[dns-operations] BIND, Knot and NSD behaviour when serial number goes backwards

Klaus Darilion klaus.mailinglists at pernau.at
Thu Feb 23 12:58:34 UTC 2017

Am 20.02.2017 um 22:06 schrieb Mark Andrews:
> In message <CAM1xaJ9pA01Z+DOcuUeB-DvFd8iX50xJ1Je7VnxZuCAYGM83Sg at mail.gmail.com>
> , =?UTF-8?B?SmFuIFbEjWVsw6Fr?= writes:
>> Hello Anand.
>> There is a difference because Knot DNS is an optimist, BIND is a
>> pragmatist, and NSD is a pessimist. ;-)
>> I was aware of the difference in behaviour between BIND and Knot DNS.
>> But I had no idea what NSD does in this particular case. I remember
>> talking to you when I was refactoring refresh scheduling in Knot DNS
>> few months ago. And your suggesting was to treat the older serial as a
>> successful refresh because there could be a load balancer in front of
>> the master. But I understand that this may not be desired in all
>> situations, for instance in the one you have encountered.
>> I wonder what people on this list think about receiving an older
>> serial in SOA. Is that a successful refresh or a failed one? I haven't
>> found the answer in RFCs, I think it's a bit underspecified.
> You can only have a successful refresh if the serial match.  That
> should be obvious.  You are not up-to-date if the serial does not
> match.

What if the slave has configured multiple masters? And one master has a
lower serial, and one has the same serial. I would consider this as a
scenario where one of the masters has a stale zone, but the refresh

Anyways, it should not never happen that the slave alternatingly
transfers the zone from the both slaves.


More information about the dns-operations mailing list