Problems with Zone transfers
Fernando Costa de Almeida
falmeida at computeasy.com.br
Thu Dec 9 11:40:01 UTC 2004
Hi,
I've been searching the mailing list archives, but I just couldn't find
a solution to the problem I'm facing.
I have 3 dns servers (1 master and 2 slaves) running BIND 9.2.3, and
everything was running well until some days ago. Since then, my slaves
start logging a log of failures trying to do zone transfers from the
master, just like this:
named[15805]: zone ativo.com.br/IN: refresh: failure trying master
200.150.208.2#53: timed out
Reading the FAQ and mailing list archives, I did all the tests proposed:
(From the slaves):
dig @ipmaster zona axfr -> OK
dig @ipmaster zona ixfr -> OK
dig @ipmaster zona soa -> OK
As suggested in the FAQ, I changed the serial-query-rate to 5, in all
the slaves (still gets the errors).
As suggested in one post from the list, I disabled notifies in the
slaves (no success).
The strange thing: when I restart the named proccess in the slaves, they
stay calm for a long time, and even do some successfull zone tranfers:
named[45256]: zone computeasy.com.br/IN: transferred serial 2002062388
named[45256]: transfer of 'computeasy.com.br/IN' from 200.150.208.2#53:
end of transfer
But after some time, they start to log a lot of time-out errors. Just as
an example, I changed some data in the computeasy.com.br zone yesterday,
and just now, after a restart in the named process, the slave did the
transfer (as seen above).
Two of these servers are in the same LAN, and don't have any kind of
firewall, so network connectivity problems can be discarded.
Please, I cant figure out what is going wrong with them. :0(
Following are the confs:
------------------------------------------------------------------------------------------
MASTER:
logging {
category lame-servers { null; };
};
options {
directory "/etc/namedb";
pid-file "/etc/namedb/named.pid";
version "NA";
query-source port 53;
recursive-clients 3000;
cleaning-interval 30;
max-cache-size 50M;
max-cache-ttl 3600;
max-ncache-ttl 3600;
lame-ttl 0;
listen-on { 200.192.52.2; 200.150.208.2; 172.16.16.2; };
allow-transfer {
200.206.87.76;
200.196.226.233;
200.192.52.0/24;
200.150.208.3;
172.16.16.0/26;
};
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
// aabb-brasil.com.br
zone "aabb-brasil.com.br" in {
type master;
file "/etc/namedb/_DOMINIOS/aabb-brasil.com.br";
};
...
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
SLAVES:
logging {
category lame-servers { null; };
};
options {
directory "/etc/namedb";
pid-file "/etc/namedb/named.pid";
version "NA";
query-source port 53;
recursive-clients 3000;
cleaning-interval 30;
max-cache-size 50M;
max-cache-ttl 3600;
max-ncache-ttl 3600;
lame-ttl 0;
serial-query-rate 2;
notify no;
listen-on { 200.192.52.3; 200.150.208.3; 172.16.16.3; };
allow-transfer {
200.206.87.76;
200.196.226.233;
200.192.52.0/24;
172.16.16.0/16;
};
};
include "/etc/namedb/specific.conf";
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
// aabb-brasil-clube.com.br
zone "aabb-brasil-clube.com.br" in {
type slave;
masters { 200.150.208.2; };
file "/etc/namedb/_DOMINIOS/aabb-brasil-clube.com.br";
};
...
------------------------------------------------------------------------------------------
Thanks in advance.
--
_______________________________________
ALMEIDA, Fernando Costa de
Computeasy Informática
www.computeasy.com.br
BSD USER BSD050945
ICQ 72293951
More information about the bind-users
mailing list