Delayed Zone Transfers

Manson, John John.Manson at mail.house.gov
Mon Aug 6 17:02:54 UTC 2012


One thing about views, since named.conf is read 'top down', you have to exclude IP pairs used for tranfers by the 2nd view from the 1st view.
All our tranfers happen in 1 second or less on average.

JM

-----Original Message-----
From: bind-users-bounces+john.manson=mail.house.gov at lists.isc.org [mailto:bind-users-bounces+john.manson=mail.house.gov at lists.isc.org] On Behalf Of bind-users-request at lists.isc.org
Sent: Monday, August 06, 2012 12:37 PM
To: bind-users at lists.isc.org
Subject: bind-users Digest, Vol 1279, Issue 3

Send bind-users mailing list submissions to
        bind-users at lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
        bind-users-request at lists.isc.org

You can reach the person managing the list at
        bind-users-owner at lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of bind-users digest..."


Today's Topics:

   1. Re: Delayed Zone Transfers? (Jiann-Ming Su)
   2. Re: Delayed Zone Transfers? (Jiann-Ming Su)
   3. Re: Delayed Zone Transfers? (Phil Mayers)
   4. Re: Multi-master DNS with Bind (Chris Buxton)
   5. Re: Delayed Zone Transfers? (Jiann-Ming Su)
   6. Re: Multi-master DNS with Bind (john.debella at teradyne.com)


----------------------------------------------------------------------

Message: 1
Date: Mon, 6 Aug 2012 08:49:38 -0700 (PDT)
From: Jiann-Ming Su <su_js1 at yahoo.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Delayed Zone Transfers?
Message-ID:
        <1344268178.66536.YahooMailNeo at web39305.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

> From: J <bind at namor.ca>
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Cc:
> Sent: Thursday, August 2, 2012 5:57 PM
> Subject: Re: Delayed Zone Transfers?
>
> Jiann-Ming Su wrote:
>>  What would cause a delay in zone transfers?? The notify go out
>>  immediately when the serial number changes on the master, but some of the
>>  secondaries can take up to 10 minutes before initiating the zone
>>  transfer.? Also, even after the zone has been transferred, the secondary
>>  will not immediately serve out the new data.? I'm running 9.8.1-P1,
> soon
>>  to be 9.8.3-P2.? Thanks for any insights.
>
> A large backlog of zone transfers on the slave?

I don't think that's the case for mine.? Here's an example of a 14 minute delay after receiving a notify:

06-Aug-2012 11:20:36.575 notify: client 192.168.8.8#33456: view hc: received notify for zone 'uts-sa.mydomain.ddns': TSIG 'dns1.mydomain.org'
06-Aug-2012 11:34:36.177 general: zone uts-sa.mydomain.ddns/IN/all: Transfer started.
06-Aug-2012 11:34:36.178 xfer-in: transfer of 'uts-sa.mydomain.ddns/IN' from 192.168.8.8#53: connected using 192.168.96.100#49189
06-Aug-2012 11:34:36.184 general: zone uts-sa.mydomain.ddns/IN/all: transferred serial 2010585436: TSIG 'dns1.mydomain.org'
06-Aug-2012 11:34:36.184 xfer-in: transfer of 'uts-sa.mydomain.ddns/IN' from 192.168.8.8#53: end of transfer
06-Aug-2012 11:34:36.185 notify: zone uts-sa.mydomain.ddns/IN/all: sending notifies (serial 2010585436)


------------------------------

Message: 2
Date: Mon, 6 Aug 2012 09:03:24 -0700 (PDT)
From: Jiann-Ming Su <su_js1 at yahoo.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Delayed Zone Transfers?
Message-ID: <1344269004.4356.YahooMailNeo at web39306.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

> From: Jiann-Ming Su <su_js1 at yahoo.com>
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Cc:
> Sent: Thursday, August 2, 2012 5:38 PM
> Subject: Delayed Zone Transfers?
>
> What would cause a delay in zone transfers?? The notify go out immediately when
> the serial number changes on the master, but some of the secondaries can take up
> to 10 minutes before initiating the zone transfer.? Also, even after the zone
> has been transferred, the secondary will not immediately serve out the new
> data.? I'm running 9.8.1-P1, soon to be 9.8.3-P2.? Thanks for any insights.
>

Here's an example of the zone file being updated, but BIND not serving out the new data.

