Unexplainable Problem with Upgrade 8.2.3-REL to 9.1.2

James A Griffin agriffin at cpcug.org
Thu Jun 14 21:30:44 UTC 2001


Kevin Darcy wrote:
> 
> Are you a slave for aps.anl.gov? BIND 8 used to "mix glue" between parent
> and child zones, on zone transfers. My guess is that the delegations from
> aps.anl.gov to ser.aps.anl.gov are wrong, but you never noticed it before
> because there was enough glue from the child zone for your nameserver(s)
> to use. BIND 9, on the other hand, enforces strict zone-cut separation,
> so immediately after the upgrade you were seeing the "raw", incorrect
> delegation information in the zone transfer. Now you've covered up that
> problem by making yourself authoritative for the child zone. But the
> delegations should be fixed.
> 
> BTW, if this is the externally-visible ser.aps.anl.gov you're talking
> about, it definitely has delegation problems. nsx.lbl.gov is answering
> non-authoritatively for ser.aps.anl.gov and ns2.es.net returns NXDOMAIN!
> 
> - Kevin
> 
[snip]

Barry, here is some detail on Kevin's observation about delegation
problems.  I'll send you the full log if you want.  You can get a copy
of 'doc' from ftp://ftp.shub-internet.org/brad/dns/

Jim

Doc-2.2.2: doc -v ser.aps.anl.gov.
Doc-2.2.2: Starting test of ser.aps.anl.gov.   parent is aps.anl.gov.
Doc-2.2.2: Test date - Thu Jun 14 17:23:35 EDT 2001
soa @dns1.anl.gov. for aps.anl.gov. has serial: 3106240
soa @dns2.anl.gov. for aps.anl.gov. has serial: 3106240
soa @ns2.es.net. for aps.anl.gov. has serial: 3106240
soa @nsx.lbl.gov. for aps.anl.gov. has serial: 3106240
soa @oxygen.aps.anl.gov. for aps.anl.gov. has serial: 3106241
WARNING: Found 2 unique SOA serial #'s for aps.anl.gov.
Found 5 NS and 5 glue records for ser.aps.anl.gov. @dns1.anl.gov. (AUTH)
Found 5 NS and 5 glue records for ser.aps.anl.gov. @dns2.anl.gov. (AUTH)
Found 0 NS and 0 glue records for ser.aps.anl.gov. @ns2.es.net. (AUTH)
Found 5 NS and 5 glue records for ser.aps.anl.gov. @nsx.lbl.gov.
(non-AUTH)
Found 5 NS and 5 glue records for ser.aps.anl.gov. @oxygen.aps.anl.gov.
(AUTH)
DNServers for aps.anl.gov.
   === 4 were also authoritatve for ser.aps.anl.gov.
   === 1 were non-authoritative for ser.aps.anl.gov.
ERROR: Found 2 diff sets of NS records
   === from servers authoritative for ser.aps.anl.gov.
NS list summary for ser.aps.anl.gov. from parent (aps.anl.gov.) servers
  == dns1.anl.gov. dns2.anl.gov. ns2.es.net.
  == nsx.lbl.gov. oxygen.aps.anl.gov.
soa @dns1.anl.gov. for ser.aps.anl.gov. serial: 2100110
soa @dns2.anl.gov. for ser.aps.anl.gov. serial: 2100110
soa @ns2.es.net. for ser.aps.anl.gov. serial:
ERROR: no SOA record for ser.aps.anl.gov. from ns2.es.net.
soa @nsx.lbl.gov. for ser.aps.anl.gov. serial:
ERROR: no SOA record for ser.aps.anl.gov. from nsx.lbl.gov.
soa @oxygen.aps.anl.gov. for ser.aps.anl.gov. serial: 2100110
SOA serial #'s agree for ser.aps.anl.gov.
Authoritative domain (ser.aps.anl.gov.) servers agree on NS for
ser.aps.anl.gov.NS list from ser.aps.anl.gov. authoritative servers
matches list from
  === parent (aps.anl.gov.) servers not authoritative for
ser.aps.anl.gov.
Checking 0 potential addresses for hosts at ser.aps.anl.gov.
  ==
Summary:
   ERRORS found for ser.aps.anl.gov. (count: 3)
   WARNINGS issued for ser.aps.anl.gov. (count: 1)
Done testing ser.aps.anl.gov.  Thu Jun 14 17:23:50 EDT 2001


More information about the bind-users mailing list