jean-christophe manciot <> wrote:

wow something has chewed up your message and vomited it out again but some
of the remnants are vaguely legible...

> - the debug log shows that the zone transfer has *successfully* taken place
> on the primary towards the secondary server:
> - actually, the zone transfer could not have succeeded because the port 53
> was closed on the secondary server for the master

I'm not sure this belief is entirely solid, given what the logs said.

> - indeed, the secondary server has no knowledge of the new data:
> # named-checkzone -D -f raw -o - [snip]

You have to use the -j option to include any changes recorded in the
zone's journal, otherwise you are almost certainly looking at a stale
version of the zone.

If a zone is loaded and running, I usually find it is easier to use `dig
axfr` (or `host -lA` if I don't want DNSSEC clutter), instead of
named-compilezone, and `dig soa` instead of `named-checkzone`.

You can try `nsdiff -m primary -s secondary zone` to verify that the zone
files are consistent <>, e.g.

$ nsdiff -m -s
nsdiff: loading zone via AXFR from
zone loaded serial 1571232847 (DNSSEC signed)
nsdiff: loading zone via AXFR from
zone loaded serial 1571232847 (DNSSEC signed)

[ I'm obviously massively biased, but `nsdiff` is amazingly reassuring
when you are doing big DNS provisioning infrastructure changes. ]

> - whatever I try, it seems impossible to retransfer the zone data now that
> the port 53 is open on the primary:

You can:

* run `rndc retransfer` on the secondary

* run `rndc notify` on the master to maybe prompt a retransfer, depending
  on whether the secondaries are up to date

* bump the serial on the primary again to prompt a retransfer by
  persuading the secondaries they are out of date

A primary can't force a transfer to a secondary, it can only send the
secondary a NOTIFY to suggest that the secondary might want to transfer.

f.anthony.n.finch  <>
Northwest Fitzroy, Sole: Southwesterly 4 to 6, increasing 7 or gale 8. Rough
or very rough becoming very rough or high. Showers. Good, occasionally poor.
Please visit to unsubscribe 
from this list

bind-users mailing list

Reply via email to