Re: refresh failure despite ability to do AXFR and IXFR via command line

This is a discussion on Re: refresh failure despite ability to do AXFR and IXFR via command line within the Bind Users forums, part of the DNS and Related Forums category; On Mon, 19 Jul 2004 19:35:30 -0400 (EDT), Mark Jeftovic <mark@jeftovic.net> wrote: > This ...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page Re: refresh failure despite ability to do AXFR and IXFR via command line

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-21-2004
Ronan Flood
 
Posts: n/a
Default Re: refresh failure despite ability to do AXFR and IXFR via command line
On Mon, 19 Jul 2004 19:35:30 -0400 (EDT),
Mark Jeftovic <mark@jeftovic.net> wrote:

> This other case I have access to the master, it is running 8.4.1-REL via
> some "hsphere" system I'm unfamiliar with.

This? http://www.psoft.net/h_sphere2_info.html

> But the symptoms are the same, I can do an AXFR from the command line
> using host or dig and I can see it arrive in the logs on the master:
>
> Jul 19 18:16:34 cp named[2695]: approved AXFR from [192.168.40.250].47650
> for "example.com"
> Jul 19 18:16:34 cp named[2695]: zone transfer (AXFR) of "example.com" (IN)
> to [192.168.40.250].47650 serial 2004071202
>
> But when I do it via the slave with "rndc reload example.com", I just
> get this error in the logs immediately on the slave side (bind9.2.3):
>
> Jul 19 19:23:57 ds2 named[1879]: zone example.com/IN: refresh: failure
> trying master 24.227.181.110#53: timed out
>
> happens a bunch of times and then
>
> Jul 19 19:27:43 ds2 named[1879]: zone example.com/IN: refresh: retry limit
> for master 24.227.181.110#53 exceeded
>
> So on the face of it it seems as if the nameserver gets stuck on
> *something* and the request doesn't even make it to the master.
>
> (Like I said previously, this slave has about 80K zones on it, so it is
> not a system wide problem, and as I try this there are 0 xfers running and
> 9 soa queries in progress)
>
> Everything else works, i.e. AXFR and IXFR can both be obtained using host
> or dig.

One difference between dig/host and named when doing a zone transfer
is that named will do a UDP query for the SOA first, to compare the
serial number with its local copy of the zone. Can you do that?
Do you see it in the log on the master if you have query-logging on?

Have you got anything in the named.conf on the slave like query-source
or transfer-source, or allow-transfer on the master? Um, obvious
question but: you are using dig/host on the same system on which the
slave named runs?

--
Ronan Flood <R.Flood@noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 07:47 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0