refresh: failure, after setting up new bind bind-9.2.0 server

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Mar 27 22:25:35 UTC 2002 

> Thank you for your help.
> 
> I have some information here that I hope someone can help me figure out.  I
> also have 9.2.0 running on our slave server full time now.
> 
> Here is tcpdump during the zone transfers on startup (after I deleted all
> the zone file on our slave server)
> -----------
> 13:34:31.607095 secure3.annis.com.39180 >
> ip-216.168.47.colo.forest.net.domain: P 1:3(2) ack 1 win 5840
> <nop,nop,timestamp 301892588 1132599574> (DF)
> 13:34:31.686259 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.39180: . ack 3 win 32120 <nop,nop,timestamp 1132599582
> 301892588> (DF)
> 13:34:31.686288 secure3.annis.com.39180 >
> ip-216.168.47.colo.forest.net.domain: P 3:37(34) ack 1 win 5840
> <nop,nop,timestamp 301892596 1132599582> (DF)
> 13:34:31.778620 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.39180: . ack 37 win 32120 <nop,nop,timestamp 1132599592
> 301892596> (DF)
> 13:34:57.728019 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.39158: F 843:843(0) ack 45 win 32120 <nop,nop,timestamp
> 1132602186 301892580> (DF)
> 13:34:57.728040 secure3.annis.com.39158 >
> ip-216.168.47.colo.forest.net.domain: . ack 844 win 6950 <nop,nop,timestamp
> 301895200 1132602186> (DF)
> 13:34:57.728855 ip-216.168.47.colo.forest.net.domain >
> secure3.annis.com.39161: P 1:652(651) ack 40 win 32120 <nop,nop,timestamp
> 1132602186 301892033> (DF)
> 13:34:57.728874 secure3.annis.com.39161 >
> ip-216.168.47.colo.forest.net.domain: . ack 652 win 6510 <nop,nop,timestamp
> 301895200 1132602186> (DF)
> ------------
> 
> 
> I'll post my error log messages and the corresponding tcpdump information
> for a sample of the zones.
> ----------
> Mar 27 13:35:49 secure3 named[6282]: zone smartshopping.org/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Mar 27 13:35:50 secure3 named[6282]: zone dmainteractive.org/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Mar 27 13:35:50 secure3 named[6282]: zone orchidcafe.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Mar 27 13:35:51 secure3 named[6282]: zone buyland.com/IN: refresh: failure
> trying master 216.168.47.158#53: timed out
> Mar 27 13:35:51 secure3 named[6282]: zone copycopycenter.com/IN: refresh:
> failure trying master 216.168.47.158#53: timed out
> Mar 27 13:35:52 secure3 named[6282]: zone goodsite.org/IN: refresh: failure
> trying master 216.168.47.158#53: timed out
> -------------
> tcpdump:
> -------------
> 13:35:34.635569 secure3.annis.com.47721 >
> ip-216.168.47.colo.forest.net.domain:  60620 SOA? smartshopping.org. (35)
> (DF)
> 13:35:35.145460 secure3.annis.com.47721 >
> ip-216.168.47.colo.forest.net.domain:  47894 SOA? dmainteractive.org. (36)
> (DF)
> 13:35:35.535558 secure3.annis.com.47721 >
> ip-216.168.47.colo.forest.net.domain:  23947 SOA? orchidcafe.com. (32) (DF)
> 13:35:36.145492 secure3.annis.com.47721 >
> ip-216.168.47.colo.forest.net.domain:  38879 SOA? buyland.com. (29) (DF)
> 13:35:36.655511 secure3.annis.com.47721 >
> ip-216.168.47.colo.forest.net.domain:  58821 SOA? copycopycenter.com. (36)
> (DF)
> 13:35:37.075528 secure3.annis.com.47721 >
> ip-216.168.47.colo.forest.net.domain:  62152 SOA? goodsite.org. (30) (DF)
> -------------------------
> 
> Could the 'SOA?' message mean that the bind server is confused since reverse
> DNS isn't obviously setup to reflect that the IP is in the annis.com domain?
> Could I fix this problem if I have our ISP enter our IP information for
> reverse lookup?  If this is not the issue then I'm clueless and could use
> some help.

	The SOA queries is how named works out if it needs to perform a
	zone transfer.  I don't see any answers to those queries here.

	Something is blocking the queries reaching the master or stopping
	the replies returning.

	Mark
> 
> Thank You!!!
> 
> -Brett
> 
> 
> "Barry Margolin" <barmar at genuity.net> wrote in message
> news:a7qo0q$64a at pub3.rc.vix.com...
> > In article <a7qgpf$52m at pub3.rc.vix.com>,
> > Brett A. Hansen <brett at annis.com> wrote:
> > >I do not have much experience using tcpdump, or other other types of
> > >sniffers (ethereal).  Could you point me in a good direction on what I'm
> > >looking out for?
> >
> > You want to look for packets from the slave to port 53 on the master, and
> > corresponding reply packets from the master to the slave.
> >
> > tcpdump host <slave> host <master> port 53
> >
> > --
> > Barry Margolin, barmar at genuity.net
> > Genuity, Woburn, MA
> > *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
> newsgroups.
> > Please DON'T copy followups to me -- I'll assume it wasn't posted to the
> group.
> >
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list