Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No graceful recovery for expired zones #213

Open
anandb-ripencc opened this issue Apr 6, 2022 · 0 comments
Open

No graceful recovery for expired zones #213

anandb-ripencc opened this issue Apr 6, 2022 · 0 comments
Labels
enhancement

Comments

@anandb-ripencc
Copy link
Contributor

Our NSD servers are configured as secondary for 75.139.in-addr.arpa. At one point its serial was 2021122001. Then the operator messed up, and lowered the serial to 2021102901. As expected, NSD kept rejecting XFRs with this error:

info: xfrd: zone 75.139.in-addr.arpa. ignoring old serial (2021122001/2021102901) from XXX

Eventually, the zone expired:

error: xfrd: zone 75.139.in-addr.arpa. has expired

Now, NSD isn't serving this zone. However, it is holding on to the last known copy of the zone, and still ignoring the XFRs for it. The nsd-xfr-PID directory contains a file xfr.NNNN, and this file isn't being removed or processed. I know I can fix this manually with nsd-control force_transfer 75.139.in-addr.arpa.

However, IMHO, this is a situation that NSD should rectify itself. When a zone expires, it should discard the zone, and AXFR it in. Other name servers do exactly this, and allow for graceful recovery, whereas with NSD, it requires manual intervention.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@k0ekk0ek @anandb-ripencc