IXFR & manually edited zone files
Chris Thompson
cet1 at cam.ac.uk
Mon Mar 7 16:42:15 UTC 2011
On Mar 7 2011, David Coulthart wrote:
>BIND Version: 9.7.3 on Solaris 9 & 10 (locally compiled)
>
>Our current workflow for managing DNS involves generating master zone
>files from a database, pushing the new files to a hidden master nameserver
>& then running "rndc reload" on that nameserver.
>
>Based on the ARM & a posting to bind-users[1], I enabled "ixfr-from-differences
>master;" on the hidden master expecting the master nameserver would generate
>a "diff" from the previous zone file in memory and the new one being loaded
>so it could send an IXFR to the slaves. However, every time the slave
>requests an IXFR, it gets a non-incremental response & has to perform a
>full AXFR. I've configured this in a test environment with a single zone
>file so I know the slave has the first version of the zone file before
>loading the second version on the master & it still results in a AXFR-style
>IXFR. I've explicitly stated the options allow-query & allow-transfer
>in the config, but I do not have allow-updates configured, relying on
>the implicit default of denying all updates.
>
>Is there something I'm missing to get this working?
Have you tested that the ixfr-from-differences is working at all at
the hidden master? E.g. by
dig ixfr=[some-old-serial] [zone-name] @[hidden-master]
from the slaves (or indeed elsewhere).
There is also a named-journalprint utility which you can apply to the
journal file on the master to check it contains what you hope for.
If those look OK, then it's something else in the configuration of
either master or slaves. I take it you aren't doing anything as
obvious as specifying "request-ixfr no" or "provide-ixfr no" in
server statements.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list