Resetting Your Zones Serial Number

Resetting Your Zone s Serial Number

2.15.1 Problem

You need to reset your serial number to some low value, possibly because you inadvertently added a digit to it.

2.15.2 Solution

If you've accidentally incremented your serial number to a value larger than 232 - 1 (4,294,967,295), first find out what your current serial number is -- because it probably isn't what you think it is (the serial number is only 32 bits large). The easiest way to do this is to use a query tool, such as dig, to look up your zone's SOA record:

$ dig soa foo.example ; <<>> DiG 9.2.1 <<>> soa foo.example ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4335 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;foo.example. IN SOA ;; ANSWER SECTION: foo.example. 86400 IN SOA ns1.foo.example. hostmaster.foo. example. 2002021239 3600 900 2592000 3600

If the current serial number is less than 2,147,483,647, add 2,147,483,647 to the serial number. Wait for all of your zone's slave name servers to pick up the new version of the zone (if you're using NOTIFY, that shouldn't take long). Then set the serial number to your target.

If the current serial number is larger than 2,147,483,647, just set the serial number to the number you want.

2.15.3 Discussion

Whahuh? Why on Earth does this work?

Name servers compare serial numbers using sequence space arithmetic, which ain't your grandpa's 'rithmetic. In sequence space arithmetic, you have a finite set of integers, but each number has a "next" number. After 0 comes 1, then 2, all the way to 4,294,967,295 (232 - 1). The next number after 4,294,967,295 is 0. Think of it like a clock: The hour after 1:00 is 2:00, and the hour after 12:00 is 1:00.

Half of the numbers are larger than any given number, and the other half are smaller. With a set of 232 possible serial numbers, half (231 - 1, actually) are larger than any given serial number, and half are smaller.

Consider the serial number 1,000,000,000. The next 231 - 1 serial numbers, 1,000,000,001 through 3,147,483,647, are larger. The 231 - 1 serial numbers after that, 3,147,483,648 through 4,294,967,295 (232 - 1) and 0 to 999,999,999, are smaller. Yes, Alice, in the world of serial numbers, 3,147,483,648 is smaller than 1,000,000,000.

So when you add 2,147,483,647 (231 - 1) to a serial number, you're actually adding the largest increment possible -- add a larger number and the result will actually be smaller than the old serial number, and your zone's slaves won't transfer the zone.

Once all the slaves have the new zone, you can simply set the serial number to the serial number you want, which is now considered larger than the current serial number.

If you're not comfortable with this New Math, try out the script reset_serial.pl, included in the tar file that accompanies this book (see the Preface for where to get it). reset_serial.pl takes as arguments your current serial number and the serial number you want to get to, and tells you how to get there.

There's also a brute force method for resetting your serial number: set the serial number to your target in the zone data file. Then delete your zone's backup data files on all of your slaves and restart named. Your slave name servers won't have any choice but to transfer the zone, regardless of its serial number.

This won't work if you don't have administrative control of all of your slaves, of course, and it has all the elegance of using a flat-head screwdriver as a chisel.

2.15.4 See Also

"Starting Over with a New Serial Number" in Chapter 7 of DNS and BIND, and RFC 1982 for an explanation of serial number arithmetic.

Категории