1

I am running a DNS server in my local network, using bind9 on ubuntu server.

Since the last ubuntu update, lookups from other machines on that DNS server time out :

DNS request timed out. Timeout was 2 seconds.

I suspect that this might have something to do with the serial given to the DNS entry, since I had similar problems with it before.

@ IN SOA dns.advitum. root.dns.advitum. (
    1506061620   ; Serial
        604800   ; Refresh
         86400   ; Retry
       2419200   ; Expire
        604800 ) ; Negatve Cache TTL

I am no expert on bind configuration, but as I understand, the serial is used to communicate if the configuration has changed, with the biggest serial being the most recent version of the dns entry.

So my question is: How can I find out the serial of the most current dns record, so I can check that the above record with the above file is the most recent or raise the serial accordingly?

To clarify: On the dns machine itself, the lookup works as expected (advitum. is resolved to 192.168.0.2, which is the correct address). On other machines trying to look anything up on that DNS, the lookup times out.

Lars Ebert
  • 109
  • 5
  • AFAIK, the zone serial number doesn't have anything to do with client queries. Your problem is most probably not related to the zone serial number. – joeqwerty Jun 06 '15 at 16:35
  • Considering that your timestamp in your serial is _22 Sep 2017 06:27:00 GMT_ but that time has yet to pass, I would expect this to cause you some sort of problem. – Michael Hampton Jun 06 '15 at 16:37
  • 1
    The serial number applies to the entire zone, and isn't tracked on a per record basis. Your best bet is to directly query each of your nameservers and ask for the zone's `SOA` record. Compare that serial number to what is in your updated zone file. As Michael points out though, this serial number is in the future (2017), which means that any serial numbers for *2015* are going to be ignored. You will likely need to use `rndc retransfer example.com` on the slaves to force them to pull in the zone with the older serial number. – Andrew B Jun 06 '15 at 19:50
  • 1
    Thank you for your help. So the serial is only used when syncing slave servers? The problematic server is the only DNS server in the local network, so the problem is definitely not with the serial. Thanks. – Lars Ebert Jun 07 '15 at 06:09

0 Answers0