Zonemgr not reacting to notifies
Spain, Dr. Jeffry A.
spainj at countryday.net
Sun Jun 10 17:48:32 UTC 2012
>>>> I have a bind10-devel-20120517 system set up as a slave server that uses a bind 9.9.1-P1 server as a master. The latter does DNSSEC inline signing. The bind10 slave appears not to be reacting to notify messages received -- it is not transferring the updated zone from the master. It does finally transfer the zone three hours later, presumably as a result of the SOA refresh timer (86400) expiring. I have included excerpts from the bind10 system's log (set to DEBUG level) and excerpts from the configuration. I would like to have your opinion as to whether the incoming notify process is malfunctioning or if I have made a configuration error. Thanks. Jeff.
>>> Didn't b10-auth or b10-xfrin leave any log message when it received the notify?
>> Nothing other than the log messages shown in my original post. I already have logging set to DEBUG and so don't know how to get any more information out of the system.
> It seems to be a bug, but I couldn't easily identify anything obviously wrong. zonemgr is already so broken and we'll need to re-design/re-implement it pretty fundamentally anyway. I'm not sure if we can easily fix it. At least we can try to build our own test cases to see whether we can reproduce it ourselves.
> One quick question: does it always fail, or does it sometimes succeed?
Sorry for the delay in getting back to you. As best I can tell, my bind10 slaves always fail to respond to notify messages they receive.
I tested this scenario again while running a packet capture on my bind 9.9 inline signing slave. I added some address records to my jaspain.biz zone, incremented SOA the serial number, and ran b10-loadzone on my hidden master. On my bind 9.9 inline signing slave, I ran "rndc retransfer jaspain.biz". (This works around the known limitations of the Xfrout notify mechanism.) In turn it loaded the updated zone, signed the new records, and sent notifies to my two bind10 slaves. Those slaves responded normally to the notify queries. Five seconds later the inline signing server sent the notifies again, and again received normal responses.
About 14 minutes later one of the bind10 slaves opened a TCP connection to the inline signing server, sent an SOA query for jaspain.biz, followed by an AXFR query. It received a normal AXFR response containing the updated zone data. The other bind10 slave did the same thing but not for almost two hours after the original notify.
On one of the bind10 slaves where I had enabled logging, there were entries for the two original notifies: "ZONEMGR_RECEIVE_NOTIFY received NOTIFY command for zone jaspain.biz. (class IN)", but nothing immediately afterwards relating to that zone. Two hours later the following sequence of log messages appeared in connection with the zone transfer:
2012-06-10 09:21:48.633 DEBUG [b10-zonemgr.zonemgr] ZONEMGR_REFRESH_ZONE refreshing zone jaspain.biz. (class IN)
2012-06-10 09:21:48.636 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_NEWCONN SQLite3Database is being initialized
2012-06-10 09:21:48.636 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_CONNOPEN Opening sqlite database file '/var/bind10-devel/zone.sqlite3'
2012-06-10 09:21:48.641 INFO [b10-xfrin.xfrin] XFRIN_XFR_TRANSFER_STARTED AXFR transfer of zone jaspain.biz/IN started
2012-06-10 09:21:48.680 DEBUG [b10-xfrin.xfrin] XFRIN_GOT_NONINCREMENTAL_RESP got nonincremental response for jaspain.biz/IN
2012-06-10 09:21:48.680 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_NEWCONN SQLite3Database is being initialized
2012-06-10 09:21:48.680 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_CONNOPEN Opening sqlite database file '/var/bind10-devel/zone.sqlite3'
2012-06-10 09:21:48.748 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_DROPCONN SQLite3Database is being deinitialized
2012-06-10 09:21:48.748 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_CONNCLOSE Closing sqlite database
2012-06-10 09:21:48.748 INFO [b10-xfrin.xfrin] XFRIN_TRANSFER_SUCCESS full AXFR transfer of zone jaspain.biz/IN succeeded (messages: 1, records: 38, bytes: 4329, run time: 0.111 seconds, 39164 bytes/second)
2012-06-10 09:21:52.754 ERROR [b10-zonemgr.zonemgr] ZONEMGR_NO_MASTER_ADDRESS internal BIND 10 command did not contain address of master
2012-06-10 09:21:52.755 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_DROPCONN SQLite3Database is being deinitialized
2012-06-10 09:21:52.755 DEBUG [b10-xfrin.datasrc] DATASRC_SQLITE_CONNCLOSE Closing sqlite database
The configuration of this slave server is as follows:
> config show all
Logging/loggers[0]/name "*" string
Logging/loggers[0]/severity "DEBUG" string
Logging/loggers[0]/debuglevel 40 integer
Logging/loggers[0]/additive false boolean (default)
Logging/loggers[0]/output_options[0]/destination "file" string
Logging/loggers[0]/output_options[0]/output "/var/bind10-devel/bind10.log" string
Logging/loggers[0]/output_options[0]/flush true boolean
