Hidden DNS master only sending notify to one slave

Posted by Rob on Server Fault See other posts from Server Fault or by Rob
Published on 2012-06-08T09:51:07Z Indexed on 2012/06/08 10:41 UTC
Read the original article Hit count: 332

Filed under:
|

My hidden DNS master is only sending notifies to one of the name servers for a zone I have 3 named servers ns0,ns1 & ns2 all running bind 9.7.3.dfsg-1ubuntu4.1.

When an update is processed the master (ns0) seems to behave normally.

ns0 (192.168.2.50)

zone domain.org/IN: sending notifies (serial 2012060703)
client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR started: TSIG rndc-key
client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR ended

ns2 (192.168.2.52)

client 192.168.2.50#3762: received notify for zone 'domain.org': TSIG 'rndc-key'
zone domain.org/IN: Transfer started.
transfer of 'domain.org/IN' from 192.168.2.50#53: connected using 192.168.2.52#55747
zone domain.org/IN: transferred serial 2012060704: TSIG 'rndc-key'
transfer of 'domain.org/IN' from 192.168.2.50#53: Transfer completed: 1 messages, 34 records, 1028 bytes, 0.001 secs (1028000 bytes/sec)

Nothing happens on ns1. I've turned up the logging level but there's no information in syslog about the actual name servers bind has sent notifications to so I guess this is something it doesn't log.

I've also tried watching tcpdump, it never makes any attempt to notify ns1 only ns2

192.168.2.50.56278 > 192.168.2.52.53: [udp sum ok] 56418 notify [b2&3=0x2400] [1a] [1au]
? SOA? domain.org. domain.org. [0s] SOA ns1.domain.net. dnsmaster.domain.net. 
? 2012060801 10800 3600 604800 3600 ar: rndc-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=56418 error=0 otherlen=0 (174)

the authoritive zone has both ns1 and ns2 records

$ORIGIN domain.org.
$TTL 3h
@   IN  SOA ns1.domain.net. dnsmaster.domain.net. (
        2012060801  ; Serial yyyymmddnn
        3h  ; Refresh After 3 hours
        1h  ; Retry Retry after 1 hour
        1w  ; Expire after 1 week
        1h )    ; Minimum negative caching of 1 hour

@   3600    IN  NS  ns1.domain.net.
@   3600    IN  NS  ns2.domain.net.

// Edit

I have added also-notify {192.168.2.51;192.168.2.52;}; explicitly to the zone file and it all works fine, both ns1 and ns2 get notify messages and transfers succeed.

I was under the impression bind would automatically send notifies to all NS records on a zone, maybe it's bugged?

© Server Fault or respective owner

Related posts about dns

Related posts about bind