bind9 questions

Thu Mar 1 14:07:52 UTC 2001

Jim, I just wanted to thank you for answering, but some of your comments
were up in the ozone. If I say I downloaded and printed out the manual then
of course I read them, I figured if I put the statement in about the manual
then I would not get any dumbass statements about rtfm.(SIGH) I hide the
domain name and the actual IP's because of the last part of my domain name
(.mil). You could not see the servers I am working on if you wanted to, all
you would see is the outside and that is not the problem. I used the kill
-HUP statement w/ bind8 and I know how the back tics go but typing is not my
job its just an extra perk. As you can see on my named.conf 

options {
        directory "/var/named";
        pid-file "/usr/local/etc/named.pid";
        auth-nxdomain yes;  ----------the default for the 'auth-nxdomain'
option is now 'no' (WHY?)
        statistics-file "/var/named/stats";
        transfer-format many-answers;      -------------------------for zone
transfers or so manual says
        transfer-source  primary_internal_dns_address; ----------for zone
transfers or so manual says
        forward only;
        forwarders {
          internal_firewall_IP;
        };
        allow-transfer { none; };

zone "domain.af.mil" {
        type slave;              -------------------for zone transfers 
        file "secondary/domain.af.mil";
        masters {
                primary_internal_dns_address;-----------------for zone
transfers
        };
        allow-update {
                localhost;     -------------------for zone transfers or so
any bind says 
        };
        notify no;
};

You had an answer for my email so tell me why this is not working?

You--Why don't you read the name server's logs? There will be a message
> >there explaining why the zone transfers are failing.

Me- I showed you the logs, here let me show you again.
/usr/local/sbin/named[263]: the default for the 
> >'auth-nxdomain' option is now 'no' 
> >    Timothy> Feb 28 20:56:15 pinnacle4 
> >/usr/local/sbin/named[263]: option 'check-names' is not implemented 
So you decode this and tell me what its says about zone transfers, I don't
see anything. All this tells me is that its not doing check names and even
tho I have auth-nxdomain set to yes it is going to set it to no.

YOU--If you'd told us the server's address and the domain
> >name, someone might have been able to query it and find the
> >problem. Does the slave have a higher serial number for the zone than
> >the master server? This is a depressingly common problem with QIP.

Me--you can't querey it, this is a clue on that 
 forward only;
        forwarders {
          internal_firewall_IP;----inside fire wall
        };
Now if anybody has some helpful hints then I would be glad to read them.

Thank you for all the help,

Tim