[Pdns-users] Notification for domains to ip1:53 failed after retries

Steve Zeng steve.zeng at booking.com
Wed Jan 17 15:41:02 UTC 2018 

> On Jan 17, 2018, at 4:26 PM, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> 
> Yes. Immediately right after.
Great to know that. our delay period was about 5-6min and that concerns me. 

> 
> I just re-read your log lines:
> 
>>>> 10-Jan-2018 18:11:24.387 notify: client 10.198.180.41#12149:
> received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:24.387 general: zone lhr4.dqs.booking.com/IN:
> notify from 10.198.180.41#12149: no serial
>>>> 10-Jan-2018 18:11:29.453 notify: client 10.198.180.41#12149:
> received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:29.453 general: zone lhr4.dqs.booking.com/IN:
> notify from 10.198.180.41#12149: no serial
>>>> 10-Jan-2018 18:11:38.350 notify: client 10.198.180.41#12149:
> received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:38.350 general: zone lhr4.dqs.booking.com/IN:
> notify from 10.198.180.41#12149: no serial
> 
> There is example.com and lhr4.dqs.booking.com, hence I guess this is
> incomplete obfuscation.

Good catch on example.com and lhr4.dqs.booking.com <http://lhr4.dqs.booking.com/>. yes it is incomplete obfuscation. 

> 
> The NOTIFY is received every 7-10 seconds. Do you update the zone that
> often or are these retransmission?
> 
It is a zone which updates quite often by our provisioning systems.

> If these are retransmissions then there may be a firewall problem
> between Bind and PowerDNS.
> 
I tend to believe you and Pieter that this indicates some temporary network or firewall blips within our network. since most of the time it is working quite well.

Thanks,
Steve


> regards
> Klaus
> 
> 
> 
> Am 17.01.2018 um 15:43 schrieb Steve Zeng:
>> Klaus,
>> 
>> Good to know. when would BIND do a SOA query to the configured master to check the serial? Is it immediately right after it get NOTIFY from master?
>> 
>> Thanks,
>> Steve
>>> On Jan 17, 2018, at 3:32 PM, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>> 
>>> 
>>> 
>>> Am 17.01.2018 um 15:13 schrieb Steve Zeng:
>>>> Pieter,
>>>> 
>>>> I checked BIND slaves logs around the time frame and found:
>>>> 
>>>> 10-Jan-2018 18:11:17.211 notify: client 10.198.180.41#12149: received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:17.211 general: zone lhr4.dqs.booking.com/IN: notify from 10.198.180.41#12149: no serial
>>>> 10-Jan-2018 18:11:24.387 notify: client 10.198.180.41#12149: received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:24.387 general: zone lhr4.dqs.booking.com/IN: notify from 10.198.180.41#12149: no serial
>>>> 10-Jan-2018 18:11:29.453 notify: client 10.198.180.41#12149: received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:29.453 general: zone lhr4.dqs.booking.com/IN: notify from 10.198.180.41#12149: no serial
>>>> 10-Jan-2018 18:11:38.350 notify: client 10.198.180.41#12149: received notify for zone 'example.com'
>>>> 10-Jan-2018 18:11:38.350 general: zone lhr4.dqs.booking.com/IN: notify from 10.198.180.41#12149: no serial
>>>> 
>>>> wondering why there is ’no serial’ in the logs. Since the column does have the value:
>>>> 
>>>>> select * from domains where name='example.com'\G;
>>>> *************************** 1. row ***************************
>>>>            id: 484
>>>>          name: example.com
>>>>        master: 10.187.125.2:53,10.187.125.2:53
>>>>    last_check: 1516197871
>>>>          type: SLAVE
>>>> notified_serial: 2016918645
>>>> 
>>>> is “no serial” the cause of notification failure?
>>> 
>>> I do not think this is the problem. NOTIFYs may have serials, but
>>> without serial is also allowed. And PowerDNS does not send serials.
>>> 
>>> Usually, when there is no serial, Bind will do SOA-Queries to the
>>> configured masters to check the serial on the master.
>>> 
>>> regards
>>> Klaus
>>> _______________________________________________
>>> Pdns-users mailing list
>>> Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
>>> https://mailman.powerdns.com/mailman/listinfo/pdns-users <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180117/c20b44a1/attachment.html>

More information about the Pdns-users mailing list