ixfr (?) problems in 8.3.4

Someone Somewhere spam at txrx.org
Wed Dec 3 15:04:02 UTC 2003


Barry Finkel wrote:

> 
> Please post your config file.  And don't change anything in the posting.
> I doubt that you are using the abc.com zone.

Indeed I'm not using abc.com, but it is a 3 letter .com zone we're 
talking about. Below is the config file from the master, with the only 
change being  a regexp to replace the 3 letters of the domain name. 
Following that is a config from one of the 5 slaves, again the only 
change being the regexp on the name.

Amongst the other zones below there are 3 complete AD environments 
listed- ds.abc.com - the production AD env, testad.abc.om, the 
engineering test AD env, and adroot.adc.com, the production test AD env.

/******************************************
* Master config 8.3.4
******************************************/
options {
     directory "/named/etc";
     recursion yes;
     statistics-file "/var/dnslogs/named.stats";
     statistics-interval 60;
     cleaning-interval 180;
     use-ixfr yes;
     maintain-ixfr-base yes;
     max-ixfr-log-size 100M;
     transfers-per-ns 50;
};
server 10.1.112.102 {
         transfer-format many-answers;
         support-ixfr yes;
};
server 10.1.112.103 {
         transfer-format many-answers;
         support-ixfr yes;
};
server 10.1.112.104 {
         transfer-format many-answers;
         support-ixfr yes;
};
server 10.90.40.106 {
         transfer-format many-answers;
         support-ixfr yes;
};
server 10.90.40.105 {
         transfer-format many-answers;
         support-ixfr yes;
};
controls {
         unix "/opt/named/etc/ndc.d/ndc" perm 0660 owner 0 group 3;
};
logging {
         channel default.log {
                 file "/var/dnslogs/default" versions 5 size 10M;
                 print-time      yes;
         };
         channel stat {
                 file "/var/dnslogs/dns_stats" versions 5 size 1M;
                 print-time      yes;
         };
         channel queries {
                 file "/var/dnslogs/queries" versions 1 size 10M;
                 print-time      yes;
         };
         channel security  {
                 file "/var/dnslogs/security" versions 5 size 10M;
                 print-time      yes;
         };
         channel zonem.log  {
                 file "/var/dnslogs/zonem" versions 5 size 10M;
                 print-time      yes;
                 print-category yes;
         };
         channel update {
                 file "/var/dnslogs/update" versions 5 size 10M;
                 print-time      yes;
                 print-category yes;
         };
         channel db {
                 print-time      yes;
                 print-category yes;
                 file "/var/dnslogs/db" versions 5 size 10M;
         };
         channel events {
                 file "/var/dnslogs/events" versions 5 size 10M;
         };
         channel consist {
                 file "/var/dnslogs/consist" versions 5 size 10M;
         };
         category default { default.log; };
         category xfer-in { zonem.log; };
         category xfer-out { zonem.log; };
         category notify { zonem.log; };
         category load { zonem.log; };
         category security { security; };
         category response-checks { security; };
	category statistics { stat; };
         category queries { queries; };
	category update { update; };
         category lame-servers { null; };
         category cname { null; };
         category db { db; };
         category eventlib { events; };
         category insist { consist; };

