Hi, Every SOA REFRESH time, BIND9 slave server checks master?s SOA serial (with ordinary UDP SOA query) and if the serial is increased it starts AXFR. But my NSD slave server (4.0.0 and 3.2.16) just do AXFR with no serial checking every REFRESH time. (according to tcpdump). I expect SOA serial checking before AXFR to avoid load at both master/slave side. This is my NSD configuration. Something is missing? ---------------------- server: logfile: "/var/log/nsd.log" username: ?nsd? verbosity: 99 zone: name: ?example.net" request-xfr: 192.0.2.1 NOKEY allow-notify: 192.0.2.1 NOKEY ??????????? -- Daisuke HIGASHI <daisuke.higashi at gmail.com>
Oh I?ve missed this statement in doc/NSD-FOR-BIND-USERS :-) An AXFR initiated by the built-in transfer process will not start with a SOA query at all. The first packet of the AXFR transfer will be used to determine the SOA version number in that case. This is a conscious breach of RFC spec to ease implementation and efficiency. "First packet" size seems to be up to 16kB for NSD4 master. Usual forward zones likely fit into it so full zone transfer may occur every REFRESH time. In doc/TODO : - query SOA before getting AXFR and then cutting it off, it causes an err log on the master. It would be nice if it implemented since I worry about tcp setup/transfer overhead especially in many zone hosting scenario. Regards, -- Daisuke HIGASHI <daisuke.higashi at gmail.com> 2013/11/9 Daisuke HIGASHI <daisuke.higashi at gmail.com>:> But my NSD slave server (4.0.0 and 3.2.16) just do AXFR with > no serial checking every REFRESH time. (according to tcpdump). > I expect SOA serial checking before AXFR to avoid load at both > master/slave side.