Slave to Win2003 DNS

Jukka Pakkanen jukka.pakkanen at qnet.fi
Mon Nov 2 15:29:53 UTC 2009 

bsfinkel at anl.gov kirjoitti:
> Jukka Pakkanen <jukka.pakkanen at qnet.fi> wrote:
>
>   
>> Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS 
>> server, zone "company.local".
>>
>> For some reason t he slaves don't update the zone unless I restart the 
>> BIND service in the server, and after a while, fail to respond to queries.
>>
>> Example, after a couple of days since the last restart, the BIND servers 
>> stops responding to queries to "company.local" (SERVFAIL), at the server 
>> I can see that the cache file is not updated since the service was 
>> previously started.  I restart BIND service, and immediately the cache 
>> file is updated, server again responses to queries etc.
>>
>> I suspect this is not a problem in the BIND, but in the Windows 2003 
>> DNS, but any ideas anyway, what to look in the server?  Haven't been 
>> playing with the Windows DNS a lot...
>>     
>
> I have seen the three replies to this, and I will add the following:
>
> Is the W2003 DNS Server sending NOTIFY packets to the BIND slaves
> when a zone is updated?  
I suppose it is, because earlier today when I checked the serial number 
was updated in the master since the weekend, and the two working slaves 
had the updated serial as well. And when made a change to the zone, they 
updated the zone file in a short time as well.  Also if you check the 
servers right now, they are already at "6278", so looks like the notify 
& zone transfers work ok.

But for still unknown reason the slaves at some point stop responding 
queries to this zone (servfail) and won't recover until service restart. 
Maybe after the zone data is expired (24hrs), if not refreshed/updated 
before that??

These same servers are slaves to a bind master, and have no problems there.

> Do you have DNS logging enabled on the MS DNS Server?  I suggest that
> full logging be enabled, and the dns.log file be made sufficiently
> large so that you will be able to see what may be happening.  Note
> that the dns.log file increases in size until it reaches its max
> size; then it is cleared, and new entries are added.  The dns.log
> file is NOT a syslog file, as we in the Unix community are used to
> using.
>   
I'll check that and enable if not already.

More information about the bind-users mailing list