP in both
directions between the slave and master?

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list