problems with serial

Mon Nov 10 18:56:43 UTC 2003

> Hello, since 3 weeks ago I'm having problems with one domain when I try to
> refresh it. About 50% of the dns servers I ask shows me the old domain's
> configuration with a bad dns serial
> 
> Here's the old configuration when I ask to an external dns server, it shows
> a bad serial number (2851143838      ; serial)
> 
> dig @ineco.nic.es adam.es any 2>&1
> 
> ; <<>> DiG 8.2 <<>> @ineco.nic.es adam.es any
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 4
> ;; QUERY SECTION:
> ;;      adam.es, type = ANY, class = IN
> 
> ;; ANSWER SECTION:
> adam.es.                1D IN SOA       dns1.adam.es. root.dns1.adam.es. (
>                                         2851143838      ; serial
>                                         1D              ; refresh
>                                         2H              ; retry
>                                         4w2d            ; expiry
>                                         2D )            ; minimum
> 
> adam.es.                1D IN MX        10 adam-av2.adam.es.
> adam.es.                1D IN A         195.219.118.16
> adam.es.                1D IN NS        dns1.adam.es.
> adam.es.                1D IN NS        dns2.adam.es.
> adam.es.                1D IN NS        ineco.nic.es.
> 
> ;; ADDITIONAL SECTION:
> adam-av2.adam.es.       1D IN A         212.36.64.29
> dns1.adam.es.           1D IN A         195.219.118.16
> dns2.adam.es.           1D IN A         195.219.118.17
> ineco.nic.es.           1D IN A         194.69.254.2
> 
> ;; Total query time: 15 msec
> ;; FROM: dns1.adam.es to SERVER: ineco.nic.es  194.69.254.2
> ;; WHEN: Mon Nov 10 16:07:27 2003
> ;; MSG SIZE  sent: 25  rcvd: 233
> 
> 
> 
> 
> the rest of servers shows me the correct configuration
> 
> thats the correct configuration
> 
> 
> dig @dns1.adam.es adam.es any 2>&1
> 
> ; <<>> DiG 8.2 <<>> @dns1.adam.es adam.es any
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 3, ADDITIONAL: 4
> ;; QUERY SECTION:
> ;;      adam.es, type = ANY, class = IN
> 
> ;; ANSWER SECTION:
> adam.es.                1D IN A         195.219.118.16
> adam.es.                1D IN MX        10 hercules.adam.es.
> adam.es.                1D IN NS        dns1.adam.es.
> adam.es.                1D IN NS        dns2.adam.es.
> adam.es.                1D IN NS        ineco.nic.es.
> adam.es.                1D IN SOA       dns1.adam.es. root.dns1.adam.es. (
>                                         2003110602      ; serial
>                                         6h10m           ; refresh
>                                         1h1m            ; retry
>                                         3W              ; expiry
>                                         1D )            ; minimum
> 
> 
> ;; AUTHORITY SECTION:
> adam.es.                1D IN NS        dns1.adam.es.
> adam.es.                1D IN NS        dns2.adam.es.
> adam.es.                1D IN NS        ineco.nic.es.

> ;; ADDITIONAL SECTION:
> hercules.adam.es.       1D IN A         212.36.64.30
> dns1.adam.es.           1D IN A         195.219.118.16
> dns2.adam.es.           1D IN A         195.219.118.17
> ineco.nic.es.           1d18h3m14s IN A  194.69.254.2
> 
> ;; Total query time: 2 msec
> ;; FROM: dns1.adam.es to SERVER: dns1.adam.es  195.219.118.16
> ;; WHEN: Mon Nov 10 17:18:25 2003
> ;; MSG SIZE  sent: 25  rcvd: 277
> 
> 
> I made a query to http://www.dnsreport.com and it shows me the following
> error in the SOA category and the The Test NS agreement
> 
> ERROR: Your nameservers disagree as to which version of your DNS is the
> latest! 2003110602 versus -1443823458! This is OK if you have just made a
> change recently, and your secondary DNS servers haven't yet received the new
> information from the master. I will continue the report, assuming
> that -1443823458 is the correct serial #.
> 
> I tried  to update several times the serial but I can't make it being
> actualized in the rest of dns servers
> 
> My primary and secundary servers have the correct configuration
> 
> where is the problem?
> 
> how can I solve my dns serial problem?
> 
> My primary server is a RedHat Linux with Bind 8.1 and my secundary server is
> a Windows 2000, till now they worked fine, they have a lot of domains and
> the problem is only with that domain
> 
> TIA.
> 
> 
> 
> 
	The problem is that you have put the serial number backward.
	You need to roll over the serial number.

Set your serial number to 4150594249 ((2003110602 + 0x7fffffff) % 0x100000000)
WAIT for it to propogate to all your servers.

Set the serial to 1
WAIT for it to propogate to all your servers.

Set the serial to 2003110603

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org