Skip to content

rndc retransfer issues misleading diagnostic on primary zone

Summary

The rndc command has a subcommand retransfer which retransfers a single zone without checking serial number. When used on a primary zone on a primary server, the command issues the following diagnostic:

% rndc retransfer inline.zone12.dane.onl
rndc: 'retransfer' failed: not found

However, if the zone doesn't exist at all, rndc emits this clearer message:

% rndc retransfer yyy
rndc: 'retransfer' failed: not found
no matching zone 'yyy' in any view

BIND version used

BIND 9.16.9 (Stable Release) <id:b3f41b7>
running on Linux x86_64 4.18.0-193.6.3.el8_2.x86_64 #1 SMP Wed Jun 10 11:09:32 UTC 2020
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/scls/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/scls/isc-bind' '--sharedstatedir=/var/opt/isc/scls/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libtool' '--with-libxml2' '--without-lmdb' '--with-python' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -L/opt/isc/isc-bind/root/usr/lib64' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.16.9/sphinx/bin/sphinx-build'
compiled by GCC 8.3.1 20191121 (Red Hat 8.3.1-5)
compiled with OpenSSL version: OpenSSL 1.1.1c FIPS  28 May 2019
linked to OpenSSL version: OpenSSL 1.1.1c FIPS  28 May 2019
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled

default paths:
  named configuration:  /etc/opt/isc/scls/isc-bind/named.conf
  rndc configuration:   /etc/opt/isc/scls/isc-bind/rndc.conf
  DNSSEC root key:      /etc/opt/isc/scls/isc-bind/bind.keys
  nsupdate session key: /var/opt/isc/scls/isc-bind/run/named/session.key
  named PID file:       /var/opt/isc/scls/isc-bind/run/named/named.pid
  named lock file:      /var/opt/isc/scls/isc-bind/run/named/named.lock

Steps to reproduce

  1. configure a primary zone, say, example
  2. issue rndc retransfer example

What is the current bug behavior?

Diagnostic as shown above

What is the expected correct behavior?

What I would like to see is rndc telling me that the zone is a primary zone and cannot be retransferred.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information