Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Slave to Win2003 DNS

2 views
Skip to first unread message

Jukka Pakkanen

unread,
Oct 31, 2009, 6:07:13 AM10/31/09
to bind-...@lists.isc.org
Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS
server, zone "company.local".

For some reason the slaves don't update the zone unless I restart the
BIND service in the server, and after a while, fail to respond to queries.

Example, after a couple of days since the last restart, the BIND servers
stops responding to queries to "company.local" (SERVFAIL), at the server
I can see that the cache file is not updated since the service was
previously started. I restart BIND service, and immediately the cache
file is updated, server again responses to queries etc.

I suspect this is not a problem in the BIND, but in the Windows 2003
DNS, but any ideas anyway, what to look in the server? Haven't been
playing with the Windows DNS a lot...

Jukka

Matus UHLAR - fantomas

unread,
Nov 1, 2009, 8:46:02 AM11/1/09
to bind-...@lists.isc.org

Is the master updating SOA serial?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.

Jukka Pakkanen

unread,
Nov 1, 2009, 9:59:55 AM11/1/09
to bind-...@lists.isc.org, Matus UHLAR - fantomas
Matus UHLAR - fantomas kirjoitti:

> On 31.10.09 12:07, Jukka Pakkanen wrote:
>
>> Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS
>> server, zone "company.local".
>>
>> For some reason the slaves don't update the zone unless I restart the
>> BIND service in the server, and after a while, fail to respond to
>> queries.
>>
>> Example, after a couple of days since the last restart, the BIND servers
>> stops responding to queries to "company.local" (SERVFAIL), at the server
>> I can see that the cache file is not updated since the service was
>> previously started. I restart BIND service, and immediately the cache
>> file is updated, server again responses to queries etc.
>>
>> I suspect this is not a problem in the BIND, but in the Windows 2003
>> DNS, but any ideas anyway, what to look in the server? Haven't been
>> playing with the Windows DNS a lot...
>>
>
> Is the master updating SOA serial?
>
It is. And "notify name servers " is chosen.

Our slave servers are ns1.qnet.fi, ns2.qnet.fi and ns3.qnet.fi. And the
master win2003 server is xeon.merinova.fi. The zone is merinova.local
and example host xeonx.merinova.local.

At the moment ns3 is not responding to queries to merinova.local.

Also just made few updates to the zone, the serial in the master is 6240
but the responding slaves ns1 and ns2 still report 6239.


Matus UHLAR - fantomas

unread,
Nov 2, 2009, 7:31:18 AM11/2/09
to bind-...@lists.isc.org
>> On 31.10.09 12:07, Jukka Pakkanen wrote:
>>> For some reason the slaves don't update the zone unless I restart the
>>> BIND service in the server, and after a while, fail to respond to
>>> queries.

> Matus UHLAR - fantomas kirjoitti:


>> Is the master updating SOA serial?

On 01.11.09 16:59, Jukka Pakkanen wrote:
> It is. And "notify name servers " is chosen.
>
> Our slave servers are ns1.qnet.fi, ns2.qnet.fi and ns3.qnet.fi. And the
> master win2003 server is xeon.merinova.fi. The zone is merinova.local
> and example host xeonx.merinova.local.
>
> At the moment ns3 is not responding to queries to merinova.local.
>
> Also just made few updates to the zone, the serial in the master is 6240
> but the responding slaves ns1 and ns2 still report 6239.

there should be something in logs of your BIND servers in such case...


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.

Spam = (S)tupid (P)eople's (A)dvertising (M)ethod

Jukka Pakkanen

unread,
Nov 2, 2009, 7:51:39 AM11/2/09
to bind-...@lists.isc.org
Matus UHLAR - fantomas kirjoitti:
>>> On 31.10.09 12:07, Jukka Pakkanen wrote:
>>>
>>>> For some reason the slaves don't update the zone unless I restart the
>>>> BIND service in the server, and after a while, fail to respond to
>>>> queries.
>>>>
>
>
>> Matus UHLAR - fantomas kirjoitti:
>>
>>> Is the master updating SOA serial?
>>>
>
> On 01.11.09 16:59, Jukka Pakkanen wrote:
>
>> It is. And "notify name servers " is chosen.
>>
>> Our slave servers are ns1.qnet.fi, ns2.qnet.fi and ns3.qnet.fi. And the
>> master win2003 server is xeon.merinova.fi. The zone is merinova.local
>> and example host xeonx.merinova.local.
>>
>> At the moment ns3 is not responding to queries to merinova.local.
>>
>> Also just made few updates to the zone, the serial in the master is 6240
>> but the responding slaves ns1 and ns2 still report 6239.
>>
>
> there should be something in logs of your BIND servers in such case...
>