};
acl "abc-ad-dc" { 10.0.0.0/8; };
acl "abc-dns" { 10.7.136.101/32; 10.1.112.102/32; 10.7.136.103/32; 
10.1.112.104/32; 10.90.40.105/32; 10.90.40.106/32; };
zone "adroot.abc.com" {
	type master;
	file "manual/db.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "adacct.adroot.abc.com" {
	type master;
	file "manual/db.adacct.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "forestdnszones.adroot.abc.com" {
	type master;
	file "manual/db.forestdnszones.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "domaindnszones.adroot.abc.com" {
	type master;
	file "manual/db.domaindnszones.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "domaindnszones.adacct.adroot.abc.com" {
	type master;
	file "manual/db.domaindnszones.adacct.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_udp.ds.abc.com" {
	type master;
	file "manual/db._udp.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_tcp.ds.abc.com" {
	type master;
	file "manual/db._tcp.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_sites.ds.abc.com" {
	type master;
	file "manual/db._sites.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_msdcs.ds.abc.com" {
	type master;
	file "manual/db._msdcs.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "domaindnszones.ds.abc.com" {
	type master;
	file "manual/db.domaindnszones.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "forestdnszones.ds.abc.com" {
	type master;
	file "manual/db.forestdnszones.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_udp.ms.ds.abc.com" {
	type master;
	file "manual/db._udp.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_tcp.ms.ds.abc.com" {
	type master;
	file "manual/db._tcp.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_sites.ms.ds.abc.com" {
	type master;
	file "manual/db._sites.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_msdcs.ms.ds.abc.com" {
	type master;
	file "manual/db._msdcs.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "domaindnszones.ms.ds.abc.com" {
	type master;
	file "manual/db.domaindnszones.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_udp.testad.abc.com" {
	type master;
	file "manual/db._udp.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_tcp.testad.abc.com" {
	type master;
	file "manual/db._tcp.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_sites.testad.abc.com" {
	type master;
	file "manual/db._sites.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_msdcs.testad.abc.com" {
	type master;
	file "manual/db._msdcs.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "domaindnszones.testad.abc.com" {
	type master;
	file "manual/db.domaindnszones.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "forestdnszones.testad.abc.com" {
	type master;
	file "manual/db.forestdnszones.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_udp.testacct.testad.abc.com" {
	type master;
	file "manual/db._udp.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_tcp.testacct.testad.abc.com" {
	type master;
	file "manual/db._tcp.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_sites.testacct.testad.abc.com" {
	type master;
	file "manual/db._sites.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "_msdcs.testacct.testad.abc.com" {
	type master;
	file "manual/db._msdcs.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};
zone "domaindnszones.testacct.testad.abc.com" {
	type master;
	file "manual/db.domaindnszones.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	allow-update { abc-ad-dc; };
	allow-transfer { abc-dns; abc-ad-dc; };
         notify yes;
};

zone "." in {
	type hint;
	file "db.cache";
};

zone "0.0.127.in-addr.arpa" in {
	type master;
	file "db.127.0.0";
};

zone "10.in-addr.arpa" in {
	type master;
	file "db.10";
	check-names ignore;
	allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "ds.abc.com" in {
	type master;
	file "db.ds.abc.com";
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "forums.abc.com" in {
	type master;
	file "db.forums.abc.com";
	check-names ignore;
	allow-update { 
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255; 
};
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "ms.ds.abc.com" in {
	type master;
	file "db.ms.ds.abc.com";
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "myabc.abc.com" in {
	type master;
	file "db.myabc.abc.com";
	check-names ignore;
	allow-update { 
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255; 
};
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "card.abc.com" in {
	type master;
	file "db.card.abc.com";
	check-names ignore;
	allow-update { 
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255; 
};
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "testacct.testad.abc.com" in {
	type master;
	file "db.testacct.testad.abc.com";
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "testad.abc.com" in {
	type master;
	file "db.testad.abc.com";
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "abc.com" in {
	type master;
	file "db.abc.com";
	check-names ignore;
	allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};




Below is the config from one of the 5 slaves. All the other slaves are 
identical.

/******************************************
* Slave config 8.3.4
******************************************/
options {
     directory "/opt/named/etc";
     host-statistics yes;
     statistics-file "/var/dnslogs/named.stats";
     statistics-interval 60;
     cleaning-interval 180;
     use-ixfr yes;
     notify no;
     transfers-per-ns 50;
     transfers-in 20;
};
server 10.7.136.101 {
      support-ixfr yes;
      transfer-format many-answers;
};

