<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class=""><div><blockquote type="cite" class=""><div class="">On Jan 17, 2018, at 4:26 PM, Klaus Darilion <<a href="mailto:klaus.mailinglists@pernau.at" class="">klaus.mailinglists@pernau.at</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Yes. Immediately right after.<br class=""></div></div></blockquote><div>Great to know that. our delay period was about 5-6min and that concerns me. </div><br class=""><blockquote type="cite" class=""><div class=""><div class=""><br class="">I just re-read your log lines:<br class=""><br class=""><blockquote type="cite" class=""><blockquote type="cite" class=""><blockquote type="cite" class="">10-Jan-2018 18:11:24.387 notify: client 10.198.180.41#12149:<br class=""></blockquote></blockquote></blockquote>received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class=""><blockquote type="cite" class=""><blockquote type="cite" class=""><blockquote type="cite" class="">10-Jan-2018 18:11:24.387 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a><br class=""></blockquote></blockquote></blockquote>notify from 10.198.180.41#12149: no serial<br class=""><blockquote type="cite" class=""><blockquote type="cite" class=""><blockquote type="cite" class="">10-Jan-2018 18:11:29.453 notify: client 10.198.180.41#12149:<br class=""></blockquote></blockquote></blockquote>received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class=""><blockquote type="cite" class=""><blockquote type="cite" class=""><blockquote type="cite" class="">10-Jan-2018 18:11:29.453 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a><br class=""></blockquote></blockquote></blockquote>notify from 10.198.180.41#12149: no serial<br class=""><blockquote type="cite" class=""><blockquote type="cite" class=""><blockquote type="cite" class="">10-Jan-2018 18:11:38.350 notify: client 10.198.180.41#12149:<br class=""></blockquote></blockquote></blockquote>received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class=""><blockquote type="cite" class=""><blockquote type="cite" class=""><blockquote type="cite" class="">10-Jan-2018 18:11:38.350 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a><br class=""></blockquote></blockquote></blockquote>notify from 10.198.180.41#12149: no serial<br class=""><br class="">There is <a href="http://example.com" class="">example.com</a> and <a href="http://lhr4.dqs.booking.com" class="">lhr4.dqs.booking.com</a>, hence I guess this is<br class="">incomplete obfuscation.<br class=""></div></div></blockquote><div><br class=""></div>Good catch on <a href="http://example.com" class="">example.com</a> and <a href="http://lhr4.dqs.booking.com" class="">lhr4.dqs.booking.com</a>. yes it is incomplete obfuscation. </div><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div class=""><br class="">The NOTIFY is received every 7-10 seconds. Do you update the zone that<br class="">often or are these retransmission?<br class=""><br class=""></div></div></blockquote><div class="">It is a zone which updates quite often by our provisioning systems.</div><div class=""><br class=""></div><blockquote type="cite" class=""><div class=""><div class="">If these are retransmissions then there may be a firewall problem<br class="">between Bind and PowerDNS.<br class=""><br class=""></div></div></blockquote><div class="">I tend to believe you and Pieter that this indicates some temporary network or firewall blips within our network. since most of the time it is working quite well.</div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Steve</div><div class=""><br class=""></div><br class=""><blockquote type="cite" class=""><div class=""><div class="">regards<br class="">Klaus<br class=""><br class=""><br class=""><br class="">Am 17.01.2018 um 15:43 schrieb Steve Zeng:<br class=""><blockquote type="cite" class="">Klaus,<br class=""><br class="">Good to know. when would BIND do a SOA query to the configured master to check the serial? Is it immediately right after it get NOTIFY from master?<br class=""><br class="">Thanks,<br class="">Steve<br class=""><blockquote type="cite" class="">On Jan 17, 2018, at 3:32 PM, Klaus Darilion <<a href="mailto:klaus.mailinglists@pernau.at" class="">klaus.mailinglists@pernau.at</a>> wrote:<br class=""><br class=""><br class=""><br class="">Am 17.01.2018 um 15:13 schrieb Steve Zeng:<br class=""><blockquote type="cite" class="">Pieter,<br class=""><br class="">I checked BIND slaves logs around the time frame and found:<br class=""><br class="">10-Jan-2018 18:11:17.211 notify: client 10.198.180.41#12149: received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class="">10-Jan-2018 18:11:17.211 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a> notify from 10.198.180.41#12149: no serial<br class="">10-Jan-2018 18:11:24.387 notify: client 10.198.180.41#12149: received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class="">10-Jan-2018 18:11:24.387 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a> notify from 10.198.180.41#12149: no serial<br class="">10-Jan-2018 18:11:29.453 notify: client 10.198.180.41#12149: received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class="">10-Jan-2018 18:11:29.453 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a> notify from 10.198.180.41#12149: no serial<br class="">10-Jan-2018 18:11:38.350 notify: client 10.198.180.41#12149: received notify for zone '<a href="http://example.com" class="">example.com</a>'<br class="">10-Jan-2018 18:11:38.350 general: zone <a href="http://lhr4.dqs.booking.com/IN:" class="">lhr4.dqs.booking.com/IN:</a> notify from 10.198.180.41#12149: no serial<br class=""><br class="">wondering why there is ’no serial’ in the logs. Since the column does have the value:<br class=""><br class=""><blockquote type="cite" class="">select * from domains where name='<a href="http://example.com" class="">example.com</a>'\G;<br class=""></blockquote>*************************** 1. row ***************************<br class="">            id: 484<br class="">          name: <a href="http://example.com" class="">example.com</a><br class="">        master: 10.187.125.2:53,10.187.125.2:53<br class="">    last_check: 1516197871<br class="">          type: SLAVE<br class="">notified_serial: 2016918645<br class=""><br class="">is “no serial” the cause of notification failure?<br class=""></blockquote><br class="">I do not think this is the problem. NOTIFYs may have serials, but<br class="">without serial is also allowed. And PowerDNS does not send serials.<br class=""><br class="">Usually, when there is no serial, Bind will do SOA-Queries to the<br class="">configured masters to check the serial on the master.<br class=""><br class="">regards<br class="">Klaus<br class="">_______________________________________________<br class="">Pdns-users mailing list<br class=""><a href="mailto:Pdns-users@mailman.powerdns.com" class="">Pdns-users@mailman.powerdns.com</a> <<a href="mailto:Pdns-users@mailman.powerdns.com" class="">mailto:Pdns-users@mailman.powerdns.com</a>><br class=""><a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" class="">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a> <<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" class="">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a>><br class=""></blockquote><br class=""></blockquote><br class=""></div></div></blockquote></div><br class=""></div></body></html>