On 8/3/2010 7:50 AM, Atkins, Brian (GD/VA-NSOC) wrote:
Kevin,
Thanks for the good ideas. Here is what I am seeing based on your
recommendations:
1. Zone has expired (to confirm: check logs)
No errors or notices regarding the zone being expired.
2. Corrupted/truncated journal file (to confirm: check logs, or, shut
down gracefully, delete journal and start up again)
I've shut down BIND, removed all files under the slave directory, and
restarted BIND - no help. Other zones that are delegated from the same
server are populated.
3. www.blah.com is a delegation in your slave copy of the zone, and the
delegated nameservers are all returning SERVFAIL, are lame, give bogus
answers, some combination of the above, etc. (to confirm: do the lookup
non-recursively, or a zone transfer of blah.com; if www.blah.com shows
as a delegation, query the delegated nameservers directly and see what
they return)
So, just to be clear: is www.blah.com delegated to another nameserver or
set of nameservers? Or is it contained within the blah.com zone itself?
My option #3 above referred to a relatively-unlikely scenario where a
www.blah.com delegation was (temporarily) present in your slave copy,
even though you indicated that on the master server, www.blah.com was
contained in the blah.com zone.
I am able to query the master directly, without issue as well as perform
a zone transfer (though I get an error, ";; communications error to
10.x.x.x#53: connection reset"). I'm assuming that this is due to the
fact that the response is greater than 512 bytes perhaps.
The 512-byte restriction only applies to UDP.
Sounds like you may have a problem with performing TCP transactions with
the master, most likely because of naively-implemented firewall rules.
You can confirm or deny this via the "+vc" (virtual circuit = TCP)
option to "dig".
If TCP between you and the master is completely broken, your zone
transfers aren't going to work and the zone will expire, if it hasn't
already. I'd double-check whether the zone is expired, maybe by
restarting named with a high debug level.
It's a little troubling that other slave zones -- I assume that's what
you meant when you said "that are delegated" -- from the same master are
working. But, are all the EXPIRE settings the same? Maybe this is just
the _first_ zone that expired.
Again, the logs should help here. Are zone transfers succeeding or
failing for blah.com and for other zones. If there are failures, what
are the error messages in the logs?
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
