BIND 8 data loss problem
Kevin Darcy
kcd at daimlerchrysler.com
Thu Feb 17 17:46:18 UTC 2005
The NS records in the response have been moved from the Answer Section
to the Authority Section, which makes more sense since the response is
effectively a referral. See
1461. [func] return referrals for glue (NS/A/AAAA) if
recursion is
disabled (recursion no;).
in the src/CHANGES file.
If you want to provide an actual *answer* to that question, then you
either need to recurse for it (which would require loosening your
recursion settings) or be authoritative (i.e. a slave) for the zone.
It's possible you might be able to accomplish this by defining the child
as a "stub" zone, but I don't have a working installation of 8.4.6 to be
able to confirm or deny this...
- Kevin
Ann James wrote:
>Hi,
>
>I am trying to replace older BIND versions 8.2.2 and 8.2.7 with 8.4.6 on
>a Solaris8 platform. The 8.2 packages were built by someone else and I
>do not have their build environment.
>
>I am building 8.4.6 on a Solaris8 platform and it appears to work fine.
> But I'm am experiencing data loss for certain records. I have also
>tried 8.4.5 and had the same results as 8.4.6. I'm using the standard
>out of the box compile.
>
>Here are some of the RRs I am having trouble with:
>
>wood.schc.meed.zaboo.org. NS woodaa.schc.meed.zaboo.org.
>wood.schc.meed.zaboo.org. NS woodab.schc.meed.zaboo.org.
>17.88.82.166.in-addr.arpa. PTR wood.schc.meed.zaboo.org.
>
>This happens about 300 times throughout the data, all RRs setup with
>both PTR and NS to the same FQDN. In this case wood.schc.meed.zaboo.org.
>
>Under 8.4.6 when I dig for PTR records I get 1 answer as expected.
>Under 8.2.2 / 8.2.7 when I dig for PTR records I get 1 answer as expected.
>
>Under 8.4.6 when I dig for NS records I get 0 answers.
>Under 8.2.2 & 8.2.7 when I dig for NS records I get the expected response.
>
>Why won't BIND 8.4.6 provide an authoritative answer for these records?
> It is a customer's data and they are reluctant to change it. This data
>is a private namespace behind a firewall.
>
>I have whittled the data down to the bare minimum required to reproduce
>the problem. I've attached below the conf and db files, dig results
>from both servers and syslog messages logged by both servers. Sorry for
>the long post.
>
>Any help would be greatly appreciated. I'm at a loss right now.
>
>Ann
>
>-------------- File: named.conf --------------
>controls {
> inet 127.0.0.1 port 953 allow { localhost; };
>};
>
>options {
> directory "/opt/test";
>
> fetch-glue no;
> multiple-cnames yes;
>
> recursion no;
>
> check-names master ignore;
> check-names response ignore;
> check-names slave ignore;
>
> allow-transfer { any; };
> allow-query { any; };
>
> auth-nxdomain yes;
> rrset-order { order fixed; };
>
> files unlimited;
> notify no;
>
> dump-file "/var/test/dump.db";
> statistics-file "/var/test/stats";
>
> version "RESTRICTED";
>
> statistics-interval 30;
>
> query-source address * port 53;
>};
>
>logging {
> channel ns_syslog {
> syslog daemon;
> severity info;
> };
> channel ns_queries {
> file "/var/test/queries" size 300M;
> print-time yes;
> severity dynamic;
> };
> channel ns_security {
> file "/var/test/security" size 30M;
> print-time yes;
> print-category yes;
> print-severity yes;
> severity notice;
> };
> channel ns_stats {
> file "/var/test/stats" size 300M;
> print-time yes;
> severity info;
> };
> channel ns_cname {
> file "/var/test/cname" size 300M;
> print-time yes;
> severity info;
> };
> channel ns_lame {
> file "/var/test/lame" size 300M;
> print-time yes;
> severity info;
> };
> channel ns_debug {
> file "/var/test/debug" size 300M;
> print-time yes;
> print-category yes;
> print-severity yes;
> severity dynamic;
> };
> channel ns_default {
> file "/var/test/syslog" versions 3 size 100M;
> print-time yes;
> severity info;
> };
>
> category default { ns_default; ns_debug; };
>
> category statistics { ns_stats; };
> category queries { ns_queries; };
> category cname { ns_cname; };
> category lame-servers { ns_lame; };
> category panic { default_syslog; default_stderr; ns_debug; };
> category xfer-in { ns_default; };
> category xfer-out { ns_default; };
> category security { ns_default; };
> category packet { ns_debug; };
> category update { ns_default; };
>};
>
>zone "schc.meed.zaboo.org" in {
> type master;
> file "db.schc.meed.zaboo.org";
> check-names warn;
> notify no;
>};
>
>zone "82.166.in-addr.arpa" in {
> type master;
> file "db.82.166.in-addr.arpa";
> check-names warn;
> notify no;
>};
>
>//zone "." in {
>// type hint;
>// file "db.cache";
>//};
>
>zone "0.0.127.in-addr.arpa" in {
> type master;
> file "db.127.0.0";
>};
>
>-------------- File: db.schc.meed.zaboo.org --------------
>;===========================================================================
>; Addresses and other host information for zone: schc.meed.zaboo.org
>;===========================================================================
>@ IN SOA ns13.zaboo.org. dns.meed.zaboo.org. (
> 1786 ; Serial No.
