Bind9: rndc reload doesn't work for slave servers

Brian Candler B.Candler at pobox.com
Tue Aug 1 13:35:13 UTC 2006 

On Tue, Aug 01, 2006 at 03:06:30PM +0200, Edda Hochstrate wrote:
> >However, note that your slave server will poll each of the masters at the
> >refresh interval in their SOA record anyway. So if a particular customer
> >wants you to poll their zone more frequently, then they can just reduce the
> >refresh time in their SOA record, and your server will honour their 
> >request.
> >That gives you the best of all worlds - frequent polling for those 
> >customers
> >who want or need it, and occasional polling for everyone else.
> 
> In our opinion as an ISP the refresh time is for the world of resolvers.

I don't think that's what it's for.

As I understand it, there are three main participants in the DNS:

- resolver (client)
- cache
- authoritative server

The resolver isn't interested in SOA records at all.

The cache is only interested in SOA records for negative caching (i.e. what
TTL to use to remember the non-existence of a resource record)

SOAs are primarily for exchange of information between the master and slave
servers. The serial number indicates the version of the data, and the
refresh interval says how often the slaves should poll the master to check
if the serial number has changed.

But don't take my word for it, this is what RFC 1034 has to say:

"The periodic polling of the secondary servers is controlled by
parameters in the SOA RR for the zone, which set the minimum acceptable
polling intervals.  The parameters are called REFRESH, RETRY, and
EXPIRE.  Whenever a new zone is loaded in a secondary, the secondary
waits REFRESH seconds before checking with the primary for a new serial.
If this check cannot be completed, new checks are started every RETRY
seconds.  The check is a simple query to the primary for the SOA RR of
the zone.  If the serial field in the secondary's zone copy is equal to
the serial returned by the primary, then no changes have occurred, and
the REFRESH interval wait is restarted."

Since your slave is running BIND 9, which is a reasonably correct
implementation of DNS, then you should find that if the master zone sets a
refresh time of 3600 in their SOA, then your server will poll it every hour,
without any other tricks being required.

Regards,

Brian.

P.S. Also worth reading is RIPE 203:
http://www.ripe.net/ripe/docs/dns-soa.html

More information about the freebsd-isp mailing list