• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Slow slave updates?

Started by mcfly9, March 11, 2022, 02:42:51 AM

Previous topic - Next topic

mcfly9

I am seeing very varying delay between my master notifying and the slaves updating:


08-Mar-2022 00:12:54.641 zone halasz.eu/IN: sending notifies (serial 2022030427)
08-Mar-2022 01:24:45.256 client @0x7ff25662fd70 <masterIP>#48501 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR started (serial 2022030427)
08-Mar-2022 01:24:45.256 client @0x7ff25662fd70 <masterIP>#48501 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR ended: 1 messages, 53 records, 3813 bytes, 0.001 secs (3813000 bytes/sec) (serial 2022030427)

...

10-Mar-2022 21:15:39.044 zone halasz.eu/IN: sending notifies (serial 2022030431)
10-Mar-2022 23:31:32.781 client @0x7f5ddd013f70 <masterIP>#56396 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR started (serial 2022030431)
10-Mar-2022 23:31:32.781 client @0x7f5ddd013f70 <masterIP>#56396 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR ended: 1 messages, 53 records, 3813 bytes, 0.001 secs (3813000 bytes/sec) (serial 2022030431)


Is it common to see 1-2h between notify and transfer? Some times I am even seeing no transfer at all after a notify...
I wanted to implement a hidden master config with my firewall updating a record once every week or so in the master, then expecting a transfer, but this delay is way too much for my usecase.

passport123

#1
I have a script that updates my hidden primary DNS server with the new resource records, then submits a job to run 10 minutes later to check if the update has made it to the HE DNS secondary servers via the notify/transfer.  If the transfer has not occurred within that 10 minutes, I get an email.

I typically perform two or three such transfers each day (more when DNSSEC keys expire).

For months the transfer/notify process has been working within that 10 minute window, no emails received.

One note, when I was setting this up, I noticed that if I made too many notify/transfer requests within a short period of time, that triggered some manner of protection on the HE side.  So I slowed the notify/transfer requests down to a maximum of one every five minutes.  Since I did that, I've had no issues.





mcfly9

Quote from: passport123 on March 11, 2022, 07:34:43 AM
I typically perform two or three such transfers each day (more when DNSSEC keys expire).

Interesting.

Queried my logs, and am not seeing too many notifies.


30-Mar-2022 07:50:03.463 zone <mydomain>.eu/IN: sending notifies (serial 2022030446)
30-Mar-2022 10:24:18.068 client @0x7ff321639768 52.174.162.3#45148 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR started (serial 2022030446)
30-Mar-2022 10:24:18.068 client @0x7ff321639768 52.174.162.3#45148 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': starting maxtime timer 7200000 ms
30-Mar-2022 10:24:18.068 client @0x7ff321639768 52.174.162.3#45148 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR ended: 1 messages, 53 records, 3813 bytes, 0.001 secs (3813000 bytes/sec) (serial 2022030446)
31-Mar-2022 20:15:28.727 zone <mydomain>.eu/IN: sending notifies (serial 2022030447)
31-Mar-2022 22:43:58.571 client @0x7ff321033d68 52.174.162.3#48081 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR started (serial 2022030447)
31-Mar-2022 22:43:58.571 client @0x7ff321033d68 52.174.162.3#48081 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': starting maxtime timer 7200000 ms
31-Mar-2022 22:43:58.571 client @0x7ff321033d68 52.174.162.3#48081 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR ended: 1 messages, 53 records, 3813 bytes, 0.003 secs (1271000 bytes/sec) (serial 2022030447)
02-Apr-2022 00:23:21.616 zone <mydomain>.eu/IN: sending notifies (serial 2022030448)
02-Apr-2022 12:01:00.657 client @0x7ff321032f68 52.174.162.3#43855 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR started (serial 2022030448)
02-Apr-2022 12:01:00.657 client @0x7ff321032f68 52.174.162.3#43855 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': starting maxtime timer 7200000 ms
02-Apr-2022 12:01:00.657 client @0x7ff321032f68 52.174.162.3#43855 (<mydomain>.eu): transfer of '<mydomain>.eu/IN': AXFR ended: 1 messages, 53 records, 3813 bytes, 0.001 secs (3813000 bytes/sec) (serial 2022030448)


30th March -> 2.5h (no notifies before this for 2 days)
31st March -> 2.5h
2nd April -> 11.5h

Definitely not within the 10 minutes you mention.

Is this an expected behavior? Am I doing something wrong? If this is the expected behavior, I will need to revise my usecase, looks like he.net dns is not serving my purpose.

tomkep

Shouldn't you also check for IXFRs? Did you enable them?