[nsd-users] very many AXFR's upon Notify

Peter J. Philipp pjp at centroid.eu
Sat May 17 07:58:42 UTC 2014 

Hello,

I'm in the process of writing notifies in my own dns server called
wildcarddnsd.  While testing my implementation which consists of a
wildcarddnsd master and a nsd slave and a bind slave, I've come across
something weird, and I'm willing to help shed light on what happens.

The NSD I'm using is version nsd-4.0.3 from the freebsd ports.

So when wildcarddnsd sends a notify it looks like this:

09:18:24.170591 IP (tos 0x0, ttl 64, id 62883, offset 0, flags [none],
proto UDP (17), length 59, bad cksum 0 (->905d)!)
    AA.AA.AA.AA.57664 > BB.BB.BB.BB.53: 51350 notify [b2&3=0x2400] SOA?
domainA.de. (31)

and

09:18:24.170604 IP (tos 0x0, ttl 64, id 62884, offset 0, flags [none],
proto UDP (17), length 57, bad cksum 0 (->905e)!)
    AA.AA.AA.AA.57664 > BB.BB.BB.BB.53: 55160 notify [b2&3=0x2400] SOA?
domainB.eu. (29)


I get 2 notify replies from nsd:

09:18:24.328486 IP (tos 0x0, ttl 48, id 37205, offset 0, flags [none],
proto UDP (17), length 59)
    BB.BB.BB.BB.53 > AA.AA.AA.AA.57664: 51350 notify*- 0/0/0 (31)

and

09:18:24.328780 IP (tos 0x0, ttl 48, id 37206, offset 0, flags [none],
proto UDP (17), length 57)
    BB.BB.BB.BB.53 > AA.AA.AA.AA.57664: 55160 notify*- 0/0/0 (29)


However in my wildcarddnsd logs I get many more AXFR/IXFR requests than
notifies back:

May 17 09:18:24 hostA wildcarddnsd[80457]: AXFR connection from
BB.BB.BB.BB on interface "AA.AA.AA.AA"
May 17 09:18:24 hostA wildcarddnsd[80457]: AXFR connection from
BB.BB.BB.BB on interface "AA.AA.AA.AA"

May 17 09:18:24 hostA wildcarddnsd[80458]: IXFR request for zone
"domainA.de.", replying...
May 17 09:18:24 hostA wildcarddnsd[80459]: IXFR request for zone
"domainB.eu.", replying...

and

May 17 09:18:25 hostA wildcarddnsd[80457]: AXFR connection from
BB.BB.BB.BB on interface "AA.AA.AA.AA"
May 17 09:18:25 hostA wildcarddnsd[80457]: AXFR connection from
BB.BB.BB.BB on interface "AA.AA.AA.AA"

May 17 09:18:25 hostA wildcarddnsd[80460]: IXFR request for zone
"domainA.de.", replying...
May 17 09:18:25 hostA wildcarddnsd[80461]: IXFR request for zone
"domainB.eu.", replying...

and

May 17 09:18:26 hostA wildcarddnsd[80457]: AXFR connection from
BB.BB.BB.BB on interface "AA.AA.AA.AA"
May 17 09:18:26 hostA wildcarddnsd[80457]: AXFR connection from
BB.BB.BB.BB on interface "AA.AA.AA.AA"
May 17 09:18:26 hostA wildcarddnsd[80462]: IXFR request for zone
"domainA.de.", replying...
May 17 09:18:26 hostA wildcarddnsd[80463]: IXFR request for zone
"domainB.eu.", replying...


There is 3 times amount of AXFR activity than there should.  I've
replaced hostname on the master with "hostA", the master IP with
"AA.AA.AA.AA" and the nsd slave's IP with "BB.BB.BB.BB" to protect the
innocent.

I'm glad to report this to you so that your server can become better in
time.  Unfortunately the nsd logs just say Zone domainA.de and Zone
domainB.eu have changed serial numbers.  But no trace of the duplicity.

High Regards,

-peter

More information about the nsd-users mailing list