[Pdns-dev] [PATCH] Implement "Serial Number Arithmetic" (RFC 1982)

Sven Wegener swegener at gentoo.org
Thu Aug 7 22:19:34 CEST 2008 

On Thu, 7 Aug 2008, Dean Anderson wrote:

> On Wed, 6 Aug 2008, Sven Wegener wrote:
> 
> > "Serial Number Arithmetic" (also known as "sequence space arithmetic") is 
> > the magic that makes the SOA serial 536870912 higher/newer than 
> > 3113851289. It is the magic that helps you to reset your serial, if you 
> > have screwed it up and a slave is not going to perform a zone transfer, 
> > because its local copy of the zone has a serial larger than yours.
> > 
> > A serial by itself does not have any meaning. It can only be compared to 
> > another serial. Starting from your current serial, the next 2^31-1 
> > (2147483647) serials (wrapping around after 4294967295 to 0) are 
> > considered higher. The 2^31-1 serial coming before your serial (wrapping 
> > around after 0 to 4294967295) are considered lower. There are some cases 
> > that are undefined. Taking the serials 536870912 and 2684354560, you would 
> > clearly say that the latter is higher than the former. But in sequence 
> > space arithmetic neither is higher or lower than the other.
> 
> Your arithmetic isn't sensible. As you state it, there are no serial 
> numbers _lower_ than the current, since all 2^31-1 are higher.

Wrong. The serial is a 32 bit unsigned value, so 2^31-1 isn't all, it 
actually covers about half of the number space a serial offers. Starting 
from your current serial the whole space is split in two halfs, one half 
with 2^31-1 values that are considered lower and one half with 2^31-1 
values that are considere higher. This leaves one value that is neither 
higher, lower or equal to your current serial. That's sequence space 
arithmetic.

> If you screw up the zone, you need to increase it by 1 to prompt a 
> transfer. The only problem I've ever seen people have is when they try 
> to use a date as a serial number, then mess up the date and subsequently 
> want to 'lower' the serial number.  The only way this can be fixed at 
> present is by nuking the slave zone on the slave server. Restarting the 
> slave server isn't sufficient because the slave will see its local copy 
> is still newer than the master.

If you screw up the *contents* of your zone, then incrementing the serial 
by one can fix it, if your slaves have just transferred the wrong 
contents, but their serial has to be sane for it.

When you mess up the (date-based) serial, just don't need to nuke the zone 
on the slaves. You can do it that way and that's probably the way people 
use, when they don't know sequence space arithmetic or they have direct 
access to their slaves. Those who know sequence arithmetic or don't have 
access to their slaves use sequence arithmetic to force a zone transfer, 
when they have messed up their serial. Often they need to change their 
serial two times. First set the serial to 2^31-1 added onto the serial of 
the slaves, to get it all in sync. And then add another increment to 
compensate the difference they accidently added to their serial in the 
first place.

> The only solution that really makes sense is to change thetransfer rules 
> so that slaves always transfer a zone unless it is equal to the master 
> number, which is equivalent to what you propose, minus the arithmetic 
> chicanery.

Go read up the DNS RFC 1034, it explicitly says:

"Serial number advances and comparisons use sequence space arithmetic, so 
there is a theoretic limit on how fast a zone can be updated, basically 
that old copies must die out before the serial number covers half of its 
32 bit range."

And now read RFC 1982, which covers sequence space arithmetic. It actually 
has a chapter (7) that covers "The DNS SOA serial number". And the whole 
RFC document is not that long. To quote the most important sentences:

"Serial numbers are formed from non-negative integers from a finite  
subset of the range of all integer values."

"When considered as serial numbers however no value has any particular 
significance, there is no minimum or maximum serial number, every value 
has a successor and predecessor."

"Only two operations are defined upon serial numbers, addition of a 
positive integer of limited range, and comparison with another serial 
number." (limited range, highest possible increment = 2^31-1 for DNS 
serial)

And the comparison is exactly what this patch implements.

Sven

-- 
Sven Wegener
Gentoo Developer
http://www.gentoo.org/

More information about the Pdns-dev mailing list