Emil Natan wrote:
> Hi list,
> Follows part of the named log that I do not fully understand so any help
> will be well appreciated:
>
> Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: zone_timer: zone
> superfly.org/IN: enter
> Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: zone_maintenance:
> zone superfly.org/IN: enter
> Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: queue_soa_query:
> zone superfly.org/IN: enter
> Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: soa_query: zone
> superfly.org/IN: enter
> Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: refresh_callback:
> zone superfly.org/IN: enter
> Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: zone superfly.org/IN:
> refresh: timeout retrying without EDNS master 192.168.0.53#53 (source
> 0.0.0.0#0)
> Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: queue_soa_query:
> zone superfly.org/IN: enter
> Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: soa_query: zone
> superfly.org/IN: enter
> Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: refresh_callback:
> zone superfly.org/IN: enter
> Oct 21 15:54:28 nstest1 named[15684]: general: info: zone superfly.org/IN:
> refresh: retry limit for master 192.168.0.53#53 exceeded (source 0.0.0.0#0)
> Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: queue_xfrin: zone
> superfly.org/IN: enter
> Oct 21 15:54:28 nstest1 named[15684]: general: info: zone superfly.org/IN:
> Transfer started.
> Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: zone superfly.org/IN:
> requesting IXFR from 192.168.0.53#53
> Oct 21 15:54:28 nstest1 named[15684]: xfer-in: info: transfer of '
> superfly.org/IN' from 192.168.0.53#53: connected using 192.168.0.1#32903
> Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: zone superfly.org/IN:
> zone transfer finished: up to date
> Oct 21 15:54:28 nstest1 named[15684]: xfer-in: info: transfer of '
> superfly.org/IN' from 192.168.0.53#53: end of transfer
>
> The log is from slave name server and as you can see the zone transfer
> finished successfully. What I do not understand is what "timeout retrying
> without EDNS master" means

There are some missing commas there, IMO. Should be "timeout, retrying
without EDNS, master XXXX". Clearer now? Some firewalls just drop EDNS
packets because they (the firewalls) have an ancient notion of what a
"properly-constructed" DNS packet is. Therefore BIND will try/retry a
certain number of times with EDNS, then give up on that and fail over to
just plain DNS. You can deconfigure the EDNS attempts with

server x.x.x.x {
edns no;
};

> and later "retry limit for master 192.168.0.53#53exceeded".

That means it gave up on trying to contact the master, after an
appropriate number of retries.

Check basic connectivity between the two boxes. Seems like it might be
rather intermittent. Run a packet trace/sniffer if necessary.


- Kevin