v9.3.0 alt-transfer-source redundent? - was {Re: IXFR journal dump making 9.2.4 server non-responsive}

Mark Andrews Mark_Andrews at isc.org
Tue Dec 21 22:48:52 UTC 2004 

> OK, I have added "use-alt-transfer-source yes;" and
> "alt-transfer-source 172.30.30.43;" to the zone definition and it seems
> to fix the problem.  (It sends and receives a SOA query to the masters
> listed in the zone definition.)
> 
> My questions is that as noted above in my options stanza, we already
> have query-source and transfer-source set to the same address that the
> alt-transfer-source is now set to.  This seems a little redundent to
> me.

	I would have thought that you would just have set 
	"use-alt-transfer-source no;".  There is no point in setting
	alt-transfer-source to the same value as transfer-source.
 
> Here is a snoop of the traffic doing a "rndc refresh ${ZONE}" WITH
> alt-transfer-source enabled:
> 
> ________________________________
> 172.30.30.43 -> aaa.bb.c.ddd UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> aaa.bb.c.ddd DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> aaa.bb.c.ddd -> 172.30.30.43 UDP D=58565 S=53 LEN=356
> aaa.bb.c.ddd -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> ________________________________
> 172.30.30.43 -> aaa.bb.c.eee UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> aaa.bb.c.eee DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> aaa.bb.c.eee -> 172.30.30.43 UDP D=58565 S=53 LEN=388
> aaa.bb.c.eee -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> ________________________________
> 172.30.30.43 -> fff.ggg.hhh.iii UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> fff.ggg.hhh.iii DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> fff.ggg.hhh.iii -> 172.30.30.43 UDP D=58565 S=53 LEN=356
> fff.ggg.hhh.iii -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> ________________________________
> 172.30.30.43 -> fff.ggg.hhh.jjj UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> fff.ggg.hhh.jjj DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> fff.ggg.hhh.jjj -> 172.30.30.43 UDP D=58565 S=53 LEN=372
> fff.ggg.hhh.jjj -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> 
> 
> That looks good to me and don't get any errors in the logs.
> 
> Now here is a snood doing a "rndc refresh ${SONE}" wihtOUT the
> alt-transfer-source set:
> 
> ________________________________
> 172.30.30.43 -> aaa.bb.c.ddd UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> aaa.bb.c.ddd DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> aaa.bb.c.ddd -> 172.30.30.43 UDP D=58565 S=53 LEN=388
> aaa.bb.c.ddd -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> ________________________________
> 172.30.30.43 -> aaa.bb.c.eee UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> aaa.bb.c.eee DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> aaa.bb.c.eee -> 172.30.30.43 UDP D=58565 S=53 LEN=388
> aaa.bb.c.eee -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> ________________________________
> 172.30.30.43 -> fff.ggg.hhh.jjj UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> fff.ggg.hhh.jjj DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> fff.ggg.hhh.jjj -> 172.30.30.43 UDP D=58565 S=53 LEN=356
> fff.ggg.hhh.jjj -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> ________________________________
> 172.30.30.43 -> fff.ggg.hhh.iii UDP D=53 S=58565 LEN=60
> 172.30.30.43 -> fff.ggg.hhh.iii DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> fff.ggg.hhh.iii -> 172.30.30.43 UDP D=58565 S=53 LEN=388
> fff.ggg.hhh.iii -> 172.30.30.43 DNS R rbl-plus.mail-abuse.org. Internet
> SOA
> 
> So far, the above looks just like the snoop with
> alt-transfer-source.
> So why does it not work without alt-transfer-source set?
> 
> (The follow all fail as 172.30.30.33 is not allowed out the
> load
> balancer and our reasoning for using the query-source and
> transfer-source options.)
> 
> ________________________________
> 172.30.30.33 -> aaa.bb.c.ddd UDP D=53 S=56726 LEN=60
> 172.30.30.33 -> aaa.bb.c.ddd DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> aaa.bb.c.ddd -> 172.30.30.33 UDP D=56726 S=53 LEN=60
> aaa.bb.c.ddd -> 172.30.30.33 DNS R  Error: 3(Name Error)
> ________________________________
> 172.30.30.33 -> aaa.bb.c.eee UDP D=53 S=56739 LEN=60
> 172.30.30.33 -> aaa.bb.c.eee DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> aaa.bb.c.eee -> 172.30.30.33 UDP D=56739 S=53 LEN=60
> aaa.bb.c.eee -> 172.30.30.33 DNS R  Error: 3(Name Error)
> ________________________________
> 172.30.30.33 -> fff.ggg.hhh.jjj UDP D=53 S=56740 LEN=60
> 172.30.30.33 -> fff.ggg.hhh.jjj DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> fff.ggg.hhh.jjj -> 172.30.30.33 UDP D=56740 S=53 LEN=60
> fff.ggg.hhh.jjj -> 172.30.30.33 DNS R  Error: 3(Name Error)
> ________________________________
> 172.30.30.33 -> fff.ggg.hhh.iii UDP D=53 S=56741 LEN=60
> 172.30.30.33 -> fff.ggg.hhh.iii DNS C rbl-plus.mail-abuse.org. Internet
> SOA ?
> ________________________________
> fff.ggg.hhh.iii -> 172.30.30.33 UDP D=56741 S=53 LEN=60
> fff.ggg.hhh.iii -> 172.30.30.33 DNS R  Error: 3(Name Error)
> 
> 
> Again, why when not using alt-transfer-source, the first querys to the
> masters look just like it does with alt-transfer-srouce, but then it
> continues on and sources from an interface we are trying to have bind
> not use?
> 
> Again, thanks for the help.
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list