Hi
I've a DNS zone configured using HE's nameservers (as slaves), and as per my DNS' log, `slave.dns.he.net` is ignoring `NOTIFY` requests:
max notify send count reached, 216.218.133.2 unreachable
max notify send count reached, 2001:470:600::2 unreachable
Underlying IPv6, and IPv4 network is fine. And I can reach both endpoints just fine over ICMPv{4,6}.
I've not updated my zone in a while (until few minutes ago), and before `slave.dns.he.net` migration, I remember it used to work just fine with NOTIFY stuff, i.e. HE DNS hosts serving latest records within few minutes (< 5 minutes, IIRC) of NOTIFY requests.
If NOTIFY is not supported anymore, then could you please let me know, so I can stop spamming tHE slave with NOTIFY requests.
Thanks in advance!
Thanks to this post (https://forums.he.net/index.php?topic=3183.0) my problem is resolved. I should be sending NOTIFYs to `ns1.he.net`, and not `slave.dns.he.net`.
Thanks!
I've found that notifies sent to ns1.he.net are no longer triggering an AXFR. Is anyone else having this issue?
I'm running PowerDNS authoratative server. When my domain's SOA serial is updated, I see the following log output:
Jan 19 00:02:50 1 domain for which we are master needs notifications
Jan 19 00:02:50 Queued also-notification of domain 'xxxxxxxxxxx' to 216.218.130.2:53
Jan 19 00:02:51 Removed from notification list: 'xxxxxxxxxxxxx' to 216.218.130.2:53 (was acknowledged)
However no AXFR is ever initiated by the remote end. Via the HE DNS website I can initiate a 'Validation' which performs an AXFR OK, so my firewall is fine.
Quote from: porjo on January 18, 2015, 04:11:42 PM
I've found that notifies sent to ns1.he.net are no longer triggering an AXFR. Is anyone else having this issue?
I'm running PowerDNS authoratative server. When my domain's SOA serial is updated, I see the following log output:
Jan 19 00:02:50 1 domain for which we are master needs notifications
Jan 19 00:02:50 Queued also-notification of domain 'xxxxxxxxxxx' to 216.218.130.2:53
Jan 19 00:02:51 Removed from notification list: 'xxxxxxxxxxxxx' to 216.218.130.2:53 (was acknowledged)
However no AXFR is ever initiated by the remote end. Via the HE DNS website I can initiate a 'Validation' which performs an AXFR OK, so my firewall is fine.
I also noticed something similar behaviour few days ago, although in my case, AXFR got delayed by few minutes, whereas usually it happens instantaneously. Maybe it was delayed for you as well ?
Problem solved! I had SOA-EDIT=EPOCH enabled against that particular domain which was causing an inconsistency between the serial in the actual SOA record and what my server was reporting as the SOA. :o
I'm having the same problem as before: zone is updated, notifies are sent but no AXFR is kicked off. I've waited an hour now. Anyone else having this problem?
Last time, it ended up being a misconfiguration with my nameserver, however I've eliminated that as the possible cause this time. I've also checked firewall and that looks good.
OK, AXFR finally happened...5hrs after the notify was sent!!?? PowerDNS logs:
Mar 04 04:40:52 1 domain for which we are master needs notifications
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to 216.218.131.2:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to 216.218.132.2:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to 216.66.1.2:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to 216.66.80.18:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to [2001:470:200::2]:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to [2001:470:300::2]:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to [2001:470:400::2]:53
Mar 04 04:40:52 Queued notification of domain 'xxxxx.com' to [2001:470:500::2]:53
Mar 04 04:40:52 Queued also-notification of domain 'xxxxx.com' to 216.218.130.2:53
Mar 04 04:40:53 Received unsuccessful notification report for 'xxxxx.com' from 216.66.1.2:53, error: Not Implemented
Mar 04 04:40:53 Removed from notification list: 'xxxxx.com' to 216.66.1.2:53Not Implemented
Mar 04 04:40:53 Removed from notification list: 'xxxxx.com' to 216.218.130.2:53 (was acknowledged)
Mar 04 04:40:53 Received unsuccessful notification report for 'xxxxx.com' from 216.218.131.2:53, error: Not Implemented
Mar 04 04:40:53 Removed from notification list: 'xxxxx.com' to 216.218.131.2:53Not Implemented
Mar 04 04:40:53 Received unsuccessful notification report for 'xxxxx.com' from 216.218.132.2:53, error: Not Implemented
Mar 04 04:40:53 Removed from notification list: 'xxxxx.com' to 216.218.132.2:53Not Implemented
Mar 04 04:40:53 Received unsuccessful notification report for 'xxxxx.com' from 216.66.80.18:53, error: Not Implemented
Mar 04 04:40:53 Removed from notification list: 'xxxxx.com' to 216.66.80.18:53Not Implemented
Mar 04 04:40:55 No master domains need notifications
Mar 04 09:34:28 AXFR of domain 'xxxxx.com' initiated by 216.218.133.2
Mar 04 09:34:28 AXFR of domain 'xxxxx.com' allowed: client IP 216.218.133.2 is in allow-axfr-ips
Mar 04 09:34:28 AXFR of domain 'xxxxx.com' to 216.218.133.2 finished
I'm guessing that coincided with the refresh interval of the SOA.
After contacting HE support, my issue is now resolved. Apparently there was a config issue on the particular ns1 my slave talks to (seems like there are several ns1's in operation and your slave contacts the nearest depending on anycast routing)