On Mon, Jul 13, 2015 at 2:15 PM, Lucio Crusca <lu...@sulweb.org> wrote:
> > You have been persuasive enough, I'm definitely going to raise the expire > value, but now the question is: are the SERVFAIL replies a consequence of > the low expire value? > It doesn't help your cause _at_all_. There could be a few reasons why you're getting SERVFAIL responses from your second nameserver, but the zone being expired is the most likely. Check everything: - physical connectivity between ns2 and ns1 - zone transfer settings (allow-transfer, allow-notify, TSIG settings and keys, etc.) A sample troubleshooting sequence run from ns2 might look something like: - Can you ping ns1 from ns2? - Can you query ns1 (dig @ns1) from ns2? - Can you do a manual zone transfer from ns1 to ns2: dig @ns1 aquilacorde.com AXFR - If you're using TSIG for your zone transfers, you'll need to set the appropriate options in dig. - On ns2, can you run "rndc reload" on aquilacorde.com? What do your logs say when you do this? - What happens when you increment the zone's serial number on ns1? Does ns1 automatically send a NOTIFY? - If you're able (there aren't other zones to worry about), what happens when you restart BIND on ns2? What do the logs say? If you've done most of these troubleshooting steps, you'll know whether you have: - basic network connectivity - basic DNS connectivity (UDP port 53) - DNS zone transfer connectivity (TCP port 53; AXFR uses TCP) - DNS zone transfer ability - useful logging and... CHANGE YOUR EXPIRE VALUE NOW!! John
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
