Hi Anand!> > -> NSD 4.3.5 serves serial 1660716050 > > NSD has internally updated to serial 1660716050, but not yet saved it to > disk. By default, NSD writes out zone files only once per hour. > > > Now, upgrade to 4.6 and restart NSD: > > 10:32:04 nsd-pl[1072241]: zone kepno.pl read with success > > 10:32:04 nsd-pl[1072241]: rehash of zone kepno.pl. with parameters 1 0 12 > e831662b2ffa02c1 > > 10:32:10 nsd-pl[1072240]: zone kepno.pl serial 1660716050 is updated to > 1660716049 > > --> Why is the serial going backwards? > > NSD read the zone from disk, and it still had the previous serial > number, so that's what got loaded into memory.That makes sense.> Eventually, NSD would > have noticed that it's outdated and would have done an XFR to update it.That's the weird thing. NSD knows that the version on disk is older than the previously served one (serial is goind backwards: "1660716050 is updated to 1660716049"). Hence it could check the serial on the primary and fetch the latest version. I also tried "nsd-control transfer ....", but that also did not triggered an XFR. Only "force_transfer" triggered an XFR. From my understanding, "transfer: try to update slave zones to newer serial" should also trigger an XFR as the primary has a higher serial then the current served one.> Before restarting NSD, it is good practice to write zones to disk. Or > configure it to save an updated zone immediately to disk, by setting > "zonefiles-write" to a low value, so that zone files on disk are as up > to date as possible.Thanks for the tip Klaus
On 17/08/2022 14:08, Klaus Darilion wrote: Hi Klaus,> That's the weird thing. NSD knows that the version on disk is older > than the previously served one (serial is goind backwards: "1660716050 > is updated to 1660716049"). Hence it could check the serial on the > primary and fetch the latest version.Except that NSD keeps a state file as well, in which it maintains timers about when next to query the primary. For this zone, that time had not yet arrived. If you stop NSD, delete the state file, and start NSD, then it will have no memory of the timers. After loading all the zones, it will immediately query their primaries and update them if needed. But this has the downside of causing a thundering herd towards the primaries in the case where you have lots of secondary zones.> I also tried "nsd-control transfer ....", but that also did not > triggered an XFR. Only "force_transfer" triggered an XFR. From my > understanding, "transfer: try to update slave zones to newer serial" > should also trigger an XFR as the primary has a higher serial then the > current served one.Hmm. So NSD thinks the zone is up to date, because it has a newer serial in the state file, but is actually serving an old serial. Could be a subtle bug. I'll see if I can reproduce it on our test server. Regards, Anand