jean-christophe manciot <actionmysti...@gmail.com> wrote: wow something has chewed up your message and vomited it out again but some of the remnants are vaguely legible...
> - the debug log shows that the zone transfer has *successfully* taken place > on the primary towards the secondary server: > > - actually, the zone transfer could not have succeeded because the port 53 > was closed on the secondary server for the master I'm not sure this belief is entirely solid, given what the logs said. > - indeed, the secondary server has no knowledge of the new data: > > # named-checkzone -D -f raw -o - sdxlive.com [snip] You have to use the -j option to include any changes recorded in the zone's journal, otherwise you are almost certainly looking at a stale version of the zone. If a zone is loaded and running, I usually find it is easier to use `dig axfr` (or `host -lA` if I don't want DNSSEC clutter), instead of named-compilezone, and `dig soa` instead of `named-checkzone`. You can try `nsdiff -m primary -s secondary zone` to verify that the zone files are consistent <http://www.dotat.at/prog/nsdiff/>, e.g. $ nsdiff -m pri0.dns.cam.ac.uk -s auth0.dns.cam.ac.uk cam.ac.uk nsdiff: loading zone cam.ac.uk. via AXFR from auth0.dns.cam.ac.uk zone cam.ac.uk/IN: loaded serial 1571232847 (DNSSEC signed) OK nsdiff: loading zone cam.ac.uk. via AXFR from pri0.dns.cam.ac.uk zone cam.ac.uk/IN: loaded serial 1571232847 (DNSSEC signed) OK $ [ I'm obviously massively biased, but `nsdiff` is amazingly reassuring when you are doing big DNS provisioning infrastructure changes. ] > - whatever I try, it seems impossible to retransfer the zone data now that > the port 53 is open on the primary: You can: * run `rndc retransfer` on the secondary * run `rndc notify` on the master to maybe prompt a retransfer, depending on whether the secondaries are up to date * bump the serial on the primary again to prompt a retransfer by persuading the secondaries they are out of date A primary can't force a transfer to a secondary, it can only send the secondary a NOTIFY to suggest that the secondary might want to transfer. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Northwest Fitzroy, Sole: Southwesterly 4 to 6, increasing 7 or gale 8. Rough or very rough becoming very rough or high. Showers. Good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users