[nsd-users] no SOA serial check before AXFR?

Daisuke HIGASHI daisuke.higashi at gmail.com
Tue Nov 12 12:49:37 UTC 2013

Oh I’ve missed this statement in doc/NSD-FOR-BIND-USERS :-)

  An AXFR initiated by the built-in transfer process
  will not start with a SOA query at all.  The first
  packet of the AXFR transfer will be used to determine
  the SOA version number in that case.  This is a conscious
  breach of RFC spec to ease implementation and efficiency.

"First packet" size seems to be up to 16kB for NSD4 master.
Usual forward zones likely fit into it so full zone transfer
may occur every REFRESH time.

In doc/TODO :

 - query SOA before getting AXFR and then cutting it off,
   it causes an err log on the master.

It would be nice if it implemented since I worry about tcp setup/transfer
overhead especially in many zone hosting scenario.

 Daisuke HIGASHI <daisuke.higashi at gmail.com>

2013/11/9 Daisuke HIGASHI <daisuke.higashi at gmail.com>:

>    But my NSD slave server (4.0.0 and 3.2.16) just do AXFR with
> no serial checking every REFRESH time. (according to tcpdump).
> I expect SOA serial checking before AXFR to avoid load at both
> master/slave side.

More information about the nsd-users mailing list