ns2 zone retry limit for mater exceeded?

Need help? Ask here.

Moderator: Moderators

Post Reply
schraudog
Posts: 6
Joined: Mon Jun 06, 2005 6:16 am
Contact:

ns2 zone retry limit for mater exceeded?

Post by schraudog »

Please pardon my ignorance. I am trying to xshoot two issues.
1. I get this in my log when I make change to primary and bump the serial up. The primary does notify rollernet ns1 and ns2, but ns2 returns this in the rollernet logs for this domain

ns2.rollernet.us 2009-04-16 10:27:21 zone cadenceinc.com/IN: refresh: retry limit for master 216.12.9.166#53 exceeded (source 0.0.0.0#0)

Any suggestions?

2. I assume it is related, but when I do checks (dnsstuff.com), I get a report that says ns2.rollernet.us is not listed at parent name servers. Why is that?

Mike S
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Re: ns2 zone retry limit for mater exceeded?

Post by RollerNetSupport »

schraudog wrote:Please pardon my ignorance. I am trying to xshoot two issues.
1. I get this in my log when I make change to primary and bump the serial up. The primary does notify rollernet ns1 and ns2, but ns2 returns this in the rollernet logs for this domain

ns2.rollernet.us 2009-04-16 10:27:21 zone cadenceinc.com/IN: refresh: retry limit for master 216.12.9.166#53 exceeded (source 0.0.0.0#0)

Any suggestions?
Odd, because we tried an AXFR by hand with "dig" and it worked. Perhaps BIND is confused. We'll look into it.

schraudog wrote:2. I assume it is related, but when I do checks (dnsstuff.com), I get a report that says ns2.rollernet.us is not listed at parent name servers. Why is that?
Is it the "glue" test? That's completely normal for out-of-zone name servers (.us versus .com). That test only passes if the server is in the same TLD as the domain. It's harmless.
Technical Support support@rollernet.us
Roller Network LLC
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

We restarted BIND on ns2 (actually, it hung when we tried to stop it nicely and had to 'kill -9' it) and the transfer happened instantly when we requested a retransfer:

Code: Select all

Apr 16 11:44:09 ns2 named[15834]: zone cadenceinc.com/IN: transferred serial 2009041601
It could have been some kind of memory leak since it had been running for 332 days until we killed the process. The server is actually running the 'oldstable' version of Debian and is due for an upgrade to 'stable' which will bring BIND from 9.3.4-P1.1 to 9.5.1-P1. Please let us know if you notice any problems.
Technical Support support@rollernet.us
Roller Network LLC
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Also, we checked ns1 and its BIND process has only been running for 197 days. We'll do a preemptive restart on that process until we can finish our lab testing on the upgrades.
Technical Support support@rollernet.us
Roller Network LLC
schraudog
Posts: 6
Joined: Mon Jun 06, 2005 6:16 am
Contact:

Re: ns2 zone retry limit for mater exceeded?

Post by schraudog »

RollerNetSupport wrote:
schraudog wrote:Please pardon my ignorance. I am trying to xshoot two issues.
1. I get this in my log when I make change to primary and bump the serial up. The primary does notify rollernet ns1 and ns2, but ns2 returns this in the rollernet logs for this domain

ns2.rollernet.us 2009-04-16 10:27:21 zone cadenceinc.com/IN: refresh: retry limit for master 216.12.9.166#53 exceeded (source 0.0.0.0#0)

Any suggestions?
Odd, because we tried an AXFR by hand with "dig" and it worked. Perhaps BIND is confused. We'll look into it.

schraudog wrote:2. I assume it is related, but when I do checks (dnsstuff.com), I get a report that says ns2.rollernet.us is not listed at parent name servers. Why is that?
Is it the "glue" test? That's completely normal for out-of-zone name servers (.us versus .com). That test only passes if the server is in the same TLD as the domain. It's harmless.
Not the glue test. I ignore that one. It is the one that reads:

"FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNSreport will not query these servers, so you need to be very careful that they are working properly.

ns2.rollernet.us.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). "

Just checked and am still getting this error. Thanks so much for looking in to this and the other issue.
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Oh, that test. That means that there's a mismatch between what name servers are configured at the registrar and the servers listed in NS records in the zone itself. The registrar doesn't have "ns2.rollernet.us" listed:

Code: Select all

; <<>> DiG 9.5.1-P1 <<>> cadenceinc.com @j.gtld-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19243
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cadenceinc.com.			IN	A

;; AUTHORITY SECTION:
cadenceinc.com.		172800	IN	NS	ns1.bladeinfo.com.
cadenceinc.com.		172800	IN	NS	ns1.rollernet.us.
Technical Support support@rollernet.us
Roller Network LLC
schraudog
Posts: 6
Joined: Mon Jun 06, 2005 6:16 am
Contact:

Post by schraudog »

RollerNetSupport wrote:Oh, that test. That means that there's a mismatch between what name servers are configured at the registrar and the servers listed in NS records in the zone itself. The registrar doesn't have "ns2.rollernet.us" listed:
Totally my bad! I should have checked that. Will fix now.
Post Reply