[knot-dns-users] IXFR/IN request failed

Lubos Slovak lubos.slovak at nic.cz
Thu Dec 1 14:08:15 CET 2011


Dobry den,

ked sa zmeni SOA v zone, IXFR transfer musi obsahovat viac zaznamov nez 
len toto jedno SOA, podla formatu definovaneho v RFC 1995 (v tomto 
pripade konkretne 4 SOA zaznamy). Kazdopadne, logy z mastru hovoria, ze 
sa jedna o AXFR transfer, nie IXFR, co nesedi s tym logom, co ste 
predtym poslal z Knot-u.

Problem sa nam nedari reprodukovat, musi sa jednat o nejaku velmi 
specificku situaciu. Mozte teda skusit poslat logy z oboch servrov 
(MASTER aj SLAVE) z toho isteho pokusu a k tomu provoz medzi nimi v pcap 
formate?

S pozdravom,
Lubos Slovak

On 11/30/2011 08:55 AM, Liquid wrote:
> Diky za odpoved.
>
> Jedna se o variantu 2). Abych otestoval funkcnost SLAVE serveru, 
> zmenil jsem SOA na MASTER serveru a sledoval jestli se zona stahne.
>
> Master DNS bezi na PowerDNS 3.0 kvuli pohodli pri administraci zon 
> pres PowerAdmin. PowerDNS je nakonfigurovan aby podporoval IXFR i TCP, 
> porty UDP i TCP jsou na firewallu povoleny, vsechny DNS servery 
> pouzivaji IPV4 i IPV6, souborovy system kam se ukladaji zony na SLAVE 
> serveru pouzivam XFS, pripojuji jej s parametrem NOATIME.
>
> Log z master DNS serveru:
> ==========================
> Nov 29 20:12:22 hankey pdns[14278]: Received spurious notify answer 
> for 'liquid.cz' from [2001:1568:b:102::7]:53
> Nov 29 20:12:22 hankey pdns[14278]: Received spurious notify answer 
> for 'liquid.cz' from [2001:470:1f09:f6d::7]:53
>
> Potom se SLAVE, knot-dns, pokusi o IXFR pres IPV4
>
> Nov 29 20:12:59 hankey pdns[14278]: AXFR of domain 'liquid.cz' 
> initiated by 62.24.87.96
> Nov 29 20:12:59 hankey pdns[14278]: gmysql Connection successful
> Nov 29 20:12:59 hankey pdns[14278]: gmysql Connection successful
> Nov 29 20:12:59 hankey pdns[14278]: AXFR of domain 'liquid.cz' to 
> 62.24.87.96 finished
>
> Z logu to vypada, ze prenos probehnul, ale neni tomu tak. Knot-dns ma 
> stale starou zonu.
>
> Dalsi pokusy ukazaly nasledujici.
>
> Pokud smazu veskere informace o inkriminovane zone 
> (/var/lib/knot/liquid.cz.db, liquid.cz.db.crc, liquid.cz.diff.db, 
> liquid.cz.zone) a provedu reload knot-dns, zona se spravne stahne. Ale 
> situace se opet opakuje, jakmile zmenim na MASTERu SOA.
>
> Josef Janosec
>
> On 29.11.2011 17:33, Lubos Slovak wrote:
>> Dobry den,
>>
>> potrebovali by sme este nejake detailnejsie informacie. Sprava z logu
>> sice nie je moc vypovedna (asi by sa tam hodila ina, to casom zmenime),
>> ale malo by to znamenat, ze master ako odpoved na IXFR dotaz poslal
>> odpoved s jedinym SOA zaznamom. To moze znamenat 2 veci:
>>
>> 1) Master ma starsiu verziu zony ako slave (serial mastra je mensi ako
>> serial na slave servri). To by sa vo vasom scenari stat nemalo, pretoze
>> mate len jedneho mastra. Na to by vsak mala byt v logu ina sprava, takze
>> to opravime.
>> 2) Master ma novsiu verziu zony ako slave, ale v odpovedi poslal len
>> jedine SOA. To by sa cez TCP stat nemalo a IXFR over UDP nepodporujeme.
>>
>> Je mozne, ze nastal este nejaky iny, nepredvidany pripad. Potrebovali by
>> sme teda od Vas podrobnejsie informacie:
>>
>> - Co za server je pouzity ako master?
>> - Je mozne poslat log z mastra?
>> - Je mozne chybu reprodukovat, zachytit provoz medzi mastrom a slaveom a
>> poslat v pcap formate?
>>
>> S pozdravom,
>> Lubos Slovak
>>
>> On 11/24/2011 12:25 PM, Liquid wrote:
>>> Dobry den,
>>>
>>> pokousim se nasadit knot-dns verze 0.8.0 jako slave server. Pro tyto
>>> ucely mam vmware virtualni stroj s 1GB ram, Ubuntu 10.04.3 x86,
>>> nainstalovano pres apt z launchpad.net.
>>>
>>> Pri zaslani notifikace master serverem se mi zona nestahne a v logu
>>> vidim hlasku:
>>>
>>> error: IXFR/IN request failed - OS lacked necessary resources.
>>>
>>> Nejaky napad jakych prostredku se serveru nedostava?
>>>
>>> Config:
>>>
>>> system {
>>> identity "knot";
>>> storage "/var/lib/knot";
>>> workers 2;
>>> }
>>> interfaces {
>>> my-local { address 127.0.0.1 at 53; }
>>> my-ipv4 { address ip4 at 53; }
>>> my-ipv6 { address ip6 at 53; }
>>> }
>>> remotes {
>>> my-master { address master_ip at 53; }
>>> }
>>> +
>>> cca 50 slave zon.
>>>
>>> zony nastavene takto:
>>>
>>> mojezona.cz {
>>> file "/var/lib/knot/mojezona.cz.zone";
>>> semantic-checks off; # vypne semantickou kontrolu
>>> # pro tuto zonu
>>> xfr-in my-master; # master server pro tuto zonu
>>> notify-in my-master; # od koho prijmout NOTIFY
>>> }
>>>
>>> Diky za pomoc.
>>> Liquid
>>> _______________________________________________
>>> knot-dns-users mailing list
>>> knot-dns-users at lists.nic.cz
>>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>>
>> _______________________________________________
>> knot-dns-users mailing list
>> knot-dns-users at lists.nic.cz
>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users




More information about the knot-dns-users mailing list