0

I run BIND on OPNsense as the slave server for an internal DNS zone.

I notice that, if the master for that zone goes down, the slave will stop answering request for that zone (responding with SRVFAIL) after the first failed update attempt.

The design reason behind that is probably to avoid giving out stale data from the slave if the master cannot be reached. (After all, the master may still be fine and it is just the network connection from the slave that has failed.) However, this is bad news for resilience if the master server is down and cannot be brought up in time.

Is there a setting to tell BIND to always serve the last known information for a slave zone, regardless of how long the master server has been unreachable, even at the risk of returning stale data?

If so, is that somehow accessible from the OPNsense web GUI (i.e. no unsupported poking under the hood)?

user149408
  • 1,010
  • 3
  • 15
  • 31

1 Answers1

1

There is no global BIND option for this1. Rather, the 6th field of your SOA record tells secondary servers how long they're allowed to serve a stale zone replica after failing to update it.

@       SOA     <mserver> <rperson> <serial> <refresh> <retry> <expire> <minttl>

It sounds like your zone's expiry time is set to the same value as the refresh interval – you'll want to increase it to 1w or so (e.g. SOA ns1 hostmaster 1897 4h 1h 1w 30m).

1 The global option you might find in more recent BIND versions is for recursive resolvers serving data from cache, not for authoritative servers.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • That sounds a lot like what I am looking for, however... the slave server rebooted on Aug 17 and logged messages about the zones being expired. Expiry time is `3542400`, i.e. 41 days, and the primary server failed around July 20–21. So we should still be within that time frame. I’ll have to do some more tests once I am done rebuilding the primary server, but I suspect the slave stops resolving addresses well before it expires. Any other settings in BIND that would cause this behavior? – user149408 Aug 21 '22 at 16:59
  • Just checked again after rebuilding the master server and saw it has its expiration time set to `1209600`, i.e. 14 days. They would have been over on August 17. Not sure where I got the expiry time for the slave server from – I have updated the software since, and the current version does not report that value for slave zones. Maybe that was indeed a bug on OPNsense which has since been (sort of) fixed. – user149408 Sep 28 '22 at 09:04