On 14.02.20 09:32, von Dein, Thomas wrote:
As reported we were unable to transfer the root zone for 1 week, then the
expire time was over and we had an outage.
unfortunately this happens when you decide to mirror root zone and it fails.
you should use more primary servers when possible and change root zone type
from secondary
to hint if it fails.
Note that rarely someone needs to have local copy of the root zone.
Now we've seen in the logs
many many log entries as the following on slave nameservers during that
week when our local copy were still valid but the transfer was failing:
09-Jan-2020 16:24:23.361 edns-disabled: success resolving
'some-random-hostname.some-domain.de/A' (in '.'?) after reducing the
advertised EDNS UDP packet size to 512 octets
Besides the EDNS problem: it says (in '.'?). What does this mean?
don't you have any problem with "intelligent" firewall on your side?
If you use cisco routers, ask network admins to disable any DNS "fixup"
functionality, because that usually causes problems.
The setup is like this:
Proxy dmz with local forwarding bind => internet bind => internet
why not client => bind => internet?
one bind is superflous there, isdn't it?
The error above occurred on the forwarding bind in the proxy dmz.
so the problem firewall is between "forwarding bind" and
"internet bind"
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
