No subject

Jeff Wark jeff.wark at tbaytel.net
Fri Sep 30 20:30:36 UTC 2005 

Greetings.

I have a master name server running BIND 9.2.1 [Debian Woody - not available on the 
Internet] and a slave server running bind 9.2.4 [Debian Sarge - not currently available on 
the Internet] and two others running bind 8.3.3 [Debian Woody - on the Internet].

The 9.2.1 is a master for all the others to slave from.  I have an entry in a zone defined 
on the master as the following:
>$ORIGIN example.com.
>spamhaus-datafeed      IN   NS   local-rbl-a
>spamhaus-datafeed      IN   NS   local-rbl-b

When I issue the following command:
#> host -t nx spamhaus-datafeed.example.com 127.0.0.1
on the master server OR the BIND 8.3.3 servers I get an answer pointing me in the right 
direction.  On the Sarge 9.2.4 however I get a "Host spamhaus-datafeed.example.com not 
found: 2(SERVFAIL)" error.

I can see the records in the local db file on all machines.  The 8.3.3 machines are a little 
more verbose in that they list the TTL for each record, the 'IN' record qualifier and a 
fully qualified hostname at the end of the record [ex. local-rbl-a.example.com.].  The 9.2.4 
machine simply lists a record without the TTL, without the 'IN' qualifier, and without the 
$ORIGIN on the hostname at the end of the record [ex. local-rbl-a].

I have looked through the DNS and BIND book from O'Reilly but it has not led me to anything 
helpful.  The closest I've come to finding something referring to this issue is the 'Top 9 
gotchas' for Bind 9.  The sixth gotcha refers to the following:
>6.  BIND 9 strictly enforces zone boundaries.
>Older BIND name servers would let you get away with configurations like this:
>
>subdomain     IN     NS      ns1
>subdomain     IN     TXT     "Delegated subdomain"
>
>Technically, that TXT record belongs in the zone data file for subdomain, not in the >parent zone. Older versions of BIND, however, would allow it. Not BIND 9, though; it >ignores the TXT record as "out-of-zone data."

I am only listing NS records in the 'example.com' domain and no others so this doesn't 
really seem to apply.

Thanks in advance for any help you can provide.


Jeff Wark
TBayTel Internet

More information about the bind-users mailing list