refresh times out from Win DNS

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Jul 16 13:55:39 UTC 2004


Mark Jeftovic <mark at jeftovic.net> wrote:

>We've been seeing this sporadically for awhile and it is possible this
>happens more often with Win DNS masters (we're not sure but the latest
>case is definitely a WIN DNS box)
>
>We are able to do the first transfer OK after which point subsequent
>refreshes fail with the usual complaint of
>
>Jul 12 07:23:26 ds2 named[1879]: zone example.com/IN: refresh:
>failure  trying master 10.2.229.181#53: timed out
>
>Left to its own the zone eventually expires.
>
>The thing is, we can do AXFR and IXFR from the command line just fine
>using host or dig. Also, the slave is not clogged up with transfers
>in progress (there are 6 SOA queries in progress and 0 xfers running
>as I type this, on a slave with approx. 85K zones configured).
>
>This is bind9.2.3
>
>Any ideas?

I am assuming that the Windows DNS masters are either W2k or W2k+3.
The only idea I have is to turn on full logging on the Windows DNS
Server and see what it logs.  The MS W2k DNS code does not log failed
zone transfers in the EventLog, only successful ones.  (The MS
developers did not want to fill up the event log.)  So the only way
to see a failed zone transfer on the MS side is to look at the dns.log
file.  That will tell you if the AXFR/IXFR request is reaching the
windows DNS Server; it will not tell you why the transfer was refused.
If you find that the request is getting to the Windows DNS Server, then
report back as to what is in the log.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list