BIND 9.7 Serial Number Decrease Problem

Barry Finkel bsfinkel at anl.gov
Tue Jun 7 12:51:11 UTC 2011 

In my last posting I was confused as to the .jnl file.  I have
about 44 AD slave files on my BIND servers, and 40 .jnl files.
The two zones in question do not have .jnl files.  As I do not
look at .jnl files much, I had forgotten about the tool to
list them.

I now have this situation on one Solaris 10 slave; the problem
probably also exists on the other Sol 10 slave and the two
Ubuntu hardy slaves:

The _tcp zone on the master MS DNS Server:

      1238 600 86400 3600

The _tcp zone on the BIND 9.7.3-P1 Solaris 10 server disk:

      1239       ; serial
      900        ; refresh (15 minutes)
      600        ; retry (10 minutes)
      86400      ; expire (1 day)
      3600       ; minimum (1 hour)

The _udp zone on the master MS DNS Server:

      842 900 600 86400 3600

The _udp zone on the BIND 9.7.3-P1 Solaris 10 server disk:
      843        ; serial
      900        ; refresh (15 minutes)
      600        ; retry (10 minutes)
      86400      ; expire (1 day)
      3600       ; minimum (1 hour)

Note that the zone serial number for both zones on the master is
one LESS than the serial number on the slave.  The last messages
in /var/adm/messages are

      _tcp:
      Jun  4 07:46:57 serial number (1238) received from master ... < 
ours (1239)
      Jun  4 07:47:35 zone ... expired
      Jun  4 07:47:35 zone ... transfer started
      Jun  4 07:47:35 zone ... transferred serial 1238
      Jun  4 07:47:35 zone ... Transfer completed: ...

      _udp:
      Jun  4 07:39:22 serial number (842) received from master ... < 
ours (843)
      Jun  4 07:42:22 zone ... expired
      Jun  4 07:42:22 zone ... transfer started
      Jun  4 07:42:22 zone ... transferred serial 842
      Jun  4 07:42:22 zone ... Transfer completed

There was a zone serial number mismatch, each zone expired three days
ago, and new zones were transferred from the master.  But the zone
files on disk still have the higher serial numbers.  There are no .jnl
files on the disk.  A "dig" on the server for the zone serial numbers
shows the lower numbers, so BIND has those correct serial numbers.  I
assume that if I stopped BIND (rndc stop) and restarted it, then I
would again see the serial number mismatches.  I can try this during
the day, as this server is not heavily used.  Is there any debugging I
need to run?  Thanks.

-- 
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8             Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list