2

I'm running a BIND 9.10.2 port on FreeBSD 10 in a jailed configuration, and I'm having a problem that rndc reload does not pick up any (primary master) zone file changes, even though the SOA serial is properly incremented.

The command itself seems to succeed:

#rndc reload
server reload successful

In the logs I see:

May  9 16:03:47 y named[81516]: all zones loaded
May  9 16:03:47 y named[81516]: running

And yet only a restart of named picks up the zone updates.

rndc zonestatus my_zone.com prints the old serial. So BIND is somehow failing to re-read the zone file.

How can I debug this?

rustyx
  • 1,676
  • 3
  • 21
  • 30

1 Answers1

4

If this is indeed a dynamically updated zone (allow-update / update-policy specified), it is not safe to edit the zone file directly!

In such a setup it is BIND that maintains the zone file; buffering changes in the journal file (.jnl) and rewriting the zone file itself periodically.

All changes to the zone data are expected to happen through the dynamic update protocol and managed by BIND, not through direct changes to the zone file. Changing the zone file anyway will cause inconsistent behavior as the zone file contents will be out of sync with the journal contents and the state of named.

In short, normally you make all changes to such a zone using dynamic updates (using eg nsupdate or any other client) but if you for some reason absolutely must have direct control over the zone file you can temporarily suspend dynamic updates using rndc freeze and then resume using rndc thaw). Suspending updates is a rather intrusive operation (any updates will fail and change history may be wiped depending on ixfr-from-differences), so you should probably not do that during normal operation.

Håkan Lindqvist
  • 35,011
  • 5
  • 69
  • 94