[nsd-users] NSD doing 3 IXFR queries in rapid succession

Anand Buddhdev anandb at ripe.net
Sun Dec 20 13:15:48 CET 2015


Hello NSD users and developers,

I was just looking at some BIND logs on one of our servers. It feeds a
downstream NSD 4.1.7 slave. In the BIND logs, I often see this:

20-Dec-2015 11:50:45.011 xfer-out: client 10.64.0.12#47701/key
main.ripe.net (132.72.185.in-addr.arpa): transfer of
'132.72.185.in-addr.arpa/IN': IXFR ended
20-Dec-2015 11:50:45.078 xfer-out: client 10.64.0.12#47704/key
main.ripe.net (132.72.185.in-addr.arpa): transfer of
'132.72.185.in-addr.arpa/IN': IXFR ended
20-Dec-2015 11:50:45.146 xfer-out: client 10.64.0.12#47707/key
main.ripe.net (132.72.185.in-addr.arpa): transfer of
'132.72.185.in-addr.arpa/IN': IXFR ended

Notice that NSD appears to be doing 3 IXFR queries for the same zone in
rapid succession.

I captured some packets using tcpdump, and then put them through PacketQ
with the filter:

select src_addr,src_port,qname,qtype,rcode,aname,atype from dns

The results corresponding to the above log is:

["10.64.0.12",47701,"132.72.185.in-addr.arpa.",251,0,"",0],
["93.175.159.250",53,"132.72.185.in-addr.arpa.",251,0,"132.72.185.in-addr.arpa.",6],
["10.64.0.12",47704,"132.72.185.in-addr.arpa.",251,0,"",0],
["93.175.159.250",53,"132.72.185.in-addr.arpa.",251,0,"132.72.185.in-addr.arpa.",6],
["10.64.0.12",47707,"132.72.185.in-addr.arpa.",251,0,"",0],
["93.175.159.250",53,"132.72.185.in-addr.arpa.",251,0,"132.72.185.in-addr.arpa.",6]

The packet capture also shows shows the same thing: 3 IXFR queries in
rapid succession, with the same responses.

Does anyone have any idea why NSD is doing 3 queries per zone like this?

Regards,
Anand


More information about the nsd-users mailing list