Zone name conflicts / overlapping

Mon Sep 19 06:50:36 UTC 2011

Hi

maybe named-checkzone can help you, with -i full, it makes some NS checks : 

>>           Mode "full" checks that delegation NS records refer to A or AAAA record (both in-zone and out-of-zone hostnames). It also checks that glue address
>>           records in the zone match those advertised by the child. Mode "local" only checks NS records which refer to in-zone hostnames or that some required glue
>>           exists, that is when the nameserver is in a child zone.

Philippe

> -----Original Message-----
> From: bind-users-bounces+philippe.simonet=swisscom.com at lists.isc.org
> [mailto:bind-users-bounces+philippe.simonet=swisscom.com at lists.isc.org]
> On Behalf Of Ben C.
> Sent: Monday, September 19, 2011 7:46 AM
> To: bind-users at lists.isc.org
> Subject: Zone name conflicts / overlapping
> 
> Hello all,
> 
> This is my first post to bind-users, so I would like to first of all
> say hello, and thanks to everyone who takes their time to read and
> respond to any mailing list post. =)
> 
> I have a fairly complex situation where I have a pDNS server and a ISC
> BIND server, both containing unique zones.  I'm trying to make them
> "sync" to each other so that the end result is they both contain the
> same list of zones, and update the opposite's zone files regularly.  I
> am doing my best in designing it so that it *shouldn't* have the
> possibility of a zone conflict, where server A says something about
> zone "foo.com", and server B contains it's own unique record, so when
> they sync, .. well ...
> 
> I noticed with BIND, what I expected happens if the situation occurs:
> 
> zone "foo.com" {
>   type master;
>   file "/path/to/some.file";
> };
> 
> // .. some stuff
> zone "foo.com" {
>   type master;
>   file "/path/to/some.other.file";
>   // ^^ They can be the same file, too ..
> };
> 
> -- BIND simply refuses to start, which is great because it allows me
> to /see/ the error a little easier.
> 
> However, the situation got interesting when the following occurs:
> 
> zone "ns1.foo.com" {
>   type master;
>   file "/path/to/ns1.foo.com";
> };
> 
> zone "foo.com" {
>   type master;
>   file "/path/to/foo.com";
> };
> 
> Where ns1.foo.com's zone file would obviously contain an A record for
> itself (ns1.foo.com.) and then foo.com's zone file contains an A
> record for the same zone / hostname, ns1.foo.com.
> 
> It appears to me, BIND sees the conflict / overlap but does not care
> about the order they are in, nor cares to exit (or even tell anybody
> about it), but simply use the more "specific" zone file which would be
> "ns1.foo.com".  I'm pretty sure this is intended behavior. Although
> for my specific and very individual circumstance, this is not ideal
> for me, but I'm by no means saying this is a bug, or "bad" behavior.
> 
> I'm simply trying to figure out (1) if this is indeed the correct
> assumption, that BIND will always use the more "specific" zone,  ...
> (2) if there are ways to modify the behavior (short of editing the way
> BIND, or even DNS works) ...  (3) if there is a way to at least
> identify this kind of behavior in logs (error/warning message? maybe
> I'm missing it..) .. (4) a link or referral to any kind of relevant
> information would be useful -- documentation, mailing lists, anything
> -- I did a _lot_ of googling and even peeked around on IRC asking
> around, but either I'm not asking the question correctly, or it's not
> a very common thing :)
> 
> Thanks for your time,
> Ben
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users