Description
When a secondary zone attempts IXFR, SecondaryZone.cs correctly falls back to AXFR if the primary responds with RCODE=NotImplemented or RCODE=Refused. However, if the IXFR request fails at the transport layer (e.g. QuicException: Connection timed out waiting for a response from the peer), the exception propagates directly to the outer catch block and the refresh is marked as completely failed — no AXFR fallback is attempted.
Reproduction:
- Primary zone is DNSSEC-signed and has a large SOA expire (e.g. 604800s = 7 days)
- Zone receives frequent DHCP-driven updates — DNSSEC auto-signing causes serial to increment rapidly, building a large IXFR history
- Secondary falls significantly behind (200+ serial versions) after a transient network event
- Secondary attempts IXFR — primary must build and stream a large diff; the QUIC stream times out before completing
- Secondary logs
DNS Server failed to refresh and does not retry with AXFR
- Manual resync (which forces AXFR via
_resync = true) succeeds immediately
Expected: A transport-level failure during IXFR should fall back to AXFR, consistent with the existing fallback for RCODE errors.
Description
When a secondary zone attempts IXFR,
SecondaryZone.cscorrectly falls back to AXFR if the primary responds withRCODE=NotImplementedorRCODE=Refused. However, if the IXFR request fails at the transport layer (e.g.QuicException: Connection timed out waiting for a response from the peer), the exception propagates directly to the outer catch block and the refresh is marked as completely failed — no AXFR fallback is attempted.Reproduction:
DNS Server failed to refreshand does not retry with AXFR_resync = true) succeeds immediatelyExpected: A transport-level failure during IXFR should fall back to AXFR, consistent with the existing fallback for RCODE errors.