Slave to Win2003 DNS

bsfinkel at bsfinkel at
Mon Nov 2 14:58:03 UTC 2009

Jukka Pakkanen <jukka.pakkanen at> wrote:

>Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS 
>server, zone "company.local".
>For some reason t he slaves don't update the zone unless I restart the 
>BIND service in the server, and after a while, fail to respond to queries.
>Example, after a couple of days since the last restart, the BIND servers 
>stops responding to queries to "company.local" (SERVFAIL), at the server 
>I can see that the cache file is not updated since the service was 
>previously started.  I restart BIND service, and immediately the cache 
>file is updated, server again responses to queries etc.
>I suspect this is not a problem in the BIND, but in the Windows 2003 
>DNS, but any ideas anyway, what to look in the server?  Haven't been 
>playing with the Windows DNS a lot...

I have seen the three replies to this, and I will add the following:

Is the W2003 DNS Server sending NOTIFY packets to the BIND slaves
when a zone is updated?  One of the problems with the Windows DNS
Server is that it logs only successful zone transfers.  Unsuccessful
zone transfers are not logged because the MS Developers did not want
to fill the EventLog with these entries.  A number of years ago, when
we installed AD and put the AD zones on a MS W2000 DNS Server, we
formally requested that MS log unsuccessful zone transfers along with
some information as to why the transfer was rejected.

Do you have DNS logging enabled on the MS DNS Server?  I suggest that
full logging be enabled, and the dns.log file be made sufficiently
large so that you will be able to see what may be happening.  Note
that the dns.log file increases in size until it reaches its max
size; then it is cleared, and new entries are added.  The dns.log
file is NOT a syslog file, as we in the Unix community are used to