Running dig locally:
# dig @localhost myhost.uts-sa.mydomain.ddns

; <<>> DiG 9.8.3-P2 <<>> @localhost myhost.uts-sa.mydomain.ddns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36470
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;myhost.uts-sa.mydomain.ddns.??? IN??? A

;; AUTHORITY SECTION:
uts-sa.mydomain.ddns.??? 86400??? IN??? SOA??? dhcp-admin.service.mydomain.net. hostmaster.mydomain.net. 2010585436 7200 1800 604800 86400

;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug? 6 11:53:45 2012
;; MSG SIZE? rcvd: 118


Contents of the local zone file:
# less ddb.uts-sa.mydomain.ddns
$ORIGIN .
$TTL 86400????? ; 1 day
uts-sa.mydomain.ddns?????? IN SOA? dhcp-admin.service.mydomain.net. hostmaster.mydomain.net. (
??????????????????????????????? 2010585437 ; serial
??????????????????????????????? 7200?????? ; refresh (2 hours)
??????????????????????????????? 1800?????? ; retry (30 minutes)
??????????????????????????????? 604800???? ; expire (1 week)
??????????????????????????????? 86400????? ; minimum (1 day)
??????????????????????????????? )
??????????????????????? NS????? dns1.mydomain.net.
??????????????????????? NS????? dns2.mydomain.net.
$ORIGIN uts-sa.mydomain.ddns.
$TTL 7200?????? ; 2 hours
myhost????????????????? A?????? 10.231.24.252
??????????????????????? TXT???? "00e9e034c52bb28952e1b7192519421cc5"


The SOA that it's serving is not the newest one.



------------------------------

Message: 3
Date: Mon, 06 Aug 2012 17:07:54 +0100
From: Phil Mayers <p.mayers at imperial.ac.uk>
To: bind-users at lists.isc.org
Subject: Re: Delayed Zone Transfers?
Message-ID: <501FEBDA.4040704 at imperial.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 06/08/12 17:03, Jiann-Ming Su wrote:

> Here's an example of the zone file being updated, but BIND not serving out the new data.
>
> Running dig locally:
> # dig @localhost myhost.uts-sa.mydomain.ddns

I note from your other email that you are using views.

Are you sure you are querying the right view? It seems that you may be
querying the view in which the zone is not slaved, hence you get old,
cached data.


------------------------------

Message: 4
Date: Mon, 6 Aug 2012 19:12:56 +0300
From: Chris Buxton <chris.p.buxton at gmail.com>
To: Evan Hunt <each at isc.org>
Cc: bind-users at lists.isc.org
Subject: Re: Multi-master DNS with Bind
Message-ID: <F2F181EE-6156-4AE1-A10D-4BB7F7DC2AFD at gmail.com>
Content-Type: text/plain; charset="us-ascii"

On Aug 5, 2012, at 11:26 PM, Evan Hunt wrote:
>> Looking to find information as to whether I can set up bind for
>> multi-master DNS. I want to be able to update DNS records via any or more
>> than one nameserver in the domain and have the records updated and
>> propagated regardless if the "master" is available. Is this supported or
>> are there ways to make this work with bind?
>
> Not at this time.  We've discussed the subject at some length and it
> may appear in a future release, but it's not on the near-term roadmap.

