migration from bind8 to bind9

Üstün Kaya uskaya at gmail.com
Wed Dec 13 15:13:08 UTC 2006 

Hi,
We are administrating tr. domain and testing bind9 to upgrade from
bind8. Below is a bind8 response for a sample query from one of our
currently operating DNS's:

------------------------------------------------------------------------------------------------

ustun at houston:~$ dig @ns2.nic.tr milliyet.com.tr. -t ns

; <<>> DiG 9.3.2-P1 <<>> @ns2.nic.tr milliyet.com.tr. -t ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1229
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;milliyet.com.tr.               IN      NS

;; ANSWER SECTION:
milliyet.com.tr.        43200   IN      NS      doldns02.dol.com.tr.
milliyet.com.tr.        43200   IN      NS      doldns01.dol.com.tr.

;; ADDITIONAL SECTION:
doldns02.dol.com.tr.    43200   IN      A       213.243.1.42
doldns01.dol.com.tr.    43200   IN      A       213.243.1.40

;; Query time: 3 msec
;; SERVER: 144.122.95.52#53(144.122.95.52)
;; WHEN: Wed Dec 13 16:00:31 2006
;; MSG SIZE  rcvd: 115

ustun at houston:~$

------------------------------------------------------------------------------------------------

and below is the response from bind9 installed on a test machine to
the same query with the same configuration:

ustun at houston:~$ dig @144.122.95.178 milliyet.com.tr. -t ns

; <<>> DiG 9.3.2-P1 <<>> @144.122.95.178 milliyet.com.tr. -t ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34422
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;milliyet.com.tr.               IN      NS

;; AUTHORITY SECTION:
milliyet.com.tr.        43200   IN      NS      doldns02.dol.com.tr.
milliyet.com.tr.        43200   IN      NS      doldns01.dol.com.tr.

;; ADDITIONAL SECTION:
doldns01.dol.com.tr.    43200   IN      A       213.243.1.40
doldns02.dol.com.tr.    43200   IN      A       213.243.1.42

;; Query time: 89 msec
;; SERVER: 144.122.95.178#53(144.122.95.178)
;; WHEN: Wed Dec 13 15:59:14 2006
;; MSG SIZE  rcvd: 115

ustun at houston:~$

--------------------------------------------------------------------------------------
recursion is not allowed in both machines. Bind8 looks at the zone
files at localhost, finds the NS record, queries root servers for
additional ip information and gives an answer. However, bind9 takes
this query as recursive, and does not return an answer although the NS
record is available at localhost in "com.tr." zone file.  Bind9 logs
this:

Dec 13 16:34:11 localhost named[19911]: Dec 13 16:34:11.617 security:
debug 1: client 144.122.95.150#33024: recursion available: denied

I searched the list but couldn't find a satisfying answer. So why is
there a difference? How can we reconfigure bind9 to answer the query
as bind8 to preserve the same system?

Thanks and Regards,
ustun

More information about the bind-users mailing list