Skip to content

doth "testing incoming XoT functionality" tests fail

The doth:testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv4) test failed with timed out waiting for zone transfer. Looks like a timing issue.

dig failed to transfer the example5 zone from NS2 via AXFR (; Transfer failed); the last attempt:

09-May-2022 09:16:26.745 clientmgr @0x8024c8120 attach: 2
09-May-2022 09:16:26.745 query client=0x8031e6000 thread=0x801c14300(<unknown-query>): query_reset
09-May-2022 09:16:26.745 client @0x8031e6000 (no-peer): allocate new client
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685: TCP request
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685: using view '_default'
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685: request is not signed
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685: recursion not available
09-May-2022 09:16:26.746 query client=0x8031e6000 thread=0x801c14300(<unknown-query>): ns_query_start
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685 (example5): AXFR request
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685 (example5): zone transfer setup failed
09-May-2022 09:16:26.746 client @0x8031e6000 10.53.0.10#34685 (example5): reset client
09-May-2022 09:16:26.746 query client=0x8031e6000 thread=0x801c14300(example5/AXFR): query_reset
09-May-2022 09:16:26.747 client @0x8031e6000 10.53.0.10#34685: freeing client
09-May-2022 09:16:26.747 query client=0x8031e6000 thread=0x801c14300(<unknown-query>): query_reset
09-May-2022 09:16:26.747 clientmgr @0x8024c8120 detach: 1

This is because NS2, secondary for the example5 zone, at 9:16:26, last time dig tried to transfer the zone, didn't have the zone transfered from NS1 (primary for example5) yet:

09-May-2022 09:16:04.154 transfer of 'example5/IN' from 10.53.0.1#30853: Transfer status: end of file
09-May-2022 09:16:04.154 transfer of 'example5/IN' from 10.53.0.1#30853: Transfer completed: 0 messages, 0 records, 0 bytes, 0.009 secs (0 bytes/sec) (serial 0)
09-May-2022 09:16:04.700 transfer of 'example5/IN' from 10.53.0.1#30853: Transfer status: TLS error
09-May-2022 09:16:04.700 transfer of 'example5/IN' from 10.53.0.1#30853: Transfer completed: 1 messages, 599 records, 9926 bytes, 0.031 secs (320193 bytes/sec) (serial 1397051952)
09-May-2022 09:17:00.792 transfer of 'example5/IN' from 10.53.0.1#30853: Transfer status: success
09-May-2022 09:17:00.792 transfer of 'example5/IN' from 10.53.0.1#30853: Transfer completed: 5 messages, 2676 records, 55620 bytes, 0.151 secs (368344 bytes/sec) (serial 1397051952)

It might be safer to wait for the zone to be present on the secondary server (look for transfer of '<zone>/IN'.*Transfer status: success) than poll it via dig.

Edited by Michal Nowak
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information