bind 9 goes rogue and revert zone information

Raul Dias raul at dias.com.br
Tue Feb 7 16:30:47 UTC 2017 

Hi Mukund,

On 07/02/2017 12:42, Mukund Sivaraman wrote:
> Hi Raul
> When you say "When it reverts its zone information", how are you
> observing it? Are you reading the master file from disk to check what's
> in it, or are you doing a dig for the SOA record to check the serial?
> By this, I'm asking if your master file is in sync with the journal if
> you're reading it directly (rndc sync).
with dig.
the zone files are kept in the 30170401 format.
the slaves dns servers do not update to the 3016060101 as it is older 
than the later.

I was not aware of rndc sync.  Which is fine right now.  But I will see 
what happens next time it drifts.

This is newbie question.  Why there is a journal file for a static 
master zone?
>
> After the zone has a serial of 3017020401, is it updated in any way?  Do
> you run any rndc commands against the nameserver during this time?
Nope.
>
> Is the serial value 3016060101 of any significance? You say it "reverts
> back to a previous version". Was 3016060101 a previously observed
> serial? What happens to the contents of the zone? Are the contents the
> same, or do they appear to have older data?
3016* was the last zone update until this year.
So, the content stayed the same for at least 6 months.
The major changes were a few A and CNAME records, which gets reverted to 
the previous values (301606*) when the problem occurs. Older ns data 
gets propagated to the Internet.
> When you clean journal files, have they been sync'd into the master
> file?
I don't think so.  As I said earlier, I am not aware about the 
usefulness of it in this scenario.
What I did was to stop the server, Removed them and start the daemon back.
Everything were fine after this for a few days.
>
> You mention again "get the old information".. does it mean that you
> noticed that the zone contains old data? How are you checking the
> contents? Directly by reading the master file or via query?
Query.  The files are always right (3017* data).
>
> Can you send the output of named-checkconf -px for your named config?
> If you want details to be private, you can create a bug ticket by
> mailing it to <bind9-bugs at isc.org>.
>
> 		Mukund
Thanks.  Sent over to bind9-bugs.

-rsd

More information about the bind-users mailing list