Re: Timeout and SERVFAIL
In article , Matus UHLAR - fantomas wrote: > Use longer expire times if you expect to experience this kind of problems > more often. Who EXPECTS to be down longer than a week? :) -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Timeout and SERVFAIL
On 29.05.18 16:53, Alex wrote: I have a few fedora25 systems with bind-9.11 set up for a few domains. One system is master with the other two configured as slaves. The master and one of the slaves are on one network while the other slave is on a totally different network. Last week the network with the master and one of the slaves went down for an extended period. Requests appeared to still be served by the second slave on the totally different network. At least for a while. It appeared once the negative cache expired after 24h, requests to the domain just resulted in SERVFAIL. @ INSOA ns.example.com. admin.ns.example.com. ( 2018041703 ;serial (mmddxx) 3h ;refresh every 3 hr 1h ;retry every 1 hr 7d ;expire in 7 days 1d );negative cache minimum ttl 1 day I guess that the "extended period" was over 7 days, which is the "expire" TTL. After this time, zone on the slave expired and the slave stopped providing it, returning SERVFAIL. Use longer expire times if you expect to experience this kind of problems more often. How can I configure the name servers so failure of one or two doesn't impact the third? Or use multiple master setup and distribute the zone differently than using DNS mechanism. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Timeout and SERVFAIL
On Tuesday, May 29, 2018 16:53:02 Alex wrote: > ... > > Last week the network with the master and one of the slaves went down > for an extended period. Requests appeared to still be served by the > second slave on the totally different network. > > At least for a while. It appeared once the negative cache expired > after 24h, requests to the domain just resulted in SERVFAIL. > > @ INSOA ns.example.com. admin.ns.example.com. ( > 2018041703 ;serial (mmddxx) > 3h ;refresh every 3 hr > 1h ;retry every 1 hr > 7d ;expire in 7 days > 1d );negative cache minimum ttl 1 day > > How can I configure the name servers so failure of one or two doesn't > impact the third? > Unless it is also serving recursive queries, caching is not a factor on an authoritative server. What expired was not the negative cache interval; it was the zone expiration interval. To avoid the possibility of returning incorrect information, a secondary server stops serving a zone when the zone expiration period passes without contact with its master(s). This is by design. To remedy this, you must ensure that the above condition does not occur. You must either get your master(s) back online faster, or increase the zone expiration period in your SOAs, or both. > In the time leading up to the cache expiring, were other requests > being rejected due to the two nameservers for that zone being > unreachable? > No. You should find the zone expiration event in your logs. -- Greg Rivers ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Timeout and SERVFAIL
Hi, I have a few fedora25 systems with bind-9.11 set up for a few domains. One system is master with the other two configured as slaves. The master and one of the slaves are on one network while the other slave is on a totally different network. Last week the network with the master and one of the slaves went down for an extended period. Requests appeared to still be served by the second slave on the totally different network. At least for a while. It appeared once the negative cache expired after 24h, requests to the domain just resulted in SERVFAIL. @ INSOA ns.example.com. admin.ns.example.com. ( 2018041703 ;serial (mmddxx) 3h ;refresh every 3 hr 1h ;retry every 1 hr 7d ;expire in 7 days 1d );negative cache minimum ttl 1 day How can I configure the name servers so failure of one or two doesn't impact the third? In the time leading up to the cache expiring, were other requests being rejected due to the two nameservers for that zone being unreachable? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
