It's really weird! It doesn't make sense to me. Isn't it possible that the reply came from a different process/resolver? Have you tried explicit IP address instead of "localhost"?
Daniel On 01/17/2018 04:33 PM, Rob Tate wrote: > Hello Daniel, > > We are running version 2.6.3. > > -Rob > > On 2018-01-17, 10:30 AM, "knot-dns-users on behalf of Daniel Salzman" > <knot-dns-users-boun...@lists.nic.cz on behalf of daniel.salz...@nic.cz> > wrote: > > Hello Rob, > > What is your version of Knot DNS? > > Thanks, > Daniel > > On 01/17/2018 04:23 PM, Rob Tate wrote: > > Hello all, > > > > We had a weird issue with Knot serving an old version of a zone after a > server reboot. After the reboot, our monitoring alerted that the zone was out > of sync. Knot was then serving an older version of the zone (the zone did not > update during the reboot, Knot was serving a version of the zone that was > older than what it had before the reboot). The zone file on the disk had the > correct serial, and knotc zone-status <zone> showed the current serial as > well. However, dig @localhost soa <zone> on that box, showed the old serial. > Running knotc zone-refresh <zone> didn't help, as in the logs when it went to > do the refresh, it showed 'zone is up-to-date'. Running knotc zone-retransfer > also did not resolve the problem, only a restart of the knotd process > resolved this issue. While we were able to resolve this ourselves, it is > certainly a strange issue and we were wondering if we could get any input on > this. > > > > Command output: > > [root@ns02 ~]# knotc > > knotc> zone-status <zone> > > [<zone>] role: slave | serial: 2017121812 | transaction: none | freeze: > no | refresh: +3h59m42s | update: not scheduled | expiration: +6D23h59m42s | > journal flush: not scheduled | notify: not scheduled | DNSSEC re-sign: not > scheduled | NSEC3 resalt: not scheduled | parent DS query: not scheduled > > knotc> exit > > [root@ns02 ~]# dig @localhost soa <zone> > > … > > … 2017090416 … > > … > > > > Logs after retransfer and refresh: > > > > Jan 15 16:49:22 ns02 knot[7187]: info: [<zone>] control, received > command 'zone-refresh' > > Jan 15 16:49:22 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:49:23 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:49:23 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:49:23 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] control, received > command 'zone-retransfer' > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] AXFR, incoming, > <master>@53: starting > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] AXFR, incoming, > <master>@53: finished, 0.00 seconds, 1 messages, 5119 bytes > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: zone updated, serial none -> 2017121812 > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:52:45 ns02 knot[7187]: info: [<zone>] refresh, outgoing, > <master>@53: remote serial 2017121812, zone is up-to-date > > Jan 15 16:53:03 ns02 knot[7187]: info: [<zone>] control, received > command 'zone-status' > > > > And a dig after that: > > > > [root@ns02 ~]# dig @localhost soa crnet.cr > > … > > … 2017090416 … > > … > > > > -Rob > > > > -- > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users > > -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
