Hi!
I have upgraded from nsd 4.3.5 to 4.6. After the restart of the server, it
serves an old zone. For example:
NSD 4.3.5:
07:31:13 nsd-pl[811535]: notify for kepno.pl. from X.X.X.20 serial 1660716049
07:31:13 nsd-pl[811535]: notify for kepno.pl. from XXXX:XXXX:9::5 serial
1660716049
07:31:13 nsd-pl[3084]: xfrd: zone kepno.pl committed "received update to
serial 1660716049 at 2022-08-17T07:31:13 from X.X.X.20 TSIG verified with key
foobar"
07:31:13 nsd-pl[3089]: zone kepno.pl. received update to serial 1660716049 at
2022-08-17T07:31:13 from X.X.X.20 TSIG verified with key foobar of 2403 bytes in
9.8e-05 seconds
07:31:13 nsd-pl[811535]: notify for kepno.pl. from X.X.X.4 serial 1660716049
07:31:13 nsd-pl[811535]: notify for kepno.pl. from XXXX:XXXX:8::5 serial
1660716049
07:31:14 nsd-pl[3084]: zone kepno.pl serial 1660716048 is updated to 1660716049
07:46:24 nsd-pl[3089]: writing zone kepno.pl to file kepno.pl.zone
09:46:22 nsd-pl[1008051]: notify for kepno.pl. from XXXX:XXXX:9::5 serial
1660716050
09:46:22 nsd-pl[1008051]: notify for kepno.pl. from X.X.X.20 serial 1660716050
09:46:22 nsd-pl[3084]: xfrd: zone kepno.pl committed "received update to
serial 1660716050 at 2022-08-17T09:46:22 from XXXX:XXXX:9::5 TSIG verified with
key foobar"
09:46:22 nsd-pl[1008051]: notify for kepno.pl. from XXXX:XXXX:8::5 serial
1660716050
09:46:22 nsd-pl[1008051]: notify for kepno.pl. from X.X.X.4 serial 1660716050
09:46:27 nsd-pl[3089]: zone kepno.pl. received update to serial 1660716050 at
2022-08-17T09:46:22 from XXXX:XXXX:9::5 TSIG verified with key foobar of 840
bytes in 0.000108 seconds
09:46:28 nsd-pl[3084]: zone kepno.pl serial 1660716049 is updated to 1660716050
-> NSD 4.3.5 serves serial 1660716050
Now, upgrade to 4.6 and restart NSD:
10:32:04 nsd-pl[1072241]: zone kepno.pl read with success
10:32:04 nsd-pl[1072241]: rehash of zone kepno.pl. with parameters 1 0 12
e831662b2ffa02c1
10:32:10 nsd-pl[1072240]: zone kepno.pl serial 1660716050 is updated to
1660716049
--> Why is the serial going backwards?
# nsd-control -c /etc/nsd/nsd-pl.conf zonestatus kepno.pl
zone: kepno.pl
state: ok
served-serial: "1660716049 since 2022-08-17T10:32:10"
commit-serial: "1660716050 since 2022-08-17T10:55:43"
wait: "1159 sec between attempts"
I can fix it with force_transfer:
11:14:25 nsd-pl[1072240]: xfrd: zone kepno.pl committed "received update to
serial 1660716050 at 2022-08-17T11:14:25 from X.X.X.4 TSIG verified with key
foobar"
11:14:26 nsd-pl[1072241]: rehash of zone kepno.pl. with parameters 1 0 12
e831662b2ffa02c1
11:14:26 nsd-pl[1072241]: zone kepno.pl. received update to serial 1660716050 at
2022-08-17T11:14:25 from X.X.X.4 TSIG verified with key foobar of 31937 bytes in
0.005712 seconds
11:14:26 nsd-pl[1072240]: zone kepno.pl serial 1660716049 is updated to
1660716050
# nsd-control -c /etc/nsd/nsd-pl.conf zonestatus kepno.pl
zone: kepno.pl
state: ok
served-serial: "1660716050 since 2022-08-17T11:14:25"
commit-serial: "1660716050 since 2022-08-17T11:14:25"
wait: "279 sec between attempts"
Is this a bug or a feature?
Thanks
Klaus
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20220817/f3b27305/attachment.htm>
On 17/08/2022 13:18, Klaus Darilion via nsd-users wrote: Hi Klaus,> NSD 4.3.5: > 07:31:13 nsd-pl[811535]: notify for kepno.pl. from X.X.X.20 serial 1660716049 > 07:31:13 nsd-pl[811535]: notify for kepno.pl. from XXXX:XXXX:9::5 serial 1660716049 > 07:31:13 nsd-pl[3084]: xfrd: zone kepno.pl committed "received update to serial 1660716049 at 2022-08-17T07:31:13 from X.X.X.20 TSIG verified with key foobar" > 07:31:13 nsd-pl[3089]: zone kepno.pl. received update to serial 1660716049 at 2022-08-17T07:31:13 from X.X.X.20 TSIG verified with key foobar of 2403 bytes in 9.8e-05 seconds > 07:31:13 nsd-pl[811535]: notify for kepno.pl. from X.X.X.4 serial 1660716049 > 07:31:13 nsd-pl[811535]: notify for kepno.pl. from XXXX:XXXX:8::5 serial 1660716049 > 07:31:14 nsd-pl[3084]: zone kepno.pl serial 1660716048 is updated to 1660716049 > 07:46:24 nsd-pl[3089]: writing zone kepno.pl to file kepno.pl.zoneHere, the zone kepno.pl has been saved with serial 1660716049.> 09:46:22 nsd-pl[1008051]: notify for kepno.pl. from XXXX:XXXX:9::5 serial 1660716050 > 09:46:22 nsd-pl[1008051]: notify for kepno.pl. from X.X.X.20 serial 1660716050 > 09:46:22 nsd-pl[3084]: xfrd: zone kepno.pl committed "received update to serial 1660716050 at 2022-08-17T09:46:22 from XXXX:XXXX:9::5 TSIG verified with key foobar" > 09:46:22 nsd-pl[1008051]: notify for kepno.pl. from XXXX:XXXX:8::5 serial 1660716050 > 09:46:22 nsd-pl[1008051]: notify for kepno.pl. from X.X.X.4 serial 1660716050 > 09:46:27 nsd-pl[3089]: zone kepno.pl. received update to serial 1660716050 at 2022-08-17T09:46:22 from XXXX:XXXX:9::5 TSIG verified with key foobar of 840 bytes in 0.000108 seconds > 09:46:28 nsd-pl[3084]: zone kepno.pl serial 1660716049 is updated to 1660716050 > -> NSD 4.3.5 serves serial 1660716050NSD has internally updated to serial 1660716050, but not yet saved it to disk. By default, NSD writes out zone files only once per hour.> Now, upgrade to 4.6 and restart NSD: > 10:32:04 nsd-pl[1072241]: zone kepno.pl read with success > 10:32:04 nsd-pl[1072241]: rehash of zone kepno.pl. with parameters 1 0 12 e831662b2ffa02c1 > 10:32:10 nsd-pl[1072240]: zone kepno.pl serial 1660716050 is updated to 1660716049 > --> Why is the serial going backwards?NSD read the zone from disk, and it still had the previous serial number, so that's what got loaded into memory. Eventually, NSD would have noticed that it's outdated and would have done an XFR to update it. Before restarting NSD, it is good practice to write zones to disk. Or configure it to save an updated zone immediately to disk, by setting "zonefiles-write" to a low value, so that zone files on disk are as up to date as possible. [snip]> Is this a bug or a feature?Feature ;-) Regards, Anand