Logging/loggers[0]/output_options[0]/maxsize 1048576 integer
Logging/loggers[0]/output_options[0]/maxver 16 integer
Cmdctl/key_file "/etc/bind10-devel/cmdctl-keyfile.pem" string (default)
Cmdctl/cert_file "/etc/bind10-devel/cmdctl-certfile.pem" string (default)
Cmdctl/accounts_file "/etc/bind10-devel/cmdctl-accounts.csv" string (default)
Zonemgr/lowerbound_refresh 10 integer (default)
Zonemgr/lowerbound_retry 5 integer (default)
Zonemgr/max_transfer_timeout 14400 integer (default)
Zonemgr/refresh_jitter 0.25 real (default)
Zonemgr/reload_jitter 0.75 real (default)
Zonemgr/secondary_zones[0]/class "IN" string
Zonemgr/secondary_zones[0]/name "jaspain.biz" string
Zonemgr/secondary_zones[1]/class "IN" string
Zonemgr/secondary_zones[1]/name "jaspain.info" string
Zonemgr/secondary_zones[2]/class "IN" string
Zonemgr/secondary_zones[2]/name "jaspain.net" string
Zonemgr/secondary_zones[3]/class "IN" string
Zonemgr/secondary_zones[3]/name "jaspain.us" string
Zonemgr/secondary_zones[4]/class "IN" string
Zonemgr/secondary_zones[4]/name "jspain.us" string
Xfrin/transfers_in 10 integer (default)
Xfrin/zones[0]/name "jaspain.biz" string
Xfrin/zones[0]/class "IN" string (default)
Xfrin/zones[0]/master_addr "<IPv6 Address of Bind9.9 Inline Signing Server>" string
Xfrin/zones[0]/master_port 53 integer (default)
Xfrin/zones[0]/tsig_key "nsb0s-nsb1:<Base-64 Key>:hmac-sha256" string
Xfrin/zones[0]/use_ixfr false boolean (default)
Xfrin/zones[1]/name "jaspain.info" string
Xfrin/zones[1]/class "IN" string (default)
Xfrin/zones[1]/master_addr "<IPv6 Address of Bind9.9 Inline Signing Server>" string
Xfrin/zones[1]/master_port 53 integer (default)
Xfrin/zones[1]/tsig_key "nsb0s-nsb1:<Base-64 Key>:hmac-sha256" string
Xfrin/zones[1]/use_ixfr false boolean (default)
Xfrin/zones[2]/name "jaspain.net" string
Xfrin/zones[2]/class "IN" string (default)
Xfrin/zones[2]/master_addr "<IPv6 Address of Bind9.9 Inline Signing Server>" string
Xfrin/zones[2]/master_port 53 integer (default)
Xfrin/zones[2]/tsig_key "nsb0s-nsb1:<Base-64 Key>:hmac-sha256" string
Xfrin/zones[2]/use_ixfr false boolean (default)
Xfrin/zones[3]/name "jaspain.us" string
Xfrin/zones[3]/class "IN" string (default)
Xfrin/zones[3]/master_addr "<IPv6 Address of Bind9.9 Inline Signing Server>" string
Xfrin/zones[3]/master_port 53 integer (default)
Xfrin/zones[3]/tsig_key "nsb0s-nsb1:<Base-64 Key>:hmac-sha256" string
Xfrin/zones[3]/use_ixfr false boolean (default)
Xfrin/zones[4]/name "jspain.us" string
Xfrin/zones[4]/class "IN" string (default)
Xfrin/zones[4]/master_addr "<IPv6 Address of Bind9.9 Inline Signing Server>" string
Xfrin/zones[4]/master_port 53 integer (default)
Xfrin/zones[4]/tsig_key "nsb0s-nsb1:<Base-64 Key>:hmac-sha256" string
Xfrin/zones[4]/use_ixfr false boolean (default)
tsig_keys/keys[0] "nsb0s-nsb1:<Base-64 Key>:hmac-sha256" string
Auth/database_file "/var/bind10-devel/zone.sqlite3" string (default)
Auth/datasources [] list (default)
Auth/statistics-interval 60 integer (default)
Auth/listen_on[0]/address "::" string (default)
Auth/listen_on[0]/port 53 integer (default)
Auth/listen_on[1]/address "0.0.0.0" string (default)
Auth/listen_on[1]/port 53 integer (default)
Boss/components/b10-zonemgr/special null string
Boss/components/b10-zonemgr/process null string
Boss/components/b10-zonemgr/kind "dispensable" string
Boss/components/b10-zonemgr/address "Zonemgr" string
Boss/components/b10-zonemgr/params [] list
Boss/components/b10-zonemgr/priority null integer
Boss/components/b10-auth/special "auth" string
Boss/components/b10-auth/process null string
Boss/components/b10-auth/kind "needed" string
Boss/components/b10-auth/address null string
Boss/components/b10-auth/params [] list
Boss/components/b10-auth/priority null integer
Boss/components/b10-xfrin/special null string
Boss/components/b10-xfrin/process null string
Boss/components/b10-xfrin/kind "dispensable" string
Boss/components/b10-xfrin/address "Xfrin" string
Boss/components/b10-xfrin/params [] list
Boss/components/b10-xfrin/priority null integer
Boss/components/b10-stats/special null string
Boss/components/b10-stats/process null string
Boss/components/b10-stats/kind "dispensable" string
Boss/components/b10-stats/address "Stats" string
Boss/components/b10-stats/params [] list
Boss/components/b10-stats/priority null integer
Boss/components/b10-cmdctl/special "cmdctl" string
Boss/components/b10-cmdctl/process null string
Boss/components/b10-cmdctl/kind "needed" string
Boss/components/b10-cmdctl/address null string
Boss/components/b10-cmdctl/params [] list
Boss/components/b10-cmdctl/priority null integer
I can send you the capture file, log files, and configurations of the other servers if that would be of any help. On the other hand, further troubleshooting is probably a waste of effort if you are planning to rework the Zonemgr module anyway. If there are existing ticket numbers relating to that project, would you please send them to me. Thanks. Jeff.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
More information about the bind10-users
mailing list