delegation broken after migrating to new BIND config
blrmaani at gmail.com
Fri Dec 9 04:09:02 UTC 2016
I migrated our bind resolvers to a new config (new named.conf) and I see delegation broken. How do I trouble-shoot?
- The resolvers (are slaves) and are authoritative for zone1.example.com and example.com
- the resolvers forward queries to our companies DNS to resolve external names like microsoft.com, isc.com etc
- The resolver has views and match same destinations in both old and new config.
the zone is zone1.example.com which contains a record name1.zone1.example.com as below:
name1.zone1.example.com. NS othername1.example.com.
othername1.example.com. A 18.104.22.168
dig @localhost name1.zone1.example.com. # this doesn't give any hint.
Here are the steps I tried and still no luck:
1. Compared zone transfer output of zone1.example.com before and after migration, both look similar and contains delegation entry.
2. I tried this and works ok (before and after migration) in both cases indicating that the NS
is still reachable and respond to DNS queries before and after migration.
dig @othername1.example.com. name1.zone1.example.com.
## Returns 22.214.171.124 as expected ACLs broken
3. Checked cache dump file (db file) - I see the following entry when it works (pre-migration):
cache_dump.db:; 126.96.36.199 [srtt 0] [flags 00000000] [ttl 1797]
however, the above entry is missing after I migrate to new BIND config.
I compared the BIND configs before and after migration and I don't see any significant difference which might cause this issue.. wondering what am I missed?
More information about the bind-users