Bind 9 slave of Bind 8 hesiod zone
Robert Weber
Robert.Weber at Colorado.EDU
Fri Jul 13 22:02:52 UTC 2001
> Robert Weber writes:
> > I'm working on a slow transition of a messy dns setup. Currently I'm
> > duplicating the functions of our master server, but we also have another
> > server acting as a hesiod master. I can use dig to grab the zone by hand
> > but when I set up the slave zone I get the following errors:
> >
> > Jul 13 14:51:32 hannah /usr/local/bind/sbin/named[220]: [ID 866145
> > local4.info] refresh_callback: zone ns.colorado.edu/HS: failure in request t
o 128.138.238.154 #53: FORMERR
> >
> > FORMERR is a TSIG error,
>
> FORMERR has nothing to do with TSIG. It's a general DNS result code
> meaning "format error". It indicates that a DNS packet was not well
> formed.
>
> > well bind 8 doesn't do the tsig stuff. Is it
> > possible to have a bind 9 slave of a bind 8 host?
>
> Of course - lots of people do that, but most people only use class IN.
> You may be the first one to try this combination in class HS.
>
> I believe your probelem is caused by incorrect handling of the HS
> class by the BIND 8 master, as shown by the following dig output:
>
> $ dig ns.colorado.edu. hs soa @128.138.238.154
> ;; Warning: Message parser reports malformed message packet.
>
> ; <<>> DiG 9.2.0a2 <<>> ns.colorado.edu. hs soa @128.138.238.154
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24412
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;ns.colorado.edu. HS SOA
>
> ;; ANSWER SECTION:
> ns.colorado.edu. 21600 HS SOA cujo.colorado.edu. postmast
er.cu
> jo.colorado.edu. 200107120 3600 1200 2592000 21600
>
> ;; AUTHORITY SECTION:
> ns.colorado.edu. 21600 HS NS boulder.colorado.edu.
> ns.colorado.edu. 21600 HS NS cujo.colorado.edu.
> ns.colorado.edu. 21600 HS NS leather.colorado.edu.
>
> ;; ADDITIONAL SECTION:
> boulder.colorado.edu. 21600 IN A 128.138.240.1
> boulder.colorado.edu. 21600 IN A 128.138.238.18
> cujo.colorado.edu. 21600 IN A 128.138.238.154
> leather.colorado.edu. 21600 IN A 128.138.196.23
>
> The master is sending class IN glue in a class HS response, and BIND 9
> considers this to be sufficiently broken to reject the packet.
> If this is the most recent version of BIND 8, you should report it
> as a BIND 8 bug.
> --
> Andreas Gustafsson, gson at nominum.com
--------
Before I report this as a "bug" in bind 8, I'd like to run my configs by
everyone first:
the hesiod zone looks like:
$TTL 21600
@ hs soa cujo.colorado.edu. postmaster.cujo.colorado.edu. (
200107120 ; SERIAL_NUMBER
3600 ; how often to check for refresh (1 hour)
1200 ; retry rate upon refresh checkup fail (20 min)
2592000 ; TTL for the whole zone (expire) (30 hours)
21600 ) ; minimum TTL for records (6 hours)
@ hs ns boulder.colorado.edu.
hs ns cujo.colorado.edu.
hs ns leather.colorado.edu.
boulder.colorado.edu. 21600 HS A 128.138.240.1
boulder.colorado.edu. 21600 HS A 128.138.238.18
cujo.colorado.edu. 21600 HS A 128.138.238.154
leather.colorado.edu. 21600 HS A 128.138.196.23
$origin finger.ns.colorado.edu.
$include /bind/hesiod.finger-AUTO
$origin maildrop.ns.colorado.edu.
$include /bind/hesiod.maildrop-AUTO
$include /bind/hesiod.alias-AUTO
$origin mailname.ns.colorado.edu.
$include /bind/hesiod.mailname-AUTO
This should work correctly right? If not I would ask the enlightented
public to put me straight, if not then are the developers reading?
Robert Weber
University of Colorado
More information about the bind-users
mailing list