"not exact" error message
Mark Andrews
marka at isc.org
Sat Jan 21 22:04:13 UTC 2023
The consistency checks are not new. The message indicates that the IXFR contained a delete request for a record that doesn’t exist or an add for a record that exists. Named recovers be performing an AXFR of the zone.
--
Mark Andrews
> On 22 Jan 2023, at 04:31, Havard Eidnes via bind-users <bind-users at lists.isc.org> wrote:
>
> Hi,
>
> I tried using BIND 9.18.10 as a downstream name server of an
> OpenDNSSEC 2.1.8 installation, but after sorting out the ACL
> issues on the OpenDNSSEC side, zone transfers failed with
> messages such as these:
>
> Jan 21 17:15:34 new-ns named[22056]: transfer of '4.38.158.in-addr.arpa/IN' from 158.38.x.yy#53: failed while receiving responses: not exact
> Jan 21 17:16:42 new-ns named[22056]: transfer of 'ufisa.no/IN' from 158.38.x.yy#53: failed while receiving responses: not exact
>
> Downgrading BIND to 9.16.36 made this work, so this appears to be
> a new consistency check introduced with the newer version which
> isn't being done by 9.16.36.
>
> Any idea what this new check consists of, and what I should hint
> to the OpenDNSSEC developers to fix?
>
> I did a "dig axfr -y <whatever>" of one of the zones from the
> OpenDNSSEC host, and I found the TSIG record used to support the
> zone transfer embedded in the result (twice!), and when I fed the
> resulting file to named-checkzone, it didn't want to validate the
> zone before I removed the two TSIG records. This, however, may
> be unrelated; I do not know.
>
> Best regards,
>
> - Håvard
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list