Zone transfer after 'Refresh' time Interval
Every
SOA record (for a valid zone) will have 'REFRESH' TTL value. Let us consider
the zone ‘abc.com’. The SOA record would look something as shown below:
The
REFRESH TTL value indicates how frequently the secondary DNS Server should
query the Primary DNS server to find if zone data is current or not. In the
above example we have defined the refresh value as 3 hours. So, the secondary
server would do a SOA query to its Primary DNS server every 3 hours and see if
the zone data copy that it holds is the current or not. It confirms this by
looking at the serial number of the SOA record.
Note:
Each time the zone gets modified; the serial number of the zone gets updated.
If
it finds that the serial number of the SOA response that the secondary got with
what it has is different; then the Secondary server; initiates IXFR/AXFR.
Pre-conditions for Zone transfer:
1.
Recursion should be enabled for the Secondary server.
2.
The Secondary server should be able to resolve the ‘MNAME’ that
it gets from the SOA record
Now
let’s look at Zone transfer process.
The
zone transfer is a 5-step process. Below is a Work-Flow:
We
will go through the complete process step- by step.
Step 1: When there is a change in serial number of the zone
Primary
DNS Server sends NOTIFY Message to its known Secondary DNS Server.
This
occurs mainly when:
-
Manually Incrementing the Serial Number of a zone.
-
Change zone data on Primary via Dynamic Update, addition, modification of
record etc.
When
the Serial Number changes, the Primary DNS Server will send a NOTIFY message to
all its Secondary DNS Servers. This NOTIFY message acts as a mechanism to
inform the Secondary that there is a change in zone data on the Primary DNS
Server.
NOTIFY
messages are also initiated when the named process is restarted on the Primary
DNS Server.
Below
traffic capture shows the notification sent by Primary to Secondary server:
As
soon as the secondary server gets the NOTIFY; the action from the Secondary
server would be to initiate an SOA query to the Primary DNS
Server.
Step 2: Secondary server sends an SOA Query
The
secondary is looking for the serial number difference.
Step 3: Primary Sends an SOA Response
The
secondary DNS Server compares the Serial Number in this SOA response from the Primary
with its own database and if there is a change in the Serial Number value, the Secondary
server will send an IXFR/AXFR query to the Primary requesting for a Zone
Transfer.
Note:
The request could be IXFR (small increments) or AXFR (large chucks of data)
Step 4: Secondary server Initiates IXFR/AXFR REQUEST
The
Secondary identifies that the serial number is different from what it has in
its database and it initiates an IXFR/AXFR request to its Primary DNS server.
Step 5: Primary sends the latest data to the Secondary.
As
the last step; the Primary sends its latest data to the secondary.
Note: In many documentation and articles; you
may find Primary Server referred as Master and Secondary referred as Slave.
No comments:
Post a Comment