I've got one follow-up question: As reported we were unable to transfer the root zone for 1 week, then the expire time was over and we had an outage. Now we've seen in the logs many many log entries as the following on slave nameservers during that week when our local copy were still valid but the transfer was failing:
09-Jan-2020 16:24:23.361 edns-disabled: success resolving 'some-random-hostname.some-domain.de/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets Besides the EDNS problem: it says (in '.'?). What does this mean? The setup is like this: Proxy dmz with local forwarding bind => internet bind => internet The error above occurred on the forwarding bind in the proxy dmz. best regards, Tom -----Ursprüngliche Nachricht----- Von: von Dein, Thomas Gesendet: Dienstag, 11. Februar 2020 14:45 An: 'Tony Finch' <d...@dotat.at>; Warren Kumari <war...@kumari.net> Cc: bind-users@lists.isc.org Betreff: AW: Unable to completely transfer root zone Hi, > So maybe try setting `request-ixfr no;` and see if that improves matters. Nope, didn't change anything. Also, I was wrong when I stated that dig works, it does not. It transfers only a part of the zone as well. However, in the meantime we found, that some component drops packets. I implemented my own "root nameserver" and lots of packets sent out from it are not arriving here. So, not bind9's fault. Thanks a lot for your help anyway people! best, Tom _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
