[SOLVED] DNS Journal File have old, incorrect entries, causing trouble

mfoley · 04-12-2016, 09:56 AM

I have a problem with my DNS which is causing me grief. I am using BIND 9.9.8-P4 on Linux Slackware64 14.1. Rather than post a bunch of perhaps irrelevant configs and logs, I'll state the problem and you can tell me what I should post:

1) Are DNS journal files supposed to automatically get rolled into the zone files? Mine are not. They grow to tens of thousands of lines. If they are supposed to get rolled in, why would mine not be doing so? If they are not supposed to, next question ...

2) Since my journal files grow forever, I use `rndc -V sync -clean` to update the zone file. Is this command supposed to clean out the journal file completely? It does not do so for me. If it is supposed to, why wouldn't mine be getting cleared? Otherwise, next question ...

3) After running `rndc -V sync -clean` my journal files still contains entries for all the hosts in the LAN, but more importantly, it still contains hostnames and IPs that haven't been used for 6 months to over a year. Why are these still in the journal file? Some of these entries are interfering with current hosts having the same IP. Here's one example:

Code:

$ named-checkzone -Dj hprs.local /etc/samba/private/dns/hprs.local.zone
COMMON.hprs.local.                            1200 IN A         192.168.0.58
COMMON.hprs.local.                            3600 IN TXT       "31d43f065d80a9e1d8507c919ea920a677"
ubuntu.hprs.local.                            3600 IN A         192.168.0.58
ubuntu.hprs.local.                            3600 IN TXT       "00d43f065d80a9e1d8507c919ea920a677"
uCommon.hprs.local.                           3600 IN A         192.168.0.58
uCommon.hprs.local.                           3600 IN TXT       "00d43f065d80a9e1d8507c919ea920a677"

COMMON is a current workstations. The Ubuntu and uCommon hostname haven't been used for over 6 months, yet they persist in this journal file!

lazydog · 04-12-2016, 10:37 AM

1) They get rolled in once you freeze the zone file.
2) I believe the proper way of doing this would be to use the following:

Code:

rndc freeze <zone> (replacing '<zone>' with your zone
rndc thaw <zone>

3)The above should remove the journal files once they are merged.

mfoley · 04-12-2016, 10:55 AM

Ran that freeze/thaw thing. Log messages below. That did not clear out the journal file. It still has all the entries it had before freeze/thaw, including to year-old entries. I need to get these out of my DNS!Questions:

Using freeze/that, why is my journal file not getting cleared and not dropping old hosts?

Does freeze/thaw have to be run periodically? I.e. the journal entries will not get rolled into the zone file unless this is run?

Code:

Apr 12 11:46:14 mail named[1453]: received control channel command 'freeze hprs.local'
Apr 12 11:46:14 mail named[1453]: freezing zone 'hprs.local/IN': success
Apr 12 11:46:20 mail named[1453]: received control channel command 'thaw hprs.local'
Apr 12 11:46:20 mail named[1453]: thawing zone 'hprs.local/IN': success
Apr 12 11:46:21 mail named[1453]: zone hprs.local/IN: zone serial (2014124214) unchanged. zone may fail to transfer to slaves.
Apr 12 11:46:21 mail named[1453]: zone hprs.local/IN: loaded serial 2014124214

lazydog · 04-12-2016, 12:02 PM

How about giving it some time to process the journal files before you thaw the zone.

smallpond · 04-12-2016, 12:38 PM

The TXT entries look like dynamic updates. There was a bug in old versions of dhcpd that it was not removing expired dynamic entries. Make sure you are running the latest version.

mfoley · 04-12-2016, 12:42 PM

OK, I gave it 20 minutes. No change. There's only 74 entries in the journal file, so I would think 20 minutes is sufficient.

Though you haven't stated it explicitly, you do think this process should clear out the journal file, right?

lazydog · 04-12-2016, 01:58 PM

Yes, I do believe that these commands should have cleaned things up for you.Which version of bind are you running?
Also what is your directory structure for Bind?
Also could you add the listing of the directory with the journal files in it with 'ls -al'?

mfoley · 04-21-2016, 12:39 PM

Found solutions. Apparently, DNS config files need to be cleaned up periodically. Journals file will apparently grow forever. To roll changes into the main zone files, I run `rndc -V sync -clean` in a logrotate job (weekly is sufficient). That also removes the journal files.

Old hosts do not get automatically removed from the DNS (although Windows workstations seem to. Possibly because the RSAT ‘remove computer’ operation does something). Remove old host names manually with nsupdate:

Code:

$ nsupdate
> update delete RNP0026735563AB.hprs.local TXT
> update delete RNP0026735563AB.hprs.local A
>
> update delete 20.0.168.192.in-addr.arpa. PTR
> send

Note, there needs either to be a blank line before the deletion of the reverse zone PTR, or the command "send", otherwise the update fails with "update failed: REFUSED".