controls {
         unix "/opt/named/etc/ndc.d/ndc" perm 0660 owner 0 group 3;
};
acl "abc-ad-dc" { 10.0.0.0/8; };
acl "abc-dns" { 10.7.136.101/32; 10.1.112.102/32; 10.7.136.103/32; 
10.1.112.104/32; 10.90.40.105/32; 10.90.40.106/32; };
logging {
         channel default.log {
                 file "/var/dnslogs/default" versions 5 size 10M;
                 print-time      yes;
         };
         channel stat {
                 file "/var/dnslogs/dns_stats" versions 5 size 1M;
                 print-time      yes;
         };
         channel queries {
                 file "/var/dnslogs/queries" versions 1 size 10M;
                 print-time      yes;
         };
         channel security  {
                 file "/var/dnslogs/security" versions 5 size 10M;
                 print-time      yes;
         };
         channel zonem.log  {
                 file "/var/dnslogs/zonem" versions 5 size 10M;
                 print-time      yes;
         };
         category default { default.log; };
         category xfer-in { zonem.log; };
         category xfer-out { zonem.log; };
         category notify { zonem.log; };
         category load { zonem.log; };
         category security { security; };
         category response-checks { security; };
	category statistics { stat; };
         category queries { queries; };
	category update { null; };
         category lame-servers { null; };
         category cname { null; };
};
zone "adroot.abc.com" {
	type slave;
	file "sec_slv/db.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "adacct.adroot.abc.com" {
	type slave;
	file "sec_slv/db.adacct.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "forestdnszones.adroot.abc.com" {
	type slave;
	file "sec_slv/db.forestdnszones.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "domaindnszones.adroot.abc.com" {
	type slave;
	file "sec_slv/db.domaindnszones.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "domaindnszones.adacct.adroot.abc.com" {
	type slave;
	file "sec_slv/db.domaindnszones.adacct.adroot.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_udp.ds.abc.com" {
	type slave;
	file "sec_slv/db._udp.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_tcp.ds.abc.com" {
	type slave;
	file "sec_slv/db._tcp.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_sites.ds.abc.com" {
	type slave;
	file "sec_slv/db._sites.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_msdcs.ds.abc.com" {
	type slave;
	file "sec_slv/db._msdcs.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "domaindnszones.ds.abc.com" {
	type slave;
	file "sec_slv/db.domaindnszones.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "forestdnszones.ds.abc.com" {
	type slave;
	file "sec_slv/db.forestdnszones.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_udp.ms.ds.abc.com" {
	type slave;
	file "sec_slv/db._udp.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_tcp.ms.ds.abc.com" {
	type slave;
	file "sec_slv/db._tcp.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_sites.ms.ds.abc.com" {
	type slave;
	file "sec_slv/db._sites.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_msdcs.ms.ds.abc.com" {
	type slave;
	file "sec_slv/db._msdcs.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "domaindnszones.ms.ds.abc.com" {
	type slave;
	file "sec_slv/db.domaindnszones.ms.ds.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_udp.testad.abc.com" {
	type slave;
	file "sec_slv/db._udp.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_tcp.testad.abc.com" {
	type slave;
	file "sec_slv/db._tcp.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_sites.testad.abc.com" {
	type slave;
	file "sec_slv/db._sites.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_msdcs.testad.abc.com" {
	type slave;
	file "sec_slv/db._msdcs.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "domaindnszones.testad.abc.com" {
	type slave;
	file "sec_slv/db.domaindnszones.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "forestdnszones.testad.abc.com" {
	type slave;
	file "sec_slv/db.forestdnszones.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_udp.testacct.testad.abc.com" {
	type slave;
	file "sec_slv/db._udp.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_tcp.testacct.testad.abc.com" {
	type slave;
	file "sec_slv/db._tcp.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_sites.testacct.testad.abc.com" {
	type slave;
	file "sec_slv/db._sites.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "_msdcs.testacct.testad.abc.com" {
	type slave;
	file "sec_slv/db._msdcs.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};
zone "domaindnszones.testacct.testad.abc.com" {
	type slave;
	file "sec_slv/db.domaindnszones.testacct.testad.abc.com";
	check-names ignore;
	allow-query { any; };
	masters { 10.7.136.101; };
	notify no;
};

zone "." in {
	type hint;
	file "db.cache";
};

zone "0.0.127.in-addr.arpa" in {
	type master;
	file "db.127.0.0";
};

zone "10.in-addr.arpa" in {
	type slave;
	file "sec_slv/db.10";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};
zone "ds.abc.com" in {
	type slave;
	file "sec_slv/db.ds.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "forums.abc.com" in {
	type slave;
	file "sec_slv/db.health.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { 
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255; 
};
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "ms.ds.abc.com" in {
	type slave;
	file "sec_slv/db.ms.ds.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "myabc.abc.com" in {
	type slave;
	file "sec_slv/db.myabc.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { 
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255; 
};
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "card.abc.com" in {
	type slave;
	file "sec_slv/db.card.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { 
10.7.250.19;10.7.249.56;10.7.248.208;10.7.248.132;10.7.136.101;10.113.60.255; 
};
	allow-query { any; };
	allow-transfer { abc-dns; };
	notify yes;
};

zone "testacct.testad.abc.com" in {
	type slave;
	file "sec_slv/db.testacct.testad.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "testad.abc.com" in {
	type slave;
	file "sec_slv/db.testad.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { none; };
	allow-query { any; };
	allow-transfer { any; };
	notify yes;
};

zone "abc.com" in {
	type slave;
	file "sec_slv/db.abc.com";
	masters { 10.7.136.101; };
	check-names ignore;
	allow-update { 10.7.136.101;10.113.60.255;10.113.60.160; };
	allow-query { any; };
	allow-transfer { abc-dns; };
	max-transfer-time-in 120;
	notify yes;
};




More information about the bind-users mailing list