refresh: retry limit for master 10.133.253.128#53 exceeded (source 0.0.0.0#0)

Sat Nov 14 21:57:32 UTC 2015


Am 14.11.2015 um 22:45 schrieb Chris Buxton:
> I've seen this where a firewall blocks UDP packets between slave and master, typically because it doesn't understand EDNS. The refresh query fails, so at expiry time, it just initiates a zone transfer anyway, and that succeeds (over TCP).
>
> Checkpoint firewalls are the most common offenders in my experience.

cisco routers, dns alg breaks transfers completly or changes the data in 
unexpected ways like set the TTL for all cname records to 0

no ip nat service alg udp dns
no ip nat service alg tcp dns

http://blog.webernetz.net/2014/05/09/cisco-router-disable-dns-rewrite-alg-for-static-nats/


>> On Nov 13, 2015, at 10:12 PM, Lawrence K. Chen, P.Eng. <lkchen at ksu.edu> wrote:
>>
>> So, the last couple of days I've been banging my head on this problem....
>>
>> Where I'm seeing this strangeness.
>>
>> 13-Nov-2015 18:00:27.896 general: info: zone salina.k-state.edu/IN/internal: refresh: retry limit for master 10.133.253.128#53 exceeded (source 0.0.0.0#0)
>> 13-Nov-2015 18:00:27.896 general: info: zone salina.k-state.edu/IN/internal: Transfer started.
>> 13-Nov-2015 18:00:27.900 xfer-in: info: transfer of 'salina.k-state.edu/IN/internal' from 10.133.253.128#53: connected using 129.130.254.21#65439
>>
>> Among the things I tried, included setting 'transfer-source'.
>>
>> 13-Nov-2015 23:03:42.388 general: info: zone salina.k-state.edu/IN/internal: refresh: retry limit for master 10.133.253.128#53 exceeded (source 129.130.254.21#0)
>> 13-Nov-2015 23:03:42.388 general: info: zone salina.k-state.edu/IN/internal: Transfer started.
>> 13-Nov-2015 23:03:42.393 xfer-in: info: transfer of 'salina.k-state.edu/IN/internal' from 10.133.253.128#53: connected using 129.130.254.21#34391


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151114/2d482b0a/attachment.bin>