Thank you for your emai.
I am not cutting any logs, I am capturing only for that particular zone which I have chooses for the test, as I can't do the test on live zones. This time I have noticed "denied" in my slave server logs as below, this is something very strange sometimes zone transferred perfect after two hours. However this time I need to wait and see whether this zone would transfer after few hours as seen before. Jan 6 09:15:33 ns2 named[24436]: client @0x7f1228224460 212.119.92.5#42430 (kal am.com.sa): zone transfer 'kalam.com.sa/AXFR/IN' denied Jan 6 09:15:43 ns2 named[24436]: client @0x7f1228272ed0 212.119.93.5#36083 (kalam.com.sa): zone transfer 'kalam.com.sa/AXFR/IN' denied >> test whether you can manually request all records. Something like running >> this on the slave: "dig kalam.com.sa @ns1.cyberia.net.sa axfr" [root@ns2 ~]# dig soa kalam.com.sa @ns1.cyberia.net.sa axfr, "with this I can fetch all the correct update records" ;; Warning, extra type option ; <<>> DiG 9.14.9 <<>> soa kalam.com.sa @ns1.cyberia.net.sa axfr ;; global options: +cmd kalam.com.sa. 600 IN SOA ns1.kalam.com.sa. root.kalam.net.sa. 2019434249 43200 4320 1209600 21600 kalam.com.sa. 600 IN NS ns1.cyberia.net.sa. kalam.com.sa. 600 IN NS ns2.cyberia.net.sa. kalam.com.sa. 600 IN MX 10 mailborder.cyberia.net.sa. kalam.com.sa. 600 IN MX 20 ingate.cyberia.net.sa. kalam.com.sa. 600 IN TXT "v=spf1 mx ip4:212.119.65.150 ~all" cargo.kalam.com.sa. 600 IN A 212.71.42.152 ejaz4.kalam.com.sa. 600 IN A 1.2.3.5 localhost.kalam.com.sa. 600 IN A 127.0.0.1 mail.kalam.com.sa. 600 IN A 212.119.64.134 ser12.kalam.com.sa. 600 IN A 212.119.64.141 shivin.kalam.com.sa. 600 IN A 1.1.1.1 test55.kalam.com.sa. 600 IN A 212.119.65.20 kalam.com.sa. 600 IN SOA ns1.kalam.com.sa. root.kalam.net.sa. 2019434249 43200 4320 1209600 21600 ;; Query time: 1 msec ;; SERVER: 212.119.92.5#53(212.119.92.5) ;; WHEN: Mon Jan 06 10:00:26 AST 2020 ;; XFR size: 14 records (messages 1, bytes 459) Thanks in advance for your assistance. Do you think that should I take look from our network side for the MTU size?? Ejaz -----Original Message----- From: Fajar A. Nugraha [mailto:fa...@fajar.net] Sent: Monday, January 6, 2020 9:23 AM To: MEjaz <me...@cyberia.net.sa> Cc: bind-users@lists.isc.org Subject: Re: Zones-unable-update On Thu, Jan 2, 2020 at 7:58 PM MEjaz <me...@cyberia.net.sa> wrote: > > Hello all. > > My setup which has one primary and slave server was working fine since years. > > All of sudden I started getting the problem of zones updates on slaves. > Which are not happening on time. it takes two hours to take the updates. > > > > Below logs for the reference, when I do required changes on masters, the > slave getting notified but without transferring the updated zone. > > > > Jan 2 09:17:50 ns2 named[25563]: zone kalam.com.sa/IN: notify from > 212.119.92.5#34424: serial 2019434243 > > Jan 2 09:24:45 ns2 named[25563]: zone kalam.com.sa/IN: notify from > 212.119.92.5#54651: serial 2019434245: refresh in progress, refresh > check queued > > Jan 2 11:12:53 ns2 named[25563]: zone kalam.com.sa/IN: Transfer started. > > Jan 2 11:12:53 ns2 named[25563]: zone kalam.com.sa/IN: transferred > serial 2019434245 Are you cutting out some logs? If yes, please include all logs for the zone (kalam.com.sa) and the master (212.119.92.5) > > Therefore, I wanted to know. How to force secondary/slave Name server > to update/refresh dns zones from primary DNS server? Just I want a > slave name server to initiate a zone transfer immediately >From https://kb.isc.org/docs/aa-00726: notify from 192.0.2.1#62160: refresh in progress, refresh check queued A notify was received, but the zone being notified was already in the process of being refreshed or is waiting to be refreshed, so the check is queued and will be processed later. You can try: - check your logs for what previously triggered the refresh process (another notify?), and when did it happen - check your logs on WHY the previous transfer took a long time (and check what the log means on the KB). e.g does it show "connection reset"? something else? - are there lots of other slaves or zones currently transferring data from the master at the same time? - test whether you can manually request all records. Something like running this on the slave: "dig kalam.com.sa @ns1.cyberia.net.sa axfr" Some possible problems which comes to mind: - there's something in the middle (e.g. IPS) that's sending TCP resets, that might cause your transfers to fail - TCP MTU or similar problems -- Fajar _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users