Precautions for upgrading from 9.7.7 to 9.9.2-P2

Mark Andrews marka at isc.org
Thu Mar 28 22:51:00 UTC 2013 

In message <22783305.318587.1364508740276.JavaMail.root at k-state.edu>, "Lawrence
 K. Chen, P.Eng." writes:
> Hmmm, I forget just what all I muttered when I upgraded from 9.7 to 9.9.2-P1.
>   I think the main beef I had was doing it the day before I left for LISA'12.
> ... guess I didn't join this list until around that time.
> 
> As, I recall...the main thing that tripped me up was change in empty-zones be
> havior.  It needs to be explicitly disabled (either totally or just for the z
> ones you use).

Which is only a issues if you have a forward "zone" below a empty
zone without a intervening master/slave/stub zone.

As I have stated before forward zones were designed for two purposes.
* performance increases by accessing a centralised cache
* work around firewall issues

Forward zones were not designed to graft on internal namespaces.
That they sometimes succeed at doing this is down to good luck.
Forward zones work by redirecting where a recursing request is sent.
The do not create a delegation in zones loaded onto the nameserver.

Basic zone management (master/slave) zones is capable of grafting
on namespaces and if you don't want to have a full zone transfered
to slaves then stub zones were designed to allow you to graft on a
namespace.

> There were a lot of cosmetic things....like saying you've requested NSEC3, bu
> t don't have such a key, or lots of RSA_verify failed messages....
> 
> The switch to raw slave zone files was also scary the first time I saw it...a
> nd later having to name slave zone files consistently, so that they can be ea
> sily read now.
> 
> This switch also broke some zones that I'm slave for, where I had lost contac
> t with the master.  Strange that one of the zones, took almost 3 months befor
> e they finally asked why they weren't resolving off of our servers anymore ..
> . they hadn't been using the domain for email for years, but it was the only 
> contact info we had for them (and it matched their SOA.)
> 
> ----- Original Message -----
> > Wang, Yu <ywang10 at fsu.edu> wrote:
> > >
> > > I am in the process of preparing bind upgrade from 9.7.7 to
> > > 9.9.2-p2. I
> > > am reading release notes from 9.8.0 up to see if there are new
> > > things/features that might cause issues. I would welcome and
> > > appreciate
> > > advice on precautions I should take before, during, and after
> > > upgrade.
> > 
> > The main thing that you are likely to trip over is the change in the
> > default format of slaved zones, from text to raw. named should move
> > the
> > old files out of the way and retransfer the zones, and complain about
> > it
> > in the log. You probably want to remove the old slave zone files,
> > either
> > before upgrading (to avoid upsetting named) or afterwards (to keep
> > things
> > tidy).
> > 
> 
> -- 
> Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
> For: Enterprise Server Technologies (EST) -- & SafeZone Ally
> Snail: Computing and Telecommunications Services (CTS)
> Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
> Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkchen at ksu.edu
> Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list