Syncronize SOA serial numbers explanation

Question

I made two successive mistakes while updating zone records. Once I forgot to increment the serial number, then next time I did put a digit more ie 20170210111 instead of 2017021011, and each time I reloaded config : rndc reload.

When I realised it, I switched back serial to a 10 digits number, so my zone file SOA serial is now 2017021012.

I get this now :

#  host -C domain.tld
Nameserver X.X.X.X:
        domain.tld has SOA record X.X.X.X.ovh.net. postmaster.domain.tld. 2017021010 28800 7200 1209600 3600
Nameserver Y.Y.Y.Y: 
        domain.tld has SOA record X.X.X.X.ovh.net. postmaster.domain.tld. 2017021003 28800 7200 1209600 86400

Where X.X.X.X is my primary DNS server IP and Y.Y.Y.Y secondary one.

I'm not really used to DNS configuration, and I really don't know how to resynchronize serials and permit propagation. I read already a lot of posts, I'm afraid I still don't know if I should give zone record a greater number, what happened when I reloaded with 13 digits...?

Restart your primary, verify it's showing the correct SOA. Delete the domain's zone file on the secondary, restart the secondary. It should pull from the primary again. — , Feb 10 '17 at 19:24
sorry for newbie question, which service do you suggest to restart ? And I can't delete the domain's zone on the secondary, since it is a provider IP. Tks — Kojo, Feb 10 '17 at 19:27
@Sven Not sure of the vocab. I have a server with A.A.A.A Ip, on which a website with X.X.X.X IP(the one of the zone file above), and I declared A.A.A.A and a provider server Y.Y.Y.Y as NS records — Kojo, Feb 10 '17 at 19:34

Håkan Lindqvist · Accepted Answer · 2017-02-10T19:36:48.123

3

Since 20170210111 is outside the range of a 32 bit integer, presumably the zone failed to load with the impossible to represent SOA record (check your logs).

First of all, verify (using eg dig @master example.com SOA +norec) that the master is now responding properly and with the current serial (2017021012). If not, rndc reload triggers a reload.

When the master works properly, the slaves should update on their next refresh (based on the SOA REFRESH interval). Also, assuming that the slaves are notify-aware and with proper configuration, you should be able to trigger an immediate refresh using rndc notify example.com, as well as automatically when loading a new version of the zone.

If this doesn't work I would think that your problem is something beyond having had an unloadable zone for a while.

edited Feb 10 '17 at 19:36

answered Feb 10 '17 at 19:35

Håkan Lindqvist

33,741
5
65
90

I'm sorry I'm so confused. @master beeing the primary DNS IP or the server IP ? – Kojo Feb 10 '17 at 19:39
@Kojo The IP of the server with the master zone. (eg `@192.0.2.1`) – Håkan Lindqvist Feb 10 '17 at 19:41
tks I did both and both return an old record despite a couple of reloads – Kojo Feb 10 '17 at 19:42
@Kojo What do the logs say? What does `named-checkconf -zj` say? – Håkan Lindqvist Feb 10 '17 at 19:44
a couple of syntax errors :( I may correct and try again – Kojo Feb 10 '17 at 19:45
Ok I learned today :) . `named-checkconf -zj` did the trick. I didn't know how to test config before ! Now `dig @master example.com SOA +norec` returns updated serial. Thank you so much for your patience. – Kojo Feb 10 '17 at 19:51

Syncronize SOA serial numbers explanation

1 Answers1