> 3600 ; Refresh
> 900 ; Retry
> 604800 ; Expire
> 86400 ) ; Default TTL
>;
> IN NS ns13.zaboo.org.
> IN NS ns11.zaboo.org.
> IN NS ns12.zaboo.org.
>
>wood.schc.meed.zaboo.org. IN NS woodaa.schc.meed.zaboo.org.
>wood.schc.meed.zaboo.org. IN NS woodab.schc.meed.zaboo.org.
>
>;*************
>; A records
>;*************
>woodab 86400 IN A 166.82.88.17
>woodaa IN A 166.82.88.18
>
>woodab.schc.meed.zaboo.org. 86400 IN MX 10 WOODAB.schc.meed.zaboo.org.
>woodaa.schc.meed.zaboo.org. 86400 IN MX 10 WOODAA.schc.meed.zaboo.org.
>
>-------------- File: db.82.166.in-addr.arpa --------------
>;===========================================================================
>; Reverse Addresses (PTR Records) for zone: 82.166.in-addr.arpa
>;===========================================================================
>@ IN SOA ns13.zaboo.org. dns.meed.zaboo.org. (
> 1891 ; Serial No.
> 3600 ; Refresh
> 900 ; Retry
> 604800 ; Expire
> 86400 ) ; Default TTL
>;
> IN NS ns13.zaboo.org.
> IN NS ns11.zaboo.org.
> IN NS ns12.zaboo.org.
>;
>;**************
>; PTR records
>;**************
>18.88 IN PTR wood.schc.meed.zaboo.org.
>17.88 IN PTR wood.schc.meed.zaboo.org.
>
>18.88 IN PTR woodaa.schc.meed.zaboo.org.
>17.88 86400 IN PTR woodab.schc.meed.zaboo.org.
>
>-------------- File: db.127.0.0 --------------
>;===========================================================================
>; Local server zone information: 0.0.127.in-addr.arpa
>;===========================================================================
>@ IN SOA ns13.zaboo.org. dnsadmin.zaboo.org. (
> 1 ; Serial No.
> 21600 ; Refresh
> 3600 ; Retry
> 604800 ; Expire
> 86400 ) ; Default TTL
>;
> IN NS ns13.zaboo.org.
>1 IN PTR localhost.
>
>-------------- File: 846.dig.out --------------
># dig @127.0.0.1 NS wood.schc.meed.zaboo.org.
>
>; <<>> DiG 8.4 <<>> @127.0.0.1 NS wood.schc.meed.zaboo.org.
>; (1 server found)
>;; res options: init recurs defnam dnsrch no-nibble2
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15533
>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>;; QUERY SECTION:
>;; wood.schc.meed.zaboo.org, type = NS, class = IN
>
>;; AUTHORITY SECTION:
>wood.schc.meed.zaboo.org. 1D IN NS woodaa.schc.meed.zaboo.org.
>wood.schc.meed.zaboo.org. 1D IN NS woodab.schc.meed.zaboo.org.
>
>;; ADDITIONAL SECTION:
>woodaa.schc.meed.zaboo.org. 1D IN A 166.82.88.18
>woodab.schc.meed.zaboo.org. 1D IN A 166.82.88.17
>
>;; Total query time: 4 msec
>;; FROM: ns01 to SERVER: 127.0.0.1
>;; WHEN: Thu Feb 17 15:50:55 2005
>;; MSG SIZE sent: 42 rcvd: 116
>
># dig @127.0.0.1 PTR 17.88.82.166.in-addr.arpa.
>
>; <<>> DiG 8.4 <<>> @127.0.0.1 PTR 17.88.82.166.in-addr.arpa.
>; (1 server found)
>;; res options: init recurs defnam dnsrch no-nibble2
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29999
>;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0
>;; QUERY SECTION:
>;; 17.88.82.166.in-addr.arpa, type = PTR, class = IN
>
>;; ANSWER SECTION:
>17.88.82.166.in-addr.arpa. 1D IN PTR wood.schc.meed.zaboo.org.
>17.88.82.166.in-addr.arpa. 1D IN PTR woodaa.schc.meed.zaboo.org.
>
>;; AUTHORITY SECTION:
>82.166.in-addr.arpa. 1D IN NS ns13.zaboo.org.
>82.166.in-addr.arpa. 1D IN NS ns11.zaboo.org.
>82.166.in-addr.arpa. 1D IN NS ns12.zaboo.org.
>
>;; Total query time: 3 msec
>;; FROM: ns01 to SERVER: 127.0.0.1
>;; WHEN: Thu Feb 17 15:51:08 2005
>;; MSG SIZE sent: 43 rcvd: 159
>
>-------------- File: 827.dig.out --------------
># dig @127.0.0.1 NS wood.schc.meed.zaboo.org.
>
>; <<>> DiG 8.4 <<>> @127.0.0.1 NS wood.schc.meed.zaboo.org.
