[afnog] DNS zone transfer

Brian Candler B.Candler at pobox.com
Thu Aug 11 21:58:08 EAT 2005


On Thu, Aug 11, 2005 at 09:36:56PM +0300, Antonio Godinho wrote:
> In a server with bind 8 which is working for the same purpose I get the 
> following answer when running the command dig:
> 
> ;; Received 2 answers (1676 records).
> ;; FROM: ns.foo.bar to SERVER: ns2.foo.bar
> ;; WHEN: Thu Aug 11 20:45:53 2005
> 
> 
> then when running the same command against itself (the bind 8 server, which 
> is also a secondary for the same domains) I get:
> 
> 
> ;; Received 2097 answers (2097 records).
> ;; FROM: ns.foo.bar to SERVER: 127.0.0.1
> ;; WHEN: Thu Aug 11 20:48:26 2005
> 
> Look at the diff in number of records!

Errm, well I'm a bit confused, and it's hard to diagnose when you're
obfuscating the real domains.

Are you saying
(1) ns2.foo.bar is slave to ns.foo.bar ?
    Prove it. Dig the SOA record for the zones and show they're the same.

(2) one or other of these machines is running bind 4?? According to what
    you wrote above, they're both running bind 8

If one machine is master and the other slave, then yes they should serve the
same records. If they don't (and one has 1676 whereas the other has 2097)
then it should be straightforward enough to prove which records are missing.
Use sort and diff -u. Then you can investigate why they're missing.

I'm afraid I get bored quickly with guessing games. If you won't show the
real domain, then debugging it is up to you. Good luck.

Cheers,

Brian.



More information about the afnog mailing list