Forum Discussion
HosseinAmery
Nimbostratus
NimbostratusDNS Express Off-Box IXFR Takes About 20 Seconds
Hello. I have 2 BIG IP boxes in a HA cluster running (BIG-IP 17.0.0.2 Build 0.0.2 Point Release 2). I've set up DNS Express for an off-box BIND server. AXFR works great, but upon making a change in ...
Hi HosseinAmery ,
I havn't measure the time exactily for the IXFR but I noticed yes it took some time to replicate the changes in Bind to bigip DNS express zones.
But I will recommend somthing else.
Make sure that you added this also-notify statement in the BIND (master) configuration file beside allow-transfer statement as well.
here this BIND standard configuration statements : https://www.zytrax.com/books/dns/ch7/xfer.html#also-notify
have a look on :
- allow-notify
- allow-transfer
- allow-update
- also-notify
- notify
Try and check those and measure the delta time for the IXFR to be done.
use dnsxdump on bash to see the changes or you can take a pcap to capture those changes and see the negotiation between bigip and BIND because the incremental zone transfer depends on changes in SOA records between off-BOX BIND and bigip and what the time needed for these negotiations after the change of SOA record value to re-calculate the Delta for these changes on zones and create the IXFR to update BIGIP.
So somehow I see this process still need sometime , the most important thing is how to configure your BIND correctly to follow the standard way for Zones transfer.
Note:
Be careful when using dnsxdump command , because if you have much zones and records your bigip may crash.
I see using tcpdump to capture it and see the IXFR and it's relivant negotiations for zone transfers will give you the optimal visibility and how to calculate the time difference and delay.
Hope this helps you.