On Tue, Oct 28, 2008 at 3:50 AM, Kevin Darcy wrote:
> Emil Natan wrote:
> > Hi list,
> > Follows part of the named log that I do not fully understand so any help
> > will be well appreciated:
> >
> > Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: zone_timer: zone
> > superfly.org/IN: enter
> > Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: zone_maintenance:
> > zone superfly.org/IN: enter
> > Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: queue_soa_query:
> > zone superfly.org/IN: enter
> > Oct 21 15:52:58 nstest1 named[15684]: general: debug 1: soa_query: zone
> > superfly.org/IN: enter
> > Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: refresh_callback:
> > zone superfly.org/IN: enter
> > Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: zone

> superfly.org/IN:
> > refresh: timeout retrying without EDNS master 192.168.0.53#53 (source
> > 0.0.0.0#0)
> > Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: queue_soa_query:
> > zone superfly.org/IN: enter
> > Oct 21 15:53:43 nstest1 named[15684]: general: debug 1: soa_query: zone
> > superfly.org/IN: enter
> > Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: refresh_callback:
> > zone superfly.org/IN: enter
> > Oct 21 15:54:28 nstest1 named[15684]: general: info: zone

> superfly.org/IN:
> > refresh: retry limit for master 192.168.0.53#53 exceeded (source

> 0.0.0.0#0)
> > Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: queue_xfrin: zone
> > superfly.org/IN: enter
> > Oct 21 15:54:28 nstest1 named[15684]: general: info: zone

> superfly.org/IN:
> > Transfer started.
> > Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: zone

> superfly.org/IN:
> > requesting IXFR from 192.168.0.53#53
> > Oct 21 15:54:28 nstest1 named[15684]: xfer-in: info: transfer of '
> > superfly.org/IN' from 192.168.0.53#53: connected using 192.168.0.1#32903
> > Oct 21 15:54:28 nstest1 named[15684]: general: debug 1: zone

> superfly.org/IN:
> > zone transfer finished: up to date
> > Oct 21 15:54:28 nstest1 named[15684]: xfer-in: info: transfer of '
> > superfly.org/IN' from 192.168.0.53#53: end of transfer
> >
> > The log is from slave name server and as you can see the zone transfer
> > finished successfully. What I do not understand is what "timeout retrying
> > without EDNS master" means

> There are some missing commas there, IMO. Should be "timeout, retrying
> without EDNS, master XXXX". Clearer now? Some firewalls just drop EDNS
> packets because they (the firewalls) have an ancient notion of what a
> "properly-constructed" DNS packet is. Therefore BIND will try/retry a
> certain number of times with EDNS, then give up on that and fail over to
> just plain DNS. You can deconfigure the EDNS attempts with
>
> server x.x.x.x {
> edns no;
> };
>
> > and later "retry limit for master 192.168.0.53#53exceeded".

> That means it gave up on trying to contact the master, after an
> appropriate number of retries.
>
> Check basic connectivity between the two boxes. Seems like it might be
> rather intermittent. Run a packet trace/sniffer if necessary.
>
>
> - Kevin
>
>
>

Thanks for your answer Kevin. Today I found the problem (two different
connectivity problems actually). You are right about the EDNS behaviour,
there are 3 attempts to use EDNS and 3 attempts without using EDNS. I found
it a bit strange after 6 unsuccessful queries for the zone SOA to try IXFR
or AXFR for the zone's data. It was successful in this case and that's what
confused me.

ena