Actually the ns1 & ns2 had updated the serial when I checked now, ns3
still "servfail". Restarted the BIND service and immediately the zone
is online again in that server as well...


bsfi...@anl.gov

unread,
Nov 2, 2009, 9:58:03 AM11/2/09
to bind-...@lists.isc.org
Jukka Pakkanen <jukka.p...@qnet.fi> wrote:

>Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS
>server, zone "company.local".
>

>For some reason t he slaves don't update the zone unless I restart the

>BIND service in the server, and after a while, fail to respond to queries.
>

>Example, after a couple of days since the last restart, the BIND servers
>stops responding to queries to "company.local" (SERVFAIL), at the server
>I can see that the cache file is not updated since the service was
>previously started. I restart BIND service, and immediately the cache
>file is updated, server again responses to queries etc.
>
>I suspect this is not a problem in the BIND, but in the Windows 2003
>DNS, but any ideas anyway, what to look in the server? Haven't been
>playing with the Windows DNS a lot...

I have seen the three replies to this, and I will add the following:

Is the W2003 DNS Server sending NOTIFY packets to the BIND slaves
when a zone is updated? One of the problems with the Windows DNS
Server is that it logs only successful zone transfers. Unsuccessful
zone transfers are not logged because the MS Developers did not want
to fill the EventLog with these entries. A number of years ago, when
we installed AD and put the AD zones on a MS W2000 DNS Server, we
formally requested that MS log unsuccessful zone transfers along with
some information as to why the transfer was rejected.

Do you have DNS logging enabled on the MS DNS Server? I suggest that
full logging be enabled, and the dns.log file be made sufficiently
large so that you will be able to see what may be happening. Note
that the dns.log file increases in size until it reaches its max
size; then it is cleared, and new entries are added. The dns.log
file is NOT a syslog file, as we in the Unix community are used to
using.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: BSFi...@anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994

Jukka Pakkanen

unread,
Nov 2, 2009, 10:29:53 AM11/2/09
to bsfi...@anl.gov, bind-...@lists.isc.org
bsfi...@anl.gov kirjoitti:

> Jukka Pakkanen <jukka.p...@qnet.fi> wrote:
>
>
>> Our Bind 9.6.1-P1 Windows servers are slaves to a Windows 2003 DNS
>> server, zone "company.local".
>>
>> For some reason t he slaves don't update the zone unless I restart the
>> BIND service in the server, and after a while, fail to respond to queries.
>>
>> Example, after a couple of days since the last restart, the BIND servers
>> stops responding to queries to "company.local" (SERVFAIL), at the server
>> I can see that the cache file is not updated since the service was
>> previously started. I restart BIND service, and immediately the cache
>> file is updated, server again responses to queries etc.
>>
>> I suspect this is not a problem in the BIND, but in the Windows 2003
>> DNS, but any ideas anyway, what to look in the server? Haven't been
>> playing with the Windows DNS a lot...
>>
>
> I have seen the three replies to this, and I will add the following:
>
> Is the W2003 DNS Server sending NOTIFY packets to the BIND slaves
> when a zone is updated?
I suppose it is, because earlier today when I checked the serial number
was updated in the master since the weekend, and the two working slaves
had the updated serial as well. And when made a change to the zone, they
updated the zone file in a short time as well. Also if you check the
servers right now, they are already at "6278", so looks like the notify
& zone transfers work ok.

But for still unknown reason the slaves at some point stop responding
queries to this zone (servfail) and won't recover until service restart.
Maybe after the zone data is expired (24hrs), if not refreshed/updated
before that??

These same servers are slaves to a bind master, and have no problems there.

> Do you have DNS logging enabled on the MS DNS Server? I suggest that
> full logging be enabled, and the dns.log file be made sufficiently
> large so that you will be able to see what may be happening. Note
> that the dns.log file increases in size until it reaches its max
> size; then it is cleared, and new entries are added. The dns.log
> file is NOT a syslog file, as we in the Unix community are used to
> using.
>

I'll check that and enable if not already.


0 new messages