rndc reload <zone> doesn't send notify

2 msg	Refreshing delay
3 msg	caching only DNS server
2 msg	aix 9.4.0 and link-local acl's
3 msg	Cache Entries
4 msg	Bind Domain Expiration Problem
8 msg	How to do DNS round robin with different weight
6 msg	Configuring TSIG keys and ACL's on slave server
3 msg	dig returns list of root name servers for certa...
1 msg	Producing a Reverse in-addr.arpa zone file
1 msg	logging channels problem with FreeBSD
6 msg	No Response to DNSSEC Requests
1 msg	BIND Load Problem
6 msg	Can Bind forward requests from within an author...
3 msg	libreoslv API quesiton: Using RES_SECV and RES_...
9 msg	Local resolution of some parent domain hosts
5 msg	'RRset exists (value dependent)' prerequisite n...
4 msg	Determine the IP addresses querying my DNS

rndc reload <zone> doesn't send notify
\ Feargal Reilly (12 Apr 2007)
. \ Wael Shahin (12 Apr 2007)
. . \ Feargal Reilly (12 Apr 2007)
. \ Ronan Flood (13 Apr 2007)

3 msg	TTL from SOA is smaller than TTL from local DNS!
4 msg	reverse lookup returning 'localhost'

Subject:	rndc reload <zone> doesn't send notify
Group:	Bind-users
From:	Feargal Reilly
Date:	12 Apr 2007

Hi,
This is probably a very stupid problem, but I'm too stupid to
recognise it...

I've been having problems getting notify messages passed from a
master to a slave.

I have two nameservers, a master called ns1.example.com, and a
slave, ns2.example.com. Everything had worked fine, when I
updated a zone on ns1, rndc relad on the zone would notify ns2,
and it would successfully transfer the updated zone.

Today I moved ns1 on to a new host, by copying all the config
files to the new host, stopping the old host from listening on
that IP, and starting it on the new host. It appeared to work
fine, and is happily responding to queries.

However, I'm having a problem getting it to send notifies to ns2
when a zone is updated.

The old ns1 ran BIND 9.3.0, the new one is running 9.3.4

If I increment the serial for a zone and run "rndc reload
domain.example" the notify does not appear to get sent to ns2 -
certainly nothing shows up under notify or xfers on ns2.

On ns1, the following gets logged in the notify category:

12-Apr-2007 11:31:14.881 info: zone domain.example/IN: sending
notifies (serial 2007041214)

12-Apr-2007 12:18:23.360 debug 3: zone domain.example/IN:
sending notify to 10.0.115.27#53

12-Apr-2007 12:18:23.360 debug 2: zone domain.example/IN: notify
to 10.0.115.27#53 failed : operation canceled

When I proceed to restart named on ns2, it transfers the
domain.example zones correctly, so it doesn't appear to be a
problem with the transfer - it doesn't get that far.

Possible causes I've thought of and discounted are:

1) Serial not being incremented - Nope, I'm doing that.

2) Firewall - Don't think this is an issue, I've opened up all
tcp and udp traffic between the two hosts and can run:

ns1> dig @ns2.example.com domain.example soa
ns1> telnet ns2.example.com 53

ns2> dig @ns1.example.com domain.example soa
ns2> telnet ns1.example.com 53

3) Time syncronization - both servers run ntpd and show the same
time, and I can't find any relevant messages in the logs.

4) TSIG Key changes - I haven't changed the config at all, and I
can't find anything in the logs related to this.

5) IP changes - again, there shouldn't be any, as I did not have
to change any IP addresses for the move, just change which host
listened on the IP for ns1. ns2 isn't even on the same network,
and I use notify-source and transfer-source in my confif so it
really shouldn't have noticed any difference at all.

I've looked over CHANGES and can't see anything, the 'operation
canceled' message is defined as ISC_R_CANCELED, but there's
about 60 instances of it being used, and I can't see where it's
being triggered here.

Any suggestions?

Thanks,
-fr.

--
Feargal Reilly, Chief Techie, FBI.
PGP Key: 0xBD252C01 (expires: 2006-11-30)
Web: http://www.fbi.ie/ | Tel: +353.14988588 | Fax: +353.14988489
Communications House, 11 Sallymount Avenue, Ranelagh, Dublin 6.