[nsd-users] test setup problem: secondary expires zones

Toni Mueller support+nsd at oeko.net
Mon Feb 13 12:59:34 UTC 2012 

Hi Matthijs,

On Mon, Feb 13, 2012 at 12:01:53PM +0100, Matthijs Mekking wrote:
> > axfrdns: fatal: unable to locate information in data.cdb
> So dig is able to transfer the zone, without axfrdns logging this
> message? What is the difference in query packet?

I'm not clueful enough to understand the query packets, but I could see
nsd querying for the TLD, but not always querying for the full domain,
provided that the queried domain name is supposed to be contained in the
query packet in clear text (like querying for "net", not always
"oeko.net").

> If I don't update the zone at the master, no logs are being produced,
> but I see SOA queries going over the wire. If I update the zone, you
> should see something like:
> 
> [1329129836] nsd[6042]: info: Zone example.com serial 23 is updated to 24.

I artificially updated zones with no other change than an increased
serial on the master, then restarted nsd, but to no effect.

> This shows that the socket is nonblocking and connecting cannot be
> completed immediately. The read would block. Seems ok to me if the
> response is not received (immediately).

> > Both software packages run on the same machine, but currently, nsd 
> > usually does not receive any queries from the Internet (unless you
> > query the ip directly).
> 
> With both software packages, you mean? Both addresses seem to be non
> responsive to me, by the way.

I am uncertain about what you mean. Is my network (46.29.40/21) not
being routed to you?

I have no trouble querying the servers from here, but I configured the
servers to not allow axfr from anywhere, only from select sources (the
secondaries). If you have an IP number for me, I can put you onto the
whitelist, too.


As for regular queries:


$ dig +tcp @46.29.40.35 oeko.net any   <--- this is axfrdns

; <<>> DiG 9.7.3 <<>> @46.29.40.35 oeko.net any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25192
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;oeko.net.                      IN      ANY

;; ANSWER SECTION:
oeko.net.               2560    IN      SOA     a.ns.oeko.net. hostmaster.oeko.net. 1021018224 16384 2048 1048576 2560
oeko.net.               259200  IN      NS      a.ns.oeko.net.
oeko.net.               259200  IN      NS      a.ns.bsws.de.
oeko.net.               259200  IN      NS      c.ns.bsws.de.
oeko.net.               86400   IN      MX      12848 d.mx.oeko.net.
oeko.net.               86400   IN      A       46.29.42.25

;; ADDITIONAL SECTION:
a.ns.oeko.net.          86400   IN      A       46.29.40.35
d.mx.oeko.net.          3600    IN      A       46.29.42.41

;; Query time: 44 msec
;; SERVER: 46.29.40.35#53(46.29.40.35)
;; WHEN: Mon Feb 13 13:49:06 2012
;; MSG SIZE  rcvd: 203

$ dig +tcp @46.29.40.34 oeko.net any   <--- This is nsd

; <<>> DiG 9.7.3 <<>> @46.29.40.34 oeko.net any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47903
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;oeko.net.                      IN      ANY

;; Query time: 44 msec
;; SERVER: 46.29.40.34#53(46.29.40.34)
;; WHEN: Mon Feb 13 13:49:09 2012
;; MSG SIZE  rcvd: 26


Anything that you'd like me to test, specifically?



Kind regards,
--Toni++

More information about the nsd-users mailing list