I migrated our bind resolvers to a new config (new named.conf) and I see
delegation broken. How do I trouble-shoot?
- The resolvers (are slaves) and are authoritative for zone1.example.com and
example.com
- the resolvers forward queries to our companies DNS to resolve external names
like microsoft.com, isc.com etc
- The resolver has views and match same destinations in both old and new config.
the zone is zone1.example.com which contains a record name1.zone1.example.com
as below:
name1.zone1.example.com. NS othername1.example.com.
othername1.example.com. A 1.2.3.4
dig @localhost name1.zone1.example.com. # this doesn't give any hint.
Here are the steps I tried and still no luck:
1. Compared zone transfer output of zone1.example.com before and after
migration, both look similar and contains delegation entry.
2. I tried this and works ok (before and after migration) in both cases
indicating that the NS
is still reachable and respond to DNS queries before and after migration.
dig @othername1.example.com. name1.zone1.example.com.
## Returns 5.6.7.8 as expected ACLs broken
3. Checked cache dump file (db file) - I see the following entry when it works
(pre-migration):
cache_dump.db:; 1.2.3.4 [srtt 0] [flags 00000000] [ttl 1797]
however, the above entry is missing after I migrate to new BIND config.
I compared the BIND configs before and after migration and I don't see any
significant difference which might cause this issue.. wondering what am I
missed?
Thanks
Blr
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
