bind resolver zone delegation
Mukund Sivaraman
muks at mukund.org
Wed May 15 13:56:00 UTC 2019
On Wed, May 15, 2019 at 03:27:14PM +0200, Frank Patzig wrote:
> In my log
>
> DNS format error from 64.7.11.138#53 resolving vpn.smiths.com/MX for client
> 127.0.0.1#47512: Name smiths.com (SOA) not subdomain of zone vpn.smiths.com
> -- invalid response
>
> What is the problem.
> ;; AUTHORITY SECTION:
> smiths.com. 59 IN SOA resolve01.sslvpndemo.com.
> hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60
SOA belongs to smiths.com, whereas the resolver is expecting an answer
from zone vpn.smiths.com following the delegation for it. Instead, from
your own paste, vpn.smiths.com/A looks to be an address record in zone
smiths.com (in any case, vpn.smiths.com/MX is missing and the resolver
will reject the negative answer because it has an unexpected SOA owner
name from the smiths.com zone).
Have you setup the "vpn.smiths.com" zone on resolve01.sslra.com and
resolve02.sslra.com?
Mukund
More information about the bind-users
mailing list