Hello Bob, thank you for the support. please find the answer below 1.yes , I have already update the serial number from master server ,it is not a stealth master, it can provide the dns resolution publicly 2. [image: image.png] 3. they can communicate without any block by using internal ip address ,for the public ip address communication, there is ACL between them ,but I have already allow port 53(udp and tcp) for everyone .
4.now I have enabled querylog [image: image.png] 5. Since i was thinking just wanna be easy so that I shutdown the slave server , now I have already enable the slave server . but the serial number is different with the master server ,even if I restart/reload the service from slave server . thank in advance for the help . On Thu, May 26, 2022 at 12:30 AM Bob McDonald <bmcdonal...@gmail.com> wrote: > I also get the same value for the serial number from a dig soa . > > A couple of questions. > > 1) I assume you are updating the serial number on the master (primary) > zone file. Correct? Is this a stealth (hidden) master? > 2) On that same server, what are your values for NOTIFY and if specified, > EXPLICIT-NOTIFY. > 3) Is there a firewall between the master (primary) and any.all slave > (secondary) servers? If yes, does the firewall allow port 53 botj UDP > and TCP traffic between those servers? > 4) Are you logging everything? (yeah, I know query logging can use alot of > resources) > > Just from a cursory glance at the zone with dig, it looks as though the > domain wasn't reloaded. > > Also, it looks like NS2 doesn't responf. > > Bob > -- Best Regards Bian Mingkai (边明凯)
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
