BIND 4 to BIND 8 upgrade

Thu Jul 18 05:09:15 UTC 2002

> 
> I have a site that is running their DNS server on Solaris 2.6 using the
> Sun-supplied BIND 4.  I am working on upgrading them to BIND 8 or 9.
> 
> They have a Solaris 8 machine, with of course the Sun-supplied BIND 8,
> so what I did as a test was copy the zone files over to it, converted the
> named.boot to named.conf using the named-bootconf tool, configured the router
> to have the same packet filtering characteristics for the Solaris 8 machine
> as the Solaris 2.6 machine, and added the $TTL thing at the top of the
> zone files. I then fired up in.named, and tried resolving some hostnames
> with nslookup (the first thing I say after firing up nslookup is "server
> newserverhostname") .
> 
> The problem I am having is that while I can resolve hosts within the
> domains for which the BIND 8 server is set up to master, I can't resolve
> anything else. If I "set d2" I just get:
> 
> timeout
> timeout
> timeout
> 
> ...ad infinitum.
> 
> I know about the difference between BIND 4 and 8 with respect to
> packet filtering, but if I am understanding it correctly (I've read the
> "Gotcha" page in the new DNS & BIND O'Reilly book), the difference
> involves outbound packets, and this site isn't doing any outbound packet
> filtering, just inbound.

	Well the answers have to come back.  The rules below don't
	allow the answers back in.  See query-source.

> I have the latest hints file on the BIND 8 server.
> 
> Here is the named.conf:
> 
> options {
> #
> # %W% %G% %U%
> #
>         directory "/etc/domain";
>         allow-transfer {
>                 1.2.3.4;
>                 4.3.2.1;
>         };
> };
> 
> zone "domain.com" {
>         type master;
>         file "named.hosts";
> };
> 
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "named.local";
> };
> 
> zone "111.222.33.in-addr.arpa" {
>         type master;
>         file "named.rev";
> };
> 
> zone "." {
>         type hint;
>         file "named.ca";
> };
> 
> 
> Here are my inbound packet filters (X.X.X.1 is the existing BIND 4
> machine, X.X.X.2 is the BIND 8):
> 
> access-list 109 permit udp any gt 1023 host X.X.X.1 eq domain
> access-list 109 permit tcp any gt 1023 host X.X.X.1 eq domain
> access-list 109 permit udp any eq domain host X.X.X.1 eq domain
> access-list 109 permit udp any gt 1023 host X.X.X.2 eq domain
> access-list 109 permit tcp any gt 1023 host X.X.X.2 eq domain
> access-list 109 permit udp any eq domain host X.X.X.2 eq domain
> 
> What am I overlooking? I'm sure it is something really stupid.  :)
> 
> Thanks in advance for any help you can give!
> 
> --
> Griff Miller II
> Manager of Information Technology
> Positron Corporation                "I need to be the owner of all of
> griff.miller at positron.com            the files in /usr/kvm."  -Anonymous User
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org