[nycbug-talk] dns slaves serve up empty data

[Marco Scoffier]

Miles Nordin wrote:
> notifies are an optional part of the protocol to speed things up.  I'd
> the impression they weren't even acknowledged, so I'm not sure why
> they would be retried---I'd therefore not infer too much from the
> soudn of the error message.
>
> The mandatory way for slaves to operate, whether the master sends
> notifies or not, is to poll your master for an SOA record on a period
> specified by the 'refresh' timer in the SOA record they already have.
> If they don't succeed, they begin polling on the 'retry' timer's
> period, which is typically more frequent.  There's no exponential
> backoff or anything like that.  notifies didn't used to be part of the
> standard at all, and the whole process will work without them, so
> don't overfocus on it.  
>
> notifies could be broken in your environment if gandi doesn't in fact
> use the single nameserver they expose to you.  It's possible to use a
> slave as the master for another slave, so if they wanted (not sure why
> they would), they could have one hidden server that sucks down all the
> zones from their customers' masters, and then a network of exposed
> slaves that sucks zones from that hidden zonesuck server.  In that
> case, you'd send a notify to the exposed master, which might (I'm not
> sure) say ``this notify's coming from the wrong source, so I'm
> ignoring it.''  I don't think they do this weird arrangement---it's
> just a reasonable example that breaks notifies, unless you manually
> reconfigure your master.  and you'll never notice, because notifies
> aren't actually needed: gandi is allowed to openly or accidentally not
> support them.  really notifies go together with IXFR as a mechanism for
> synchronizing dyndns updates.
>
> Without notifies you will have to wait the 'retry' period after making
> changes to the master for the slaves to poll again, although I'm not
> absolutely certain slaves will respect SOA 'retry' on an expired
> zone---they may use a fixed default polling timer which, without
> actually knowing (I control all my slaves so I just 'rndc reload' or
> ask my friend to do so), I would guess to be about an hour.
>
> If you have been working on this for several days and writing all
> these mails you probably have some effort to burn: why don't you try
> setting up your own slave server on your laptop or something, and see
> if you can get it to suck down the zone.  If you can't, fix it.  If
> you can, check that gandi has the right IP for your master, and if
> they do, get a different company to be your slave server.  (I like
> gandi in general but have not used this feature of theirs.)
>   
>   
Dear Miles,

Thank you for your detailed response.    I didn't realize that the 
notifies were 'optional' , and I guess I put more faith in them than I 
should have because they have been working for so long.  I finally got 
to the bottom of exactly what was going on.  I moved the name server 
about 2 weeks ago.  I uploaded the new zone with the IP of the new 
nameserver from the old machine on the old IP.  Before shutting it down 
I made sure that the zone had been uploaded to the secondaries and that 
they were serving it properly.  What I assumed was that the secondaries 
would take the IP of the primary from the zone file I uploaded.  I was 
wrong.  Instead buried deep in nested set of webforms is the text box 
where I had to update the IP for the primary.  After which I am subject 
to the time they decide to poll my master.   Except for this deeply 
nested webform, my primary is identified on gandi's website only by its 
url so I had no way of knowing that they were still checking the old 
machine's IP address. Grrr.  My fault or gandi's I don't know.  It's 
probably my deep hatred of relying on webforms for anything important 
... I just followed up in case someone else is going through a similar 
weird problem.

Also I wish to apologize for "all the emails".  It is true I was a bit 
frantic.  I tend to manage things carefully and get upset when I feel 
blindsided by something over which I have no control, such as when the 
slaves will update my zone.  I used to share secondaries with friends 
but this got unstable so I decided to use a large company.   If anyone 
reliable wants to swap slaving I would be happy to slave for you. I've 
stopped using xname.org as their servers are stupidly slow and often 
unreachable.

Hopefully all these issues are behind me :)

Marco