Bind9 - Problems Adding NS record

Barry Finkel b19141 at achilles.ctd.anl.gov
Wed Sep 1 14:57:01 UTC 2004 

"Stafford, Paige L." <staffordp1 at ornl.gov> wrote:

>I am having difficulty adding an NS records to my zone, ornl.gov.  BTW, 
>these are delegation records for the AD domain controllers.
>
>I have tried nsupdate, and manual edits (freezing/unfreezing then 
>stopping/starting), but am unable to get it to work.  It works fine on 
>the external Bind8 servers (ns.ornl.gov), but not the BIND9 internal DNS
>(blocked at firewall), ns-int.  Yet, the data in them are exactly the 
>same.
>
>Example problem record:  domaindnszones.ornl.gov.  NS  dc1.ornl.gov. 
>
>There are ns records that work on ns-int, such as
>      _msdcs.ornl.gov  and  _tcp.ornl.gov which both point to dc1.ornl.gov. 
>
>on ns-int:
>     running Bind-9.3.0rc3
>     SunOS ns1 5.9 Generic_117171-07 sun4u sparc SUNW,Sun-Fire-V240
>
>from named.run (running named -d )
>31-Aug-2004 17:10:18.820 resquery 18d04f0 (fctx 193d528(domaindnszones.ornl.gov/NS)): response
>31-Aug-2004 17:10:18.820 client 160.91.1.34#33316: sendto
>31-Aug-2004 17:10:18.820 fctx 193d528(domaindnszones.ornl.gov/NS'): cancelquery
>31-Aug-2004 17:10:18.820 fctx 193d528(domaindnszones.ornl.gov/NS'): add_bad
>
>ns-int> dig domaindnszones.ornl.gov
>; <<>> DiG 9.3.0rc3 <<>> domaindnszones.ornl.gov
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1402
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>;; QUESTION SECTION:
>;domaindnszones.ornl.gov.       IN      A
>;; Query time: 5 msec
>;; SERVER: 10.1.1.30#53(10.1.1.30)
>;; WHEN: Tue Aug 31 21:33:40 2004
>;; MSG SIZE  rcvd: 41
>
>Any feedback would be appreciated.

When you add the NS record 

     domaindnszones.ornl.gov.  NS  dc1.ornl.gov.

manually, what happens?  You say that it does not work, but I am not
sure what you mean by that.  Are there messages in the syslog?
You gave an example 

     dig domaindnszones.ornl.gov

What is the output of

     dig _msdcs.ornl.gov

I am not sure if the "IN" is required in NS records.  I always put that
in my DNS records.  

P.S. I assume that you also have an NS record delegating the zone

          forestdnszones.ornl.gov

----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list