failed while receiving responses and jnl touching

Barry Finkel b19141 at achilles.ctd.anl.gov
Fri Mar 24 15:38:39 UTC 2006 

"drummah" <jon.wayne.ctr at scott.af.mil> wrote:

>I need some help in my continuing education with BIND and DNS.  I have
>a firewall running BIND 9 split-DNS slaving off of a wintendows domain
>controller which is master for DNS and running  AD and DHCP.  The W2k
>domain controller is on the internal network side of the firewall.  The
>domain controller is not set to notify.  The zone files on the firewall
>are set to refresh every fifteen minutes, too frequent perhaps.
>
>I am receiving the following logs:
>
>Feb 10 00:18:52 foo named[22143]: journal file
>/etc/namedb.u/foo.foo.foo.net.db.jnl does not exist, creating it
>Feb 10 00:18:52 foo named[22143]: transfer of 'foo.foo.foo.net/IN' from
>123.4.5.67#53: failed while receiving responses: not exact
>Feb 10 00:18:52 foo named[22143]: transfer of 'foo.foo.foo.net/IN' from
>123.4.5.67#53: end of transfer
>Feb 10 00:18:54 foo named[22143]: zone foo.foo.foo.net/IN: transferred
>serial 1316824
>Feb 10 00:18:54 foo named[22143]: transfer of foo.foo.foo.net/IN' from
>123.4.5.67#53: end of transfer
>
>After searching the archives of this group, the closest answer that I
>located was the following:
>
>"This indicated that the IXFR delta contained a request to remove a
>record that did not exist or to add a record that already exists.
>named will treat the zone as being out of sync and retransfer the
>entire zone."
>
>If this is true, then this may explain why the transfer fails and then
>immediatly succeeds.  Please help me to correct this and stop this from
>filling up my logs.  What should I look for and correct?
>
>Also, unlike BIND8, I thought that the jnl file always exists in BIND9
>once DNS is started.  Why does need to create the jnl file over and
>over every 15 minutes?

If the zone

     foo.foo.foo.net

has many dynamic updates (e.g., from a DHCP server), then there can be
many "versions" of the zone.  By the time the BIND slave server attempts
an IXFR of the zone, the zone may have changed enough so that the IXFR
data (the delta change file) is no longer available.  When this happens,
BIND tries a full AXFR.  I have seen this on my W2k+3 AD DNS Server,
which has one forward zone and five reverse zones under the control of
an MS W2k DHCP Server.  As long as the AXFR succeeds, I would not worry
about the IXFR failures.  You have no control over the DDNS packet
arrival rate at the W2k master, so you never know when a large number
of DDNS updates will arrive in a short time.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list