Unexplainable Problem with Upgrade 8.2.3-REL to 9.1.2
James A Griffin
agriffin at cpcug.org
Thu Jun 14 21:30:44 UTC 2001
Kevin Darcy wrote:
>
> Are you a slave for aps.anl.gov? BIND 8 used to "mix glue" between parent
> and child zones, on zone transfers. My guess is that the delegations from
> aps.anl.gov to ser.aps.anl.gov are wrong, but you never noticed it before
> because there was enough glue from the child zone for your nameserver(s)
> to use. BIND 9, on the other hand, enforces strict zone-cut separation,
> so immediately after the upgrade you were seeing the "raw", incorrect
> delegation information in the zone transfer. Now you've covered up that
> problem by making yourself authoritative for the child zone. But the
> delegations should be fixed.
>
> BTW, if this is the externally-visible ser.aps.anl.gov you're talking
> about, it definitely has delegation problems. nsx.lbl.gov is answering
> non-authoritatively for ser.aps.anl.gov and ns2.es.net returns NXDOMAIN!
>
> - Kevin
>
[snip]
Barry, here is some detail on Kevin's observation about delegation
problems. I'll send you the full log if you want. You can get a copy
of 'doc' from ftp://ftp.shub-internet.org/brad/dns/
Jim
Doc-2.2.2: doc -v ser.aps.anl.gov.
Doc-2.2.2: Starting test of ser.aps.anl.gov. parent is aps.anl.gov.
Doc-2.2.2: Test date - Thu Jun 14 17:23:35 EDT 2001
soa @dns1.anl.gov. for aps.anl.gov. has serial: 3106240
soa @dns2.anl.gov. for aps.anl.gov. has serial: 3106240
soa @ns2.es.net. for aps.anl.gov. has serial: 3106240
soa @nsx.lbl.gov. for aps.anl.gov. has serial: 3106240
soa @oxygen.aps.anl.gov. for aps.anl.gov. has serial: 3106241
WARNING: Found 2 unique SOA serial #'s for aps.anl.gov.
Found 5 NS and 5 glue records for ser.aps.anl.gov. @dns1.anl.gov. (AUTH)
Found 5 NS and 5 glue records for ser.aps.anl.gov. @dns2.anl.gov. (AUTH)
Found 0 NS and 0 glue records for ser.aps.anl.gov. @ns2.es.net. (AUTH)
Found 5 NS and 5 glue records for ser.aps.anl.gov. @nsx.lbl.gov.
(non-AUTH)
Found 5 NS and 5 glue records for ser.aps.anl.gov. @oxygen.aps.anl.gov.
(AUTH)
DNServers for aps.anl.gov.
=== 4 were also authoritatve for ser.aps.anl.gov.
=== 1 were non-authoritative for ser.aps.anl.gov.
ERROR: Found 2 diff sets of NS records
=== from servers authoritative for ser.aps.anl.gov.
NS list summary for ser.aps.anl.gov. from parent (aps.anl.gov.) servers
== dns1.anl.gov. dns2.anl.gov. ns2.es.net.
== nsx.lbl.gov. oxygen.aps.anl.gov.
soa @dns1.anl.gov. for ser.aps.anl.gov. serial: 2100110
soa @dns2.anl.gov. for ser.aps.anl.gov. serial: 2100110
soa @ns2.es.net. for ser.aps.anl.gov. serial:
ERROR: no SOA record for ser.aps.anl.gov. from ns2.es.net.
soa @nsx.lbl.gov. for ser.aps.anl.gov. serial:
ERROR: no SOA record for ser.aps.anl.gov. from nsx.lbl.gov.
soa @oxygen.aps.anl.gov. for ser.aps.anl.gov. serial: 2100110
SOA serial #'s agree for ser.aps.anl.gov.
Authoritative domain (ser.aps.anl.gov.) servers agree on NS for
ser.aps.anl.gov.NS list from ser.aps.anl.gov. authoritative servers
matches list from
=== parent (aps.anl.gov.) servers not authoritative for
ser.aps.anl.gov.
Checking 0 potential addresses for hosts at ser.aps.anl.gov.
==
Summary:
ERRORS found for ser.aps.anl.gov. (count: 3)
WARNINGS issued for ser.aps.anl.gov. (count: 1)
Done testing ser.aps.anl.gov. Thu Jun 14 17:23:50 EDT 2001
More information about the bind-users
mailing list