Thank you for your emai. 


I am not cutting any logs,  I am capturing only for that particular zone which 
I have chooses for the test, as I can't do the test on live zones.  

This time I have noticed "denied"  in my slave server logs as below,  this is 
something very strange sometimes zone transferred perfect after two hours. 

However this time I need to wait and see whether this zone would transfer after 
few hours as seen before.    

Jan  6 09:15:33 ns2 named[24436]: client @0x7f1228224460 212.119.92.5#42430 
(kal am.com.sa): zone transfer 'kalam.com.sa/AXFR/IN' denied
Jan  6 09:15:43 ns2 named[24436]: client @0x7f1228272ed0 212.119.93.5#36083 
(kalam.com.sa): zone transfer 'kalam.com.sa/AXFR/IN' denied


>> test whether you can manually request all records. Something like running 
>> this on the slave: "dig kalam.com.sa @ns1.cyberia.net.sa axfr"

[root@ns2 ~]# dig soa kalam.com.sa @ns1.cyberia.net.sa axfr,  "with this I can 
fetch all the correct update records" 
;; Warning, extra type option

; <<>> DiG 9.14.9 <<>> soa kalam.com.sa @ns1.cyberia.net.sa axfr
;; global options: +cmd
kalam.com.sa.           600     IN      SOA     ns1.kalam.com.sa. 
root.kalam.net.sa. 2019434249 43200 4320 1209600 21600
kalam.com.sa.           600     IN      NS      ns1.cyberia.net.sa.
kalam.com.sa.           600     IN      NS      ns2.cyberia.net.sa.
kalam.com.sa.           600     IN      MX      10 mailborder.cyberia.net.sa.
kalam.com.sa.           600     IN      MX      20 ingate.cyberia.net.sa.
kalam.com.sa.           600     IN      TXT     "v=spf1 mx ip4:212.119.65.150 
~all"
cargo.kalam.com.sa.     600     IN      A       212.71.42.152
ejaz4.kalam.com.sa.     600     IN      A       1.2.3.5
localhost.kalam.com.sa. 600     IN      A       127.0.0.1
mail.kalam.com.sa.      600     IN      A       212.119.64.134
ser12.kalam.com.sa.     600     IN      A       212.119.64.141
shivin.kalam.com.sa.    600     IN      A       1.1.1.1
test55.kalam.com.sa.    600     IN      A       212.119.65.20
kalam.com.sa.           600     IN      SOA     ns1.kalam.com.sa. 
root.kalam.net.sa. 2019434249 43200 4320 1209600 21600
;; Query time: 1 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mon Jan 06 10:00:26 AST 2020
;; XFR size: 14 records (messages 1, bytes 459)

Thanks in advance for your assistance.  Do you think that should I take look 
from our network side for the MTU size?? 

Ejaz 
-----Original Message-----
From: Fajar A. Nugraha [mailto:fa...@fajar.net] 
Sent: Monday, January 6, 2020 9:23 AM
To: MEjaz <me...@cyberia.net.sa>
Cc: bind-users@lists.isc.org
Subject: Re: Zones-unable-update

On Thu, Jan 2, 2020 at 7:58 PM MEjaz <me...@cyberia.net.sa> wrote:
>
> Hello all.
>
> My setup which has one primary and slave server was working fine since years.
>
> All of sudden I started  getting the  problem of zones updates on slaves. 
> Which are not happening on time. it takes two hours to take the updates.
>
>
>
> Below logs for the reference, when I do required changes on masters, the 
> slave getting notified but without transferring the updated zone.
>
>
>
> Jan  2 09:17:50 ns2 named[25563]: zone kalam.com.sa/IN: notify from 
> 212.119.92.5#34424: serial 2019434243
>
> Jan  2 09:24:45 ns2 named[25563]: zone kalam.com.sa/IN: notify from 
> 212.119.92.5#54651: serial 2019434245: refresh in progress, refresh 
> check queued
>
> Jan  2 11:12:53 ns2 named[25563]: zone kalam.com.sa/IN: Transfer started.
>
> Jan  2 11:12:53 ns2 named[25563]: zone kalam.com.sa/IN: transferred 
> serial 2019434245


Are you cutting out some logs?
If yes, please include all logs for the zone (kalam.com.sa) and the master 
(212.119.92.5)

>
> Therefore, I wanted to know. How to force secondary/slave Name server 
> to update/refresh dns zones from primary DNS server? Just I  want a 
> slave name server to initiate a zone transfer immediately


>From https://kb.isc.org/docs/aa-00726:

notify from 192.0.2.1#62160: refresh in progress, refresh check queued

A notify was received, but the zone being notified was already in the process 
of being refreshed or is waiting to be refreshed, so the check is queued and 
will be processed later.


You can try:
- check your logs for what previously triggered the refresh process (another 
notify?), and when did it happen
- check your logs on WHY the previous transfer took a long time (and check what 
the log means on the KB). e.g does it show "connection reset"? something else?
- are there lots of other slaves or zones currently transferring data from the 
master at the same time?
- test whether you can manually request all records. Something like running 
this on the slave: "dig kalam.com.sa @ns1.cyberia.net.sa axfr"

Some possible problems which comes to mind:
- there's something in the middle (e.g. IPS) that's sending TCP resets, that 
might cause your transfers to fail
- TCP MTU or similar problems

--
Fajar

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to