Mark: Your patch version 3 is included below to confirm that this is the
correct one. Initially the patch didn't work properly due to a missing line
break before "@@ -5993,6 +5994,12 @@". I fixed that and ran the bind9.9.0rc3
installation again. A manual inspection of server.c afterwards indicated that
the patch executed correctly.
With the properly patched bind 9.9.0rc3 running, 'rndc retransfer jaspain.biz'
generated no output, presumably indicating success.
The log showed some related error messages, however:
Feb 22 13:50:43 nsb0s named[8594]: received control channel command 'retransfer
jaspain.biz'
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (unsigned): Transfer
started.
Feb 22 13:50:43 nsb0s named[8594]: transfer of 'jaspain.biz/IN (unsigned)' from
2001:4870:20ca:158:14ff:7695:9632:e9ec#53: connected using
2001:4870:20ca:158:383e:4365:e3fe:ef7e#45705
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (unsigned): transferred
serial 2012013004: TSIG 'nsb0-nsb0s'
Feb 22 13:50:43 nsb0s named[8594]: transfer of 'jaspain.biz/IN (unsigned)' from
2001:4870:20ca:158:14ff:7695:9632:e9ec#53: Transfer completed: 1 messages, 10
records, 392 bytes, 0.005 secs (78400 bytes/sec)
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed): zone serial
(2012013004/2012013006) has gone backwards
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed): loaded serial
2012013004
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed):
receive_secure_serial: unchanged
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed):
receive_secure_serial: unchanged
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed): reconfiguring
zone keys
Feb 22 13:50:43 nsb0s named[8594]: malformed transaction:
/var/cache/bind/jaspain.biz.db.signed.jnl last serial 2012013006 != transaction
first serial 2012013004
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed):
zone_rekey:dns_journal_write_transaction -> unexpected error
Feb 22 13:50:43 nsb0s named[8594]: zone jaspain.biz/IN (signed): sending
notifies (serial 2012013004)
Seems like it is confusing the serial numbers of the signed and unsigned zones.
2012013004 is the incremented serial number of the unsigned zone. The signed
zone had serial number 2012013006 prior to the retransfer attempt. Tcpdump
showed a successful AXFR of the unsigned zone with serial number 2012013004.
Thanks. Jeff.
----------
Patch version 3:
Index: bin/named/server.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/server.c,v
retrieving revision 1.638.4.3
diff -u -r1.638.4.3 server.c
--- bin/named/server.c 7 Feb 2012 00:58:40 -0000 1.638.4.3
+++ bin/named/server.c 21 Feb 2012 23:05:47 -0000
@@ -5986,6 +5986,7 @@
ns_server_retransfercommand(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
+ dns_zone_t *raw = NULL;
dns_zonetype_t type;
result = zone_from_args(server, args, NULL, &zone, NULL, ISC_TRUE); @@
-5993,6 +5994,12 @@
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
+ dns_zone_getraw(zone, &raw);
+ if (raw != NULL) {
+ dns_zone_detach(&zone);
+ dns_zone_attach(raw, &zone);
+ dns_zone_detach(&raw);
+ }
type = dns_zone_gettype(zone);
if (type == dns_zone_slave || type == dns_zone_stub)
dns_zone_forcereload(zone);
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