Couldn't this be done with DLZ?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120806/c725c5c7/attachment-0001.bin>

------------------------------

Message: 5
Date: Mon, 6 Aug 2012 09:33:40 -0700 (PDT)
From: Jiann-Ming Su <su_js1 at yahoo.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Delayed Zone Transfers?
Message-ID:
        <1344270820.12060.YahooMailNeo at web39304.mail.mud.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

> From: Phil Mayers <p.mayers at imperial.ac.uk>
> To: bind-users at lists.isc.org
> Cc:
> Sent: Monday, August 6, 2012 12:07 PM
> Subject: Re: Delayed Zone Transfers?
>
> On 06/08/12 17:03, Jiann-Ming Su wrote:
>
>>  Here's an example of the zone file being updated, but BIND not serving
> out the new data.
>>
>>  Running dig locally:
>>  # dig @localhost myhost.uts-sa.mydomain.ddns
>
> I note from your other email that you are using views.
>
> Are you sure you are querying the right view? It seems that you may be querying
> the view in which the zone is not slaved, hence you get old, cached data.

Yeah, I've wondered about views.? We went to views to work around a MTA config issue.? The weird zone transfer performance seem to have coincided with our transition to views.? Here's my named.conf, FWIW:

view hc {
??????? match-clients????? { 192.168.0.0/16; 10.236.0.0/16; };
??????? match-destinations { any; };
??????? include "/etc/named.zones";

??????? zone "s7a1.psmtp.com" {
??????????????? type slave;
??????????????? file "db.postini-s7a1";
??????????????? masters { dnsmgr; };
??????? };
??????? zone "s7a2.psmtp.com" {
??????????????? type slave;
??????????????? file "db.postini-s7a2";
??????????????? masters { dnsmgr; };
??????? };
??????? zone "s7b1.psmtp.com" {
??????????????? type slave;
??????????????? file "db.postini-s7b1";
??????????????? masters { dnsmgr; };
??????? };
??????? zone "s7b2.psmtp.com" {
??????????????? type slave;
??????????????? file "db.postini-s7b2";
??????????????? masters { dnsmgr; };
??????? };
};

view all {
??????? match-clients????? { any; };
??????? match-destinations { any; };
??????? include "/etc/named.zones";
};


For the particular case I demonstrated in the previous email, I don't think views should have affected it as the default "all" view should have been hit.? And even the "hc" view, the data would be the same as we're only "spoofing" for the specific psmtp.com mail hosts.



------------------------------

Message: 6
Date: Mon, 6 Aug 2012 12:37:07 -0400
From: john.debella at teradyne.com
To: Chris Buxton <chris.p.buxton at gmail.com>
Cc: bind-users at lists.isc.org
Subject: Re: Multi-master DNS with Bind
Message-ID:
        <OFE9E96367.8C2DF3C0-ON85257A52.005B3DAB-85257A52.005B4A2A at notes.teradyne.com>

Content-Type: text/plain; charset="us-ascii"


Don't know. I haven't used it. Do you have experience with it?




From:   Chris Buxton <chris.p.buxton at gmail.com>
To:     Evan Hunt <each at isc.org>,
Cc:     john.debella at teradyne.com, bind-users at lists.isc.org
Date:   08/06/2012 12:13 PM
Subject:        Re: Multi-master DNS with Bind



On Aug 5, 2012, at 11:26 PM, Evan Hunt wrote:
>> Looking to find information as to whether I can set up bind for
>> multi-master DNS. I want to be able to update DNS records via any or
more
>> than one nameserver in the domain and have the records updated and
>> propagated regardless if the "master" is available. Is this supported or
>> are there ways to make this work with bind?
>
> Not at this time.  We've discussed the subject at some length and it
> may appear in a future release, but it's not on the near-term roadmap.

Couldn't this be done with DLZ?

[attachment "signature.asc" deleted by John DeBella/Bos/Teradyne]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120806/83160e0f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120806/83160e0f/attachment.gif>

------------------------------

_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

End of bind-users Digest, Vol 1279, Issue 3
*******************************************



More information about the bind-users mailing list