BIND 9 - force secondary to update/refresh from primary

[ato...@people.net.au]

We will be upgrading from BIND 8 to BIND 9 on Windows 2000 Server, the
plan is to upgrade the secondary name server first and do the primary
later (not on the same day).

After upgrading the secondary, we want to make sure zone transfer from
the primary (BIND 8) still works, so we will be making changes to a test
zone in the primary name server (i.e. incrementing the serial number).
Instead of waiting for it to happen, is it possible to force the
secondary to update/refresh the zone without using rndc?

TIA

Peter

[Matus UHLAR - fantomas]

rndc retransfer <zone>

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

[Sotiris Tsimbonis]

On 08/05/2008 04:13 PM, ato...@people.net.au wrote:
> We will be upgrading from BIND 8 to BIND 9 on Windows 2000 Server, the
> plan is to upgrade the secondary name server first and do the primary
> later (not on the same day).
>
> After upgrading the secondary, we want to make sure zone transfer from
> the primary (BIND 8) still works, so we will be making changes to a test
> zone in the primary name server (i.e. incrementing the serial number).
> Instead of waiting for it to happen, is it possible to force the
> secondary to update/refresh the zone without using rndc?

Remove the stored zonefiles from secondary's disk, so it will be forced
to re-transfer the next time it starts..

Sot.

[Karl Auer]

On Tue, 2008-08-05 at 16:51 +0300, Sotiris Tsimbonis wrote:
> On 08/05/2008 04:13 PM, ato...@people.net.au wrote:
> > After upgrading the secondary, we want to make sure zone transfer from
> > the primary (BIND 8) still works, so we will be making changes to a test
> > zone in the primary name server (i.e. incrementing the serial number).
> > Instead of waiting for it to happen, is it possible to force the
> > secondary to update/refresh the zone without using rndc?

You shouldn't need to do anything - NOTIFY messages from the primary to
the secondaries should trigger a zone transfer request from the
secondaries.

Try it - change your test zone and see how quickly your secondaries grab
the new zone data. It should be pretty much immediately after you reload
the zone on your primary. Depending on what logging you have set up, you
should see (on the primary) log messages about notifies being sent and
(on the secondaries) log messages about receiving notifies.

If the secondaries you are upgrading are not "official" you can use the
also-notify option on the primary to make sure that all necessary
servers get sent NOTIFY messages.

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at : random.sks.keyserver.penguin.de

[Jeff Lightner]

Responses should probably be based on reading what the OP wrote.

"without using rndc" was in the question.

-----Original Message-----
From: bind-use...@isc.org [mailto:bind-use...@isc.org] On
Behalf Of Matus UHLAR - fantomas
Sent: Tuesday, August 05, 2008 9:51 AM
To: bind-...@isc.org
Subject: Re: BIND 9 - force secondary to update/refresh from primary

On 05.08.08 23:13, ato...@people.net.au wrote:
> We will be upgrading from BIND 8 to BIND 9 on Windows 2000 Server, the

> plan is to upgrade the secondary name server first and do the primary
> later (not on the same day).
>

> After upgrading the secondary, we want to make sure zone transfer from

> the primary (BIND 8) still works, so we will be making changes to a
test
> zone in the primary name server (i.e. incrementing the serial number).

> Instead of waiting for it to happen, is it possible to force the
> secondary to update/refresh the zone without using rndc?

rndc retransfer <zone>

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.

----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

[Matus UHLAR - fantomas]

> On 08/05/2008 04:13 PM, ato...@people.net.au wrote:
> > We will be upgrading from BIND 8 to BIND 9 on Windows 2000 Server, the
> > plan is to upgrade the secondary name server first and do the primary
> > later (not on the same day).
> >
> > After upgrading the secondary, we want to make sure zone transfer from
> > the primary (BIND 8) still works, so we will be making changes to a test
> > zone in the primary name server (i.e. incrementing the serial number).
> > Instead of waiting for it to happen, is it possible to force the
> > secondary to update/refresh the zone without using rndc?

On 05.08.08 16:51, Sotiris Tsimbonis wrote:
> Remove the stored zonefiles from secondary's disk, so it will be forced
> to re-transfer the next time it starts..

Oh, sorry.

rm <zonefile>
killall -1 named

should work, although rndc is more effective.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.

The early bird may get the worm, but the second mouse gets the cheese.

[Mark Andrews]

> > On 08/05/2008 04:13 PM, ato...@people.net.au wrote:
> > > We will be upgrading from BIND 8 to BIND 9 on Windows 2000 Server, the
> > > plan is to upgrade the secondary name server first and do the primary
> > > later (not on the same day).
> > >
> > > After upgrading the secondary, we want to make sure zone transfer from
> > > the primary (BIND 8) still works, so we will be making changes to a test
> > > zone in the primary name server (i.e. incrementing the serial number).
> > > Instead of waiting for it to happen, is it possible to force the
> > > secondary to update/refresh the zone without using rndc?
>
> On 05.08.08 16:51, Sotiris Tsimbonis wrote:
> > Remove the stored zonefiles from secondary's disk, so it will be forced
> > to re-transfer the next time it starts..
>
> Oh, sorry.
>
> rm <zonefile>
> killall -1 named
>
> should work, although rndc is more effective.

No, that won't work. Reload (kill -1) does not look at the
disk for slave zones.

If one wants to avoid using rndc then the only proceedure is:

stop named
remove the master file
start named

I would however suggest that the OP set up rndc. It works under
windows and is the best tool for controling named.

