named-checkzone comes unglues
Mark Andrews
Mark_Andrews at isc.org
Thu Jan 10 12:47:28 UTC 2008
> # named-checkzone from 9.4.2 whines
>
> $ named-checkzone -d gn gn
> loading "gn" from "gn" class "IN"
> zone gn/IN: cerescor.ac.gn/NS 'ns.uganc.ac.gn' (out of zone) has no addresses
> records (A or AAAA)
This is a attempt to check the glue by looking for the real
records. That lookup failed. Two "no answers" and 1 lame
server. Missing glue is reported differently.
% dig ns.uganc.ac.gn @217.146.3.235 +norec
; <<>> DiG 9.3.4-P1 <<>> ns.uganc.ac.gn @217.146.3.235 +norec
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
% dig ns.uganc.ac.gn @208.52.96.34 +norec
; <<>> DiG 9.3.4-P1 <<>> ns.uganc.ac.gn @208.52.96.34 +norec
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
% dig ns.uganc.ac.gn @193.220.182.2 +norec
; <<>> DiG 9.3.4-P1 <<>> ns.uganc.ac.gn @193.220.182.2 +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27723
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; QUESTION SECTION:
;ns.uganc.ac.gn. IN A
;; AUTHORITY SECTION:
gn. 76456 IN NS SUNIC.SUNET.SE.
gn. 76456 IN NS NS1.DNS.AQ.
gn. 76456 IN NS RIP.PSG.COM.
gn. 76456 IN NS HIPPO.RU.AC.ZA.
;; ADDITIONAL SECTION:
RIP.PSG.COM. 76414 IN A 147.28.0.39
;; Query time: 880 msec
;; SERVER: 193.220.182.2#53(193.220.182.2)
;; WHEN: Thu Jan 10 23:35:52 2008
;; MSG SIZE rcvd: 153
%
> zone gn/IN: cerescor.ac.gn/NS 'ns.afripakamsar.net.gn' (out of zone) has no a
> ddresses records (A or AAAA)
> zone gn/IN: uganc.ac.gn/NS 'ns.uganc.ac.gn' (out of zone) has no addresses re
> cords (A or AAAA)
> zone gn/IN: uganc.ac.gn/NS 'ns.afripakamsar.net.gn' (out of zone) has no addr
> esses records (A or AAAA)
>
> yet the zone has
>
> afripakamsar.net.gn. NS ns.afripakamsar.net.gn.
> NS ns.afripatelecom.net.gn.
> ns.afripakamsar.net.gn. A 208.52.96.34
>
> afripatelecom.net.gn. NS ns.afripatelecom.net.gn.
> NS ns0.xname.org.
> NS ns1.xname.org.
> ns.afripatelecom.net.gn. A 193.220.182.2
>
> uganc.ac.gn. NS ns.uganc.ac.gn.
> NS ns.afripatelecom.net.gn.
> NS ns.afripakamsar.net.gn.
> ns.uganc.ac.gn. A 217.146.3.235
>
> oh, and bind 9.3.4 loads the zone just fine
BIND 9.4 will load it as well. named-checkzone does checks
named doesn't. Named only checks that the zone is self
consistant, not that it is externally consistant.
named-checkzone attempts to do the later.
Mode "full" checks that delegation NS records refer to A or AAAA
record (both in-zone and out-of-zone hostnames). It also checks
that glue addresses records in the zone match those advertised by
the child. Mode "local" only checks NS records which refer to
in-zone hostnames or that some required glue exists, that is when
the nameserver is in a child zone.
Mark
> randy
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list