Both servers receive the NOTIFY message from NS1. What I see on the logs:
*NS3:*
17-Oct-2018 16:41:00.688 notify: info: client 1.1.1.1#19513/key ns1ns3_key:
view external: received notify for zone 'myzone.com': TSIG 'ns1ns3_key'
*NS5:*
17-Oct-2018 16:40:56.131 notify: info: client 1.1.1.1#32586/key ns1ns5_key:
received notify for zone 'myzone.com': TSIG 'ns1ns5_key'
17-Oct-2018 16:40:56.139 notify: info: zone myzone.com/IN: sending notifies
(serial 2018101910)
The 2nd line is missing on NS3.
At this point NS5 starts the zone copy (*NS1 *logs):
17-Oct-2018 16:41:01.233 xfer-out: info: client 5.5.5.5#40909/key
ns1ns5_key (myzone.com): view internal: transfer of 'myzone.com/IN': AXFR
started: TSIG ns1ns5_key
17-Oct-2018 16:41:01.234 xfer-out: info: client 5.5.5.5#40909/key
ns1ns5_key (myzone.com): view internal: transfer of 'myzone.com/IN': AXFR
ended
At this point NS3 does nothing.
This is not a firewall or networking problem because I can start the
transfer manually.
Best Regards
Στις Τετ, 17 Οκτ 2018 στις 4:35 μ.μ., ο/η Bob Harold <rharo...@umich.edu>
έγραψε:
>
> On Wed, Oct 17, 2018 at 7:23 AM Andreas Brandino <ampra...@gmail.com>
> wrote:
>
>> Hello all,
>>
>> I wonder if anyone can help me to find the cause of the problem I am
>> currently having.
>> All servers are running on Debian and BIND 9.10.3-P4-Debian.
>>
>> I have a master server and 4 slaves.
>> The zone is transfered from the master [ns1] to all slaves [ns3,ns4,ns5
>> and ns6].
>> I am also using TSIG with a different key for each server.
>> Moreover, the zone file refers to the internal view.
>>
>> When I change the myzone.com, I always update the serial and I reload
>> the zone.
>>
>> The problem:
>> ns3 and ns4 never get the updated zone file automatically.
>> On the other hand, ns4 and ns5 always get the updated zone file
>> immediately.
>>
>> If I initialize the transfer manually from ns3 and ns4, I get no errors.
>>
>> Here is the config:
>>
>> NS1 config: (IP 1.1.1.1 - master DNS)
>>
>> zone "myzone.com" {
>> type master;
>> file "/etc/bind/master/myzone.com.INSIDE";
>> allow-transfer { key ns1ns3_key; key ns1ns4_key; key
>> ns1ns5_key; key ns1ns6_key; };
>> also-notify {
>> 3.3.3.3 port 53 key ns1ns3_key;
>> 4.4.4.4 port 53 key ns1ns4_key;
>> 5.5.5.5 port 53 key ns1ns5_key;
>> 6.6.6.6 port 53 key ns1ns6_key;
>> };
>> notify explicit;
>> notify-source 1.1.1.1 ;
>> };
>>
>>
>> NS3 config: (IP 3.3.3.3 - transfer fails)
>>
>> zone " myzone .com" {
>> file "/etc/bind/master/myzone.com.INSIDE";
>> type slave;
>> allow-update { key ns1ns3_key; };
>> masters { 1.1.1.1; };
>> allow-notify { 1.1.1.1; };
>> notify yes;
>> request-ixfr no;
>> };
>>
>> NS5 config: (IP 5.5.5.5, successful transfer)
>>
>> zone "myzone.com" {
>> file "/etc/bind/master/myzone.com.INSIDE";
>> type slave;
>> allow-update { key ns1ns5_key; };
>> masters { 1.1.1.1; };
>> notify yes;
>> request-ixfr no;
>> };
>>
>> Do you see any errors in the above configuration that could cause this
>> problem?
>>
>> Best Regards
>>
>
> What you don't show is the 'match' statement for your views. Perhaps 1
> does not match the internal view on 3, so the notify packet hits the wrong
> view. Check the notify messages in the logs on 3, compared to 5. Here is
> a typical notify log message:
>
> 30-Sep-2018 23:12:37.135 general: info: zone
> psych.lsa.umich.edu/IN/oncampus: notify from 141.211.147.150#38695: zone
> is up to date
>
>
> Note the zone/class/view contains ".../IN/oncampus" - check the view in
> your logs.
>
>
> If you cannot find the notify, you might need to turn on logging for
> category "general". Or check routing and firewall rules if the packet is
> not being received.
>
>
> --
>
> Bob Harold
>
>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
