[SANOG] bind9 question .. does IXFR fallback to AXFR?

Mark Andrews Mark_Andrews at isc.org
Tue Jan 4 23:52:48 UTC 2005



	Yes,  provided it has the following bug fix (9.1.3/9.2.0).

 852.   [bug]           Handle responses from servers which do not know
                        about IXFR.

 lib/dns/xfrin.c:

        /*
         * Does the server know about IXFR?  If it doesn't we will get
         * a message with a empty answer section or a potentially a CNAME /
         * DNAME, the later is handled by xfr_rr() which will return FORMERR
         * if the first RR in the answer section is not a SOA record.
         */
        if (xfr->reqtype == dns_rdatatype_ixfr &&
            xfr->state == XFRST_INITIALSOA &&
            msg->counts[DNS_SECTION_ANSWER] == 0) {
                xfrin_log(xfr, ISC_LOG_DEBUG(3),
                          "empty answer section, retrying with AXFR");
                goto try_axfr;
        }

> Hi
> 
> I have a weird issue .. which I just saw when I added an IP to my zone
> for hserus.net (tinydns pri NS on frodo.hserus.net served by two bind
> secondaries)
> 
> Updating the serial number on djbdns, loading the zone serves it ok.
> 
> > frodo# dnsq soa hserus.net frodo.hserus.net
> > 6 hserus.net:
> > 187 bytes, 1+1+3+2 records, response, authoritative, noerror
> > query: 6 hserus.net
> > answer: hserus.net 7200 SOA frodo.hserus.net postmaster.hserus.net 
> 2005010101 14400 7200 950400 7200
> > authority: hserus.net 7200 NS ns4.zoneedit.com
> > authority: hserus.net 7200 NS ns3.zoneedit.com
> > authority: hserus.net 7200 NS frodo.hserus.net
> > additional: frodo.hserus.net 7200 AAAA 3ffe:401d:2022:b::2
> > additional: frodo.hserus.net 7200 A 204.74.68.40
> 
> I then used the dnsnotify perl script available on the djbdns.org site
> to send a NOTIFY to my two bind secondaries ns{3,4).zoneedit.com (which
> are probably bind 9 now, though digging for version.bind from their
> chaos.txt just doesnt work)
> 
> frodo# dnsnotify hserus.net ns3.zoneedit.com ns4.zoneedit.com
> Received NOTIFY answer from 66.180.174.61
> Received NOTIFY answer from 216.98.150.236
> 
> However - the secondaries are not updating themselves .. possibly
> because bind9 sends IXFR requests rather than AXFR first .. and djbdns
> doesn't do IXFR, just AXFR.  So, when an IXFR doesnt return anything,
> does bind fall back to doing an AXFR to update itself from the
> primary?
> 
> > frodo# dnsq soa hserus.net ns3.zoneedit.com
> > 6 hserus.net:
> > 143 bytes, 1+1+3+0 records, response, authoritative, noerror
> > query: 6 hserus.net
> > answer: hserus.net 7200 SOA frodo.hserus.net postmaster.hserus.net 
> 200409201 14400 7200 950400 7200
> > authority: hserus.net 7200 NS ns4.zoneedit.com
> > authority: hserus.net 7200 NS ns3.zoneedit.com
> > authority: hserus.net 7200 NS frodo.hserus.net
> 
> > frodo# dnsq soa hserus.net ns4.zoneedit.com
> > 6 hserus.net:
> > 143 bytes, 1+1+3+0 records, response, authoritative, noerror
> > query: 6 hserus.net
> > answer: hserus.net 7200 SOA frodo.hserus.net postmaster.hserus.net 
> 200409201 14400 7200 950400 7200
> > authority: hserus.net 7200 NS ns4.zoneedit.com
> > authority: hserus.net 7200 NS ns3.zoneedit.com
> > authority: hserus.net 7200 NS frodo.hserus.net
> 
> -- 
> This is the SANOG (http://www.sanog.org/) mailing list.
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list