Stub Entries Bind 9 & Server Failure Errors

Barry Margolin barmar at genuity.net
Thu Feb 28 18:59:20 UTC 2002 

In article <a5lt80$iee at pub3.rc.vix.com>, Sargon <doctor at ptd.net> wrote:
>
>Lets try this post again...
>
>We recently updated our DNS servers from a Bind 8 version to Bind 9.2.0 and 
>everything appears to be working fine except for the following:
>
>A customer of ours has a stub entry set-up so that they can administor their 
>own /24 IP assignment, which is part of a larger /20 assignment allocated to 
>us. The customer did change their dns server information recently however all 
>dns servers appear to have updated to the correct information and yet the 
>following is occurring.
>
>Whenever you look up and IP address in the Stubbed /24 assignment on any dns 
>server except ours and the customers you get server failed.

I don't see how you expect this to work.  When your server receives a query
in one of these reverse domains, it will not have the Recursion Desired
flag set.  Since your server is only a stub, not a slave, for the reverse
domain, it won't have the PTR records in its memory.  The NS records don't
help, since you can't delegate "sideways".  If this worked in BIND 8 I'm
not sure why.

There's two ways to implement what you want:

1) Configure the servers that the /24's are assigned to as slaves rather
   than stubs.

2) Use the RFC 2317 mechanism to delegate all 256 addresses in each /24 to
   the customer's servers.

>Our Configuration Examples: (Not real assignment just using to show config 
>settings)
>
>named.conf
>
>zone "1.168.192.in-addr.arpa" {
>        type stub;
>        file "db.192.168.1";
>        masters {
>                10.0.0.1;
>                10.0.0.2;
>                10.0.0.3;
>        };
>};
>
>
>DB File:
>
>$ORIGIN .
>1.168.192.in-addr.arpa.         IN      SOA     dns3.junk.com.   
>dns-request.junk.com. (
>        2002022801
>        10800
>        3600
>        2419200
>        3600
>
>        NS      dns1.junk.com.
>        NS      dns2.junk.com.
>        NS      dns3.junk.com.        
>
>Now note the dns3.junk.com was the dns server for which they recently switched 
>the IP Address. Otherwise everything else appears to be fine. Errors do not 
> show anything for this assignment and I have restarted named and flushed 
>cache several times. 
>
>Basically I am stuck. We made no physical changes to this configuration since 
>long before we started using Bind 9.2.0 so the only changes were the upgrade & 
>customers dns server IP change.
>
>Can anyone help or offer some ideas of what might be wrong?
>
>Thanks,
>


-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list