slave transfer problems

Scott Haneda talklists at newgeo.com
Thu Apr 30 03:36:39 UTC 2009 

On Apr 29, 2009, at 5:03 PM, Barry Margolin wrote:

> In article <gtamqt$1k3$1 at sf1.isc.org>,
> Scott Haneda <talklists at newgeo.com> wrote:
>>
>>
>> like my machine, .14 is refusing their refresh request.  Do I need to
>> allow-recursion for their NS0?
>
> No, you shouldn't need allow-recursion.  You might need allow-query,  
> if
> you're not allowing to all.

I do not have it set, and am not finding in the docs what the default  
is, I assume all or my DNS would just not work?

>>> Computer:	NS0
>>> Description:
>>> zone someone-else.com/IN: refused notify from non-master:
>>> xx.xx.37.6#56516
>>
>> This is a valid domain, current records, should be working fine.  Is
>> the refusal because they are asking  xx.xx.37.6?  Yes, this IP is on
>> the same machine, but that IP is used for http, and not DNS. So in
>> this case, my transfer source is  xx.xx.37.14, and they hit  xx.xx.
>
> Unless your machine is a slave, it doesn't need the transfer-source
> option.

Yes, I am a slave for a few people, pretty low load, but indeed, I do  
have a few hundred zones I am salving.

>> 37.6, which named is not listening on, and get the above error?
>
> Try setting notify-source to xx.xx.37.14.

Neat, I was not aware of that, so when my machine sends out a notify,  
it probably is using whatever IP it wants to, maybe the first, this  
would like it down?

>> Those are the only two they gave me, but the general problem is, I  
>> can
>> update a zone, change the serial, issue rndc reload, and see my logs
>> show a notify sent their way.  It can then take anywhere from a few
>> minutes, to hours, to sometimes days to get the change to hit the
>> secondary.
>
> Even if there's a problem with the notify, it shouldn't take much  
> longer
> than the refresh time in the SOA record.  I recommend setting this to
> something in the neighborhood of an hour, so that there isn't too much
> of a lag if the notify is lost.

This is pretty par for the course template I use
                 200810011       ; serial, todays date + todays serial #
                 8H              ; refresh
                 2H              ; retry
                 4W              ; expire
                 1H )            ; minimum

Are you saying to drop the 8H one down to 1H?  I was pretty sure I  
followed RFC on the values above.  That zone setting above means I am  
looking at 8 Hours if the notify fails?

Thanks
-- 
Scott * If you contact me off list replace talklists@ with scott@ *

More information about the bind-users mailing list