Re: slave transfer problems

Wed, 29 Apr 2009 20:39:26 -0700 

On Apr 29, 2009, at 5:03 PM, Barry Margolin wrote:


In article <gtamqt$1k...@sf1.isc.org>,
Scott Haneda <talkli...@newgeo.com> wrote:



like my machine, .14 is refusing their refresh request.  Do I need to
allow-recursion for their NS0?



No, you shouldn't need allow-recursion.  You might need allow-query,  
if

you're not allowing to all.



I do not have it set, and am not finding in the docs what the default  
is, I assume all or my DNS would just not work?



Computer:       NS0
Description:
zone someone-else.com/IN: refused notify from non-master:
xx.xx.37.6#56516


This is a valid domain, current records, should be working fine.  Is
the refusal because they are asking  xx.xx.37.6?  Yes, this IP is on
the same machine, but that IP is used for http, and not DNS. So in
this case, my transfer source is  xx.xx.37.14, and they hit  xx.xx.


Unless your machine is a slave, it doesn't need the transfer-source
option.



Yes, I am a slave for a few people, pretty low load, but indeed, I do  
have a few hundred zones I am salving.



37.6, which named is not listening on, and get the above error?


Try setting notify-source to xx.xx.37.14.



Neat, I was not aware of that, so when my machine sends out a notify,  
it probably is using whatever IP it wants to, maybe the first, this  
would like it down?



Those are the only two they gave me, but the general problem is, I  
can

update a zone, change the serial, issue rndc reload, and see my logs
show a notify sent their way.  It can then take anywhere from a few
minutes, to hours, to sometimes days to get the change to hit the
secondary.



Even if there's a problem with the notify, it shouldn't take much  
longer

than the refresh time in the SOA record.  I recommend setting this to
something in the neighborhood of an hour, so that there isn't too much
of a lag if the notify is lost.


This is pretty par for the course template I use
                200810011       ; serial, todays date + todays serial #
                8H              ; refresh
                2H              ; retry
                4W              ; expire
                1H )            ; minimum


Are you saying to drop the 8H one down to 1H?  I was pretty sure I  
followed RFC on the values above.  That zone setting above means I am  
looking at 8 Hours if the notify fails?


Thanks
--
Scott * If you contact me off list replace talklists@ with scott@ *

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to