Bind9 not updating zone serial

However, serial numbers do not follow the normal rules of integer arithmetic.

Instead they use 32-bit sequence space arithmetic: Changing a serial number directly from 2111012400 to 2011012400 is not allowed because it would require either a subtraction, or an addition outside of the permitted range.

Without any notifies being received at all, named will periodically instigate a zone refresh for a slave - which means that it will send SOA queries to the servers in the list to see if it can find one that returns an SOA with a larger serial number than the one currently being served by the slave.

The servers are queried in turn - named moves on to the next server in the list if either: On the first SOA received that is bigger than the one than the slave is currently serving, then named will initial a zone transfer with that server.

allow-notify applies to slave zones only and defines a match list, for example, IP address(es) that are allowed to NOTIFY this server and implicitly update the zone in addition to those hosts defined in the masters option for the zone.

The default behaviour is to allow zone updates only from the masters IP(s).

The syntax of zone data files lends itself to making mistakes.

It doesn't help that the address and pointer records are in different files, which must agree with each other.

bind9 not updating zone serial-60bind9 not updating zone serial-23

Sometimes your users won't want to wait for the slaves to pick up the new zone data -- they'll want it available right away.

Reason: Administrator could not configure a slave DNS server as it cannot function properly unless SOA serial number is changed every time a DNS record is changed.

Result (if any): bind-dyndb-ldap plugin used to provision data from Identity Management DNS tree to the BIND Name Server updates DNS zone SOA serial number every time when the DNS zone or its record is modified, thus allowing Administrators to configure a slave DNS server for zones managed by Identity Management.

Serial numbers are used by slave nameservers to determine when a zone transfer is necessary.

Higher values are considered to be more recent than lower values.


Leave a Reply