Forum Discussion
Cirrushow to monitor the axfr master response
Hi everyone.
Previously I had a zone transfer configuration between GTM (slave) and Microsoft AD (master). Recently, I have experienced problems with axfr access to the server with intermittent status, but for ixfr it is still monitored normally. I tested both using the dig tool.
related to this, does anyone have experience, how to monitor the axfr master response? such as placing the master server into a pool, and monitoring it like a health monitor.
some provide references to monitor links and external monitors, but I don't really understand.
thank you
1 Reply
tomas573Nimbostratus
Hello,
Hello! It sounds like you're dealing with a frustrating intermittent AXFR issue between your GTM (slave) and Microsoft AD (master). Let's break down the problem and explore some potential solutions for monitoring the AXFR response.
Understanding the Problem
AXFR vs. IXFR:
AXFR (Authoritative Zone Transfer) transfers the entire zone file.
IXFR (Incremental Zone Transfer) only transfers the changes since the last transfer.
The fact that IXFR works but AXFR is intermittent suggests a potential issue with the size of the zone or the reliability of the full zone transfer.
Intermittent Status: This makes troubleshooting challenging. It could be due to:
Network instability.
Resource limitations on the master server (AD).
Firewall or security appliance interference.
DNS server configuration issues.
The size of the zone file.
Monitoring Challenges: You want to monitor the AXFR response, but relying on external monitors or complex setups might be overkill.
Solutions and StrategiesScripted Monitoring with dig or nslookup
You can create a simple script that periodically runs dig axfr <your_zone> @<master_server_ip> or nslookup -query=axfr <your_zone> <master_server_ip>.
The script can analyze the output for success or failure.
You can then log the results or trigger alerts based on the outcome.
Best Regards
