Leases on Dynamic Updates?
Mark Andrews
Mark_Andrews at isc.org
Mon Feb 4 21:32:51 UTC 2008
> --On Friday, February 01, 2008 14:55:19 -0800 Chris Buxton
> <cbuxton at menandmice.com> wrote:
>
> > Microsoft's implementation does not give identical IXFR's from
> > different DC's. You cannot list multiple DC's in your masters
> > statement and expect things to work right unless you use the multi-
> > master option.
> >
> > And even the IXFR's from a particular DC cannot be 100% relied on -
> > you need to use AXFR requests from your BIND slave in order to
> > reliably get to a complete copy of the zone. The solution I've seen
> > is, once per day or so, stop the slave, get an AXFR with dig, and
> > restart the slave. This can be done via cron, of course, but it's
> > hardly ideal.
>
> I have 3 DCs, but I only treat ONE as a master for my BIND slaves.
> I do not remember if I have DNS running on all three DCs.
> I have no problem with the IXFR from the one DC to a BIND 9.4.1-P1
> slave. But I do occasionally have problems with IXFR from that one
> BIND slave to the other BIND slaves, per this message:
>
> Feb 1 15:26:20 dns0 named[161]: [ID 873579 daemon.error]
> malformed transaction: cmt224.rev.jnl
> last serial 2001072827 != transaction first serial 2001072826
Upgrade.
>
> I have not completed the research to determine whether the problem is
> in the IXFR packaging from the MS W2k+3 DNS Server or in the IXFR
> re-packaging on the BIND slave during the transfer to another BIND
> slave. The zone in this message is dynamic, with many DDNS updates
> throughout the day from an MS W2k+3 DHCP Server. I would need to get
> packet traces or detailed DNS logging of
>
> 1) The DDNS update to the zone
> 2) The IXFR from the MS DNS Server to the BIND slave
> 3) The IXFR from the BIND slave to another BIND slave.
>
> I did get some traces a few years ago with an older BIND 8, but I have
> not gotten traces with BIND 9.
>
> I have never (as far as I can remember) had any complaints that the
> information for these dynamic zones (I have one forward and six
> reverse zones) is not up-to-date. All of my clients query the BIND
> slave servers; none is supposed to be configured to query the MS DNS
> Server running on the three DCs.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list