[nsd-users] axfr appears to happen every few minutes
chris at dunbar.net
Thu Jul 29 17:42:37 UTC 2021
That makes perfect sense - thank you! I will play with my refresh values and confirm this is in fact what is happening.
----- Original Message -----
From: "Anand Buddhdev" <anandb at ripe.net>
To: "chris" <chris at dunbar.net>
Cc: "nsd-users" <nsd-users at lists.nlnetlabs.nl>
Sent: Thursday, July 29, 2021 1:03:39 PM
Subject: Re: [nsd-users] axfr appears to happen every few minutes
On 29/07/2021 15:47, Chris Dunbar via nsd-users wrote:
When NSD wants to refresh a zone, it does not query the master for the
zone's SOA record over UDP. Instead, it attempts to do a zone transfer
over TCP. It then looks at the first packet of the transfer, and looks
for the SOA record in there. If the primary has a newer version of the
zone, it completes the transfer. However, if the serial is the same, it
abandons the transfer.
I suspect that the refresh value in your zones' SOA records is quite
low, so the NSD secondaries keep trying frequently, and you see this
logged on the primary.
> I am new to nsd and have been setting up a few servers to eventually replace my bind servers. Things have been going reasonably well; most problems have been of my own making. This may be another instance of that, but I would like to double check. I noticed that in the log file zones appear to be transferring repeatedly, every few minutes. For example:
> [2021-07-29 13:17:54.719] nsd: info: axfr for jxxxxxxxxxy.com. from 5x.xx.xxx.8
> [2021-07-29 13:22:46.880] nsd: info: axfr for jxxxxxxxxxy.com. from 5x.xx.xxx.8
> [2021-07-29 13:27:20.024] nsd: info: axfr for jxxxxxxxxxy.com. from 5x.xx.xxx.8
> 2021-07-29 13:32:11.180] nsd: info: axfr for jxxxxxxxxxy.com. from 5x.xx.xxx.8
> I've tried to sanitize things a bit, but that is the same zone being transferred to the same secondary server every 4 to 5 minutes. This is happening for all of my zones and all of my secondaries.
> 1. Am I interpreting that correctly?
> 2. If yes, Is that normal behavior?
> 3. If no (to #2), what have I likely misconfigured?
> Please let me know if I should provide any additional information.
> Thank you,
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
More information about the nsd-users