Bind4 master with Bind9 slave ?

Jim Reid jim at rfc1035.com
Wed Nov 29 16:40:37 UTC 2000 

>>>>> "Niko" == Niko K Lindqvist <nlindqvi at NOSPAM_cs.Helsinki.FI> writes:

    Niko> Hi!  Is it possible to have Bind 9 slaves with Bind4 master?

Of course. The zone transfer protocol hasn't changed. Why would the
wire protocol change because a new version of software was released?
Having said that, BIND4 servers allowed all sorts of illegalities that
a BIND9 server will refuse, like having an RR as a CNAME and some
other record type. You might find you'll need to clean up your zone
files and get rid of those errors before the zone can be successfully
transferred to a BIND9 server. BTW you should be deeply ashamed of
still running BIND4: that software has been dead for at least 2 years.

    Niko> The problem is TTL definition required by Bind9.  Bind4
    Niko> server doesn't like that definition, and Bind9 doesn't run
    Niko> without it...

This only matters to the master zone files on a BIND9 server. Recent
versions of BIND8 will whine about missing $TTL directives in master
zone files too. Remember that a zone transfer copies the *contents* of
the zone, not the original zone file. So when a BIND9 server transfers
a zone and writes it out to disk, the file will be in a format that
can be loaded OK by an up to date name server. ie. The BIND9 server
will put an appropriate $TTL directive at the top of the zone file
when it is written to disk.

    Niko> I was wondering if there is somekind of option in named.conf
    Niko> where you could define default TTL for those zones which do
    Niko> not have TTL defined?

No. The right thing to do is fix the zone files that don't have a $TTL
directive. This only has to be done on the master name server for the
zone, not the zone's slave servers. RFC2308 which proposed the $TTL
directive came out in March 1998, so people have had nearly two years
to fix their zone files and upgrade to name servers that did negative
caching properly.

    Niko> The updgrade of the Bind4 server is the last choice. Guess I
    Niko> have to settle for Bind 8.1.2 for slaves..

BIND8.1.2 has known security holes. You should always use the latest
version of BIND8 or BIND9. For more details, see
	http://www.isc.org/products/BIND/bind-security.html

PS: Please don't put silly NOSPAM strings in your email address. It
doesn't stop the spammers. Visit http://mail-abuse.org to find out how
to combat spam. Providing a nonsense email address in postings to a
mailing list is evil and anti-social. It annoys and inconveniences the
list moderator (if there is one) and anyone who tries to reply to you.

More information about the bind-users mailing list