Resetting BIND serial number
1. Take the serial number you would like to
use and add 2,147,483,647.
2. If the result is over 4,294,967,295, subtract
4,294,967,296. Otherwise, use the value from step 1.
3. Set the serial number on the master server
to this value.
4. Send BIND a SIGHUP on the master server.
5. Verify that all slaves have transferred the
new serial number.
dig @slave_name_server DNS_zone soa
6. Change the serial number on the master server
to the value you would like to use.
7. Send BIND a SIGHUP on the master server.
One of our administrators inadvertenly added an extra digit to the serial number in one of our DNS zones. He meant to use "2002111801" as the serial number, but instead used "20021114801." This number is actually not a valid serial number, as serial numbers can only be 32-bit unsigned integers with a maximum value of 4,294,967,295. BIND stores the inadvertent serial number as 2841245617 to comply with the 32-bit limitation.
The first thing I'll check is to see if our slaves have the updated SOA record.
dig DNS_zone ns
For each of the DNS name server (NS) records returned, perform an SOA record query to see the zone's serial number.
dig @name_server DNS_zone soa
I can see that the slave servers have performed a zone transfer with the new (incorrect) serial number. The new value I want to use is 2002111802. The old value we are using is 2841245617. To get the new value, we take the old value and add 2,147,483,647.
2841245617 + 2147483647 = 4988729264
If the result is over 4,294,967,295 (the largest 32-bit value), you subtract 4,294,967,296. Otherwise, use the value in the addition step above.
4988729264 - 4294967296 = 693761968
Set the serial number on the master server to this value (693761968) and send the named process a SIGHUP. BIND will send a DNS NOTIFY message to the slaves, informing them that the master zone data has changed. The slaves will then compare the master's serial number against their own copy of the zone data, and will perform a zone transfer.
Once the slaves complete the zone transfer of the new serial number (verify with dig @slave_name_server DNS_zone soa), change the serial number on the master and send a SIGHUP.
The slaves will perform a zone transfer using the correct serial number (2002111802).
Note: if you administer all the slave servers, you could remove the zone data from the slave servers, update the master's serial number, and send the master server's named process a SIGHUP.
For more information, see pages 152-153 of O'Reilly's DNS and BIND 4th Edition.
Back to brandonhutchinson.com.
Last modified: 03/04/2003