>; (1 server found)
>;; res options: init recurs defnam dnsrch no-nibble2
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59378
>;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
>;; QUERY SECTION:
>;; wood.schc.meed.zaboo.org, type = NS, class = IN
>
>;; ANSWER SECTION:
>wood.schc.meed.zaboo.org. 1D IN NS woodaa.schc.meed.zaboo.org.
>wood.schc.meed.zaboo.org. 1D IN NS woodab.schc.meed.zaboo.org.
>
>;; ADDITIONAL SECTION:
>woodaa.schc.meed.zaboo.org. 1D IN A 166.82.88.18
>woodab.schc.meed.zaboo.org. 1D IN A 166.82.88.17
>
>;; Total query time: 3 msec
>;; FROM: ns01 to SERVER: 127.0.0.1
>;; WHEN: Thu Feb 17 15:48:22 2005
>;; MSG SIZE sent: 42 rcvd: 116
>
># dig @127.0.0.1 PTR 17.88.82.166.in-addr.arpa.
>
>; <<>> DiG 8.4 <<>> @127.0.0.1 PTR 17.88.82.166.in-addr.arpa.
>; (1 server found)
>;; res options: init recurs defnam dnsrch no-nibble2
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17127
>;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0
>;; QUERY SECTION:
>;; 17.88.82.166.in-addr.arpa, type = PTR, class = IN
>
>;; ANSWER SECTION:
>17.88.82.166.in-addr.arpa. 1D IN PTR wood.schc.meed.zaboo.org.
>17.88.82.166.in-addr.arpa. 1D IN PTR woodaa.schc.meed.zaboo.org.
>
>;; AUTHORITY SECTION:
>82.166.in-addr.arpa. 1D IN NS ns13.zaboo.org.
>82.166.in-addr.arpa. 1D IN NS ns11.zaboo.org.
>82.166.in-addr.arpa. 1D IN NS ns12.zaboo.org.
>
>;; Total query time: 3 msec
>;; FROM: ns01 to SERVER: 127.0.0.1
>;; WHEN: Thu Feb 17 15:49:01 2005
>;; MSG SIZE sent: 43 rcvd: 159
>
>-------------- File: logs/846/syslog --------------
>17-Feb-2005 15:50:44.141 Zone "schc.meed.zaboo.org" (file
>db.schc.meed.zaboo.org): No default TTL ($TTL <value>) set, using SOA
>minimum instead
>17-Feb-2005 15:50:44.143 master zone "schc.meed.zaboo.org" (IN) loaded
>(serial 1786)
>17-Feb-2005 15:50:44.144 Zone "82.166.in-addr.arpa" (file
>db.82.166.in-addr.arpa): No default TTL ($TTL <value>) set, using SOA
>minimum instead
>17-Feb-2005 15:50:44.144 master zone "82.166.in-addr.arpa" (IN) loaded
>(serial 1891)
>17-Feb-2005 15:50:44.145 Zone "0.0.127.in-addr.arpa" (file db.127.0.0):
>No default TTL ($TTL <value>) set, using SOA minimum instead
>17-Feb-2005 15:50:44.145 master zone "0.0.127.in-addr.arpa" (IN) loaded
>(serial 1)
>17-Feb-2005 15:50:44.152 listening on [127.0.0.1].53 (lo0)
>17-Feb-2005 15:50:44.162 Forwarding source address is [::].37248
>17-Feb-2005 15:50:44.163 Forwarding source address is [0.0.0.0].53
>17-Feb-2005 15:50:44.181 Ready to answer queries.
>17-Feb-2005 15:52:44.395 named shutting down
>
>-------------- File: logs/827/syslog --------------
># cat logs/827/syslog
>17-Feb-2005 15:47:29.225 Zone "schc.meed.zaboo.org" (file
>db.schc.meed.zaboo.org): No default TTL set using SOA minimum instead
>17-Feb-2005 15:47:29.228 master zone "schc.meed.zaboo.org" (IN) loaded
>(serial 1786)
>17-Feb-2005 15:47:29.228 Zone "82.166.in-addr.arpa" (file
>db.82.166.in-addr.arpa): No default TTL set using SOA minimum instead
>17-Feb-2005 15:47:29.229 master zone "82.166.in-addr.arpa" (IN) loaded
>(serial 1891)
>17-Feb-2005 15:47:29.230 Zone "0.0.127.in-addr.arpa" (file db.127.0.0):
>No default TTL set using SOA minimum instead
>17-Feb-2005 15:47:29.231 master zone "0.0.127.in-addr.arpa" (IN) loaded
>(serial 1)
>17-Feb-2005 15:47:29.236 listening on [127.0.0.1].53 (lo0)
>17-Feb-2005 15:47:29.248 Forwarding source address is [0.0.0.0].53
>17-Feb-2005 15:47:29.278 Ready to answer queries.
>17-Feb-2005 15:47:29.279 i_sysop: nlookup error on ?, db.cache file is
>missing or empty
>17-Feb-2005 15:49:47.858 named shutting down
>
>
>
>
>
>
>
More information about the bind-users
mailing list