Bind 9.2.4 slaving problem [bind 9.2.1 and bind 8.3.3]

Bind 9.2.4 slaving problem [bind 9.2.1 and bind 8.3.3]

Post by Jeff War » Wed, 05 Oct 2005 02:42:06


Greetings.

I have a master name server running BIND 9.2.1 [Debian Woody - server not available on the
Internet] and a slave server running bind 9.2.4 [Debian Sarge - not currently
available on the Internet] and two others running bind 8.3.3 [Debian Woody - on the
Internet].

The 9.2.1 is a master for all the others to slave from. I have an entry in a zone
defined on the master as the following:

When I issue the following command:
#> host -t nx spamhaus-datafeed.example.com 127.0.0.1
on the master server OR the BIND 8.3.3 servers I get an answer pointing me in the
right direction. On the Sarge 9.2.4 however I get a:
"Host spamhaus-datafeed.example.com not found: 2(SERVFAIL)"
error.

I can see the records in the local db file on all machines. The 8.3.3 machines are a
little more verbose in that they list the TTL for each record, the 'IN' record
qualifier and a fully qualified hostname at the end of the record [ex.
local-rbl-a.example.com.]. The 9.2.4 machine simply lists a record without the TTL,
without the 'IN' qualifier, and without the $ORIGIN on the hostname at the end of
the record [ex. local-rbl-a].

I have looked through the DNS and BIND book from O'Reilly but it has not led me to
anything helpful. The closest I've come to finding something referring to this
issue is the 'Top 9 gotchas' for Bind 9. The sixth gotcha refers to the following:

I am only listing NS records in the 'example.com' domain and no others so this
doesn't really seem to apply.

Thanks in advance for any help you can provide.

Jeff Wark
TBayTel Internet
 
 
 

Bind 9.2.4 slaving problem [bind 9.2.1 and bind 8.3.3]

Post by Kevin Darc » Thu, 06 Oct 2005 07:23:31


I think you're getting hung up on irrelevant details of the zonefile
format, and missing the fact that your NS query is getting a SERVFAIL
from local-rbl-a.example.com and/or local-rbl-b.example.com, *not* from
the example.com nameserver. If you do a non-recursive query (-r in
"host") from the example.com nameserver, I expect you'll see the
delegation records just fine. And if you point your query at
local-rbl-a.example.com and/or local-rbl-b.example.com, I expect you'll
see them answer with SERVFAIL. Your nameserver is just passing that
SERVFAIL through.

BIND 8 handled zone cuts a little differently (with less integrity between zones), so it "covers up" the problem. BIND 9 exposes it to you.

- Kevin