Mark

> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> The early bird may get the worm, but the second mouse gets the cheese.
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_A...@isc.org

[l...@people.net.au]

We will be upgrading from BIND 8 to BIND 9, the plan is to upgrade the

secondary name server first and do the primary later (not on the same day).

After upgrading the secondary, we want to make sure zone transfer from
the primary (BIND 8) still works, so we will be making changes to a test
zone in the primary name server (i.e. incrementing the serial number).
Instead of waiting for it to happen, is it possible to force the
secondary to update/refresh the zone without using rndc?

TIA

Peter

[netcat]

In article <g79jts$vtm$1...@sf1.isc.org>, ato...@people.net.au says...

The primary will notify the secondary, itself, when you reload the
changed zone. You don't have to force it or wait for it, unless you've
gone and turned notify off in the options.

rgds,
netcat

[Karl Auer]

On Wed, 2008-08-06 at 10:23 +1000, Mark Andrews wrote:
> If one wants to avoid using rndc then the only proceedure is:
>
> stop named
> remove the master file
> start named

The OP said that he would be changing the serial number on the master,
so it shouldn't be necessary to force anything, should it? NOTIFY should
do the job.

Of course, if something is stopping the NOTIFYs, then stop/zot/start is
the only non-rndc option.

[Karl Auer]

On Wed, 2008-08-06 at 11:19 +1000, Res wrote:
> > The OP said that he would be changing the serial number on the master,
> > so it shouldn't be necessary to force anything, should it? NOTIFY should
> > do the job.
>

> He wants to know if it still works, that means do an immediate force
> transfer, so Marks suggestion is the best, however, I only differ to Mark
> in that I suggest to backup your zone files before you delete them :)
If NOTIFYs are working, the reload will have happened almost before he
can change windows to start deleting the zone file on the secondary. In
fact, there's a pretty good chance that the zone file he deletes will
already contain the new data!

It won't hurt to wait ten seconds then look at the zone on the secondary
to see if it has already reloaded. If it hasn't, then by all means get
out the sledgehammer...

[Karl Auer]

On Wed, 2008-08-06 at 11:55 +1000, Res wrote:

> On Wed, 6 Aug 2008, Karl Auer wrote:
> > It won't hurt to wait ten seconds then look at the zone on the secondary
> > to see if it has already reloaded. If it hasn't, then by all means get
> > out the sledgehammer...
>

> Thats if he really wants to up the serials, there is no need to however.
True - however, changing the serial number and waiting a few seconds to
see if it's all worked the way it is supposed to work is a better
initial step, IMHO.

If it doesn't work the way it's supposed to then I guess deleting zones
files and restarting servers is OK...

[ato...@people.net.au]

Karl Auer wrote:
> On Wed, 2008-08-06 at 11:55 +1000, Res wrote:
>
>> On Wed, 6 Aug 2008, Karl Auer wrote:
>>
>>> It won't hurt to wait ten seconds then look at the zone on the secondary
>>> to see if it has already reloaded. If it hasn't, then by all means get
>>> out the sledgehammer...
>>>
>> Thats if he really wants to up the serials, there is no need to however.
>>
> True - however, changing the serial number and waiting a few seconds to
> see if it's all worked the way it is supposed to work is a better
> initial step, IMHO.
>
> If it doesn't work the way it's supposed to then I guess deleting zones
> files and restarting servers is OK...
>
> Regards, K.
>
>

Thanks for the overflowing suggestions and replies.

I tested it earlier by incrementing the serial number of a test zone in
the primary, then reload the primary and the secondary (both running
BIND 8.4.6). The secondary didn't update the zone until 10-15 minutes
later and it's unclear if the delay is a constant. That's why I want to
force a refresh immediately instead of waiting "indefinitely".

[Mark Andrews]

> Thanks for the overflowing suggestions and replies.
>
> I tested it earlier by incrementing the serial number of a test zone in
> the primary, then reload the primary and the secondary (both running
> BIND 8.4.6). The secondary didn't update the zone until 10-15 minutes
> later and it's unclear if the delay is a constant. That's why I want to
> force a refresh immediately instead of waiting "indefinitely".

Remember the file will not necessarially be written
immediately. You need to query the nameserver to determine
if the zone has updated.

Mark

[ato...@people.net.au]

Mark Andrews wrote:
>> Thanks for the overflowing suggestions and replies.
>>
>> I tested it earlier by incrementing the serial number of a test zone in
>> the primary, then reload the primary and the secondary (both running
>> BIND 8.4.6). The secondary didn't update the zone until 10-15 minutes
>> later and it's unclear if the delay is a constant. That's why I want to
>> force a refresh immediately instead of waiting "indefinitely".
>>
>
> Remember the file will not necessarially be written
> immediately. You need to query the nameserver to determine
> if the zone has updated.
>
> Mark
>
>

I queried the secondary name server for a minute or so but nothing
changed. So I setup a schedule to query it every 5 minutes, I looked at
the redirected output an hour later it shows update took place some time
between 10 to 15 minutes.

[Robert Spangler]

On Wednesday 06 August 2008 00:38, ato...@people.net.au wrote:

> I tested it earlier by incrementing the serial number of a test zone in
> the primary, then reload the primary and the secondary (both running
> BIND 8.4.6). The secondary didn't update the zone until 10-15 minutes
> later and it's unclear if the delay is a constant. That's why I want to
> force a refresh immediately instead of waiting "indefinitely".

I remember seeing this behavior with the 9.x versions of Bind when trying some
different ideas. How many master or servers do you have configured that are
allowed to update the zone file? When I had more then one I seen this. Bind
would wait about 10 minutes fro the first one in the list to send the new
zone file. When this didn't happen it accepted the zone file from the other
server.

--

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org