Leases on Dynamic Updates?

Mark Andrews Mark_Andrews at isc.org
Mon Feb 4 21:32:51 UTC 2008


> --On Friday, February 01, 2008 14:55:19 -0800 Chris Buxton 
> <cbuxton at menandmice.com> wrote:
> 
> > Microsoft's implementation does not give identical IXFR's from
> > different DC's. You cannot list multiple DC's in your masters
> > statement and expect things to work right unless you use the multi-
> > master option.
> >
> > And even the IXFR's from a particular DC cannot be 100% relied on -
> > you need to use AXFR requests from your BIND slave in order to
> > reliably get to a complete copy of the zone. The solution I've seen
> > is, once per day or so, stop the slave, get an AXFR with dig, and
> > restart the slave. This can be done via cron, of course, but it's
> > hardly ideal.
> 
> I have 3 DCs, but I only treat ONE as a master for my BIND slaves.
> I do not remember if I have DNS running on all three DCs.
> I have no problem with the IXFR from the one DC to a BIND 9.4.1-P1
> slave.  But I do occasionally have problems with IXFR from that one
> BIND slave to the other BIND slaves, per this message:
> 
>      Feb  1 15:26:20 dns0 named[161]: [ID 873579 daemon.error]
>        malformed transaction: cmt224.rev.jnl
>        last serial 2001072827 != transaction first serial 2001072826

	Upgrade.
> 
> I have not completed the research to determine whether the problem is
> in the IXFR packaging from the MS W2k+3 DNS Server or in the IXFR
> re-packaging on the BIND slave during the transfer to another BIND
> slave.  The zone in this message is dynamic, with many DDNS updates
> throughout the day from an MS W2k+3 DHCP Server.  I would need to get
> packet traces or detailed DNS logging of
> 
>      1) The DDNS update to the zone
>      2) The IXFR from the MS DNS Server to the BIND slave
>      3) The IXFR from the BIND slave to another BIND slave.
> 
> I did get some traces a few years ago with an older BIND 8, but I have
> not gotten traces with BIND 9.
> 
> I have never (as far as I can remember) had any complaints that the
> information for these dynamic zones (I have one forward and six
> reverse zones) is not up-to-date.  All of my clients query the BIND
> slave servers; none is supposed to be configured to query the MS DNS
> Server running on the three DCs.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list