I migrated our bind resolvers to a new config (new named.conf) and I see delegation broken. How do I trouble-shoot?
- The resolvers (are slaves) and are authoritative for zone1.example.com and example.com - the resolvers forward queries to our companies DNS to resolve external names like microsoft.com, isc.com etc - The resolver has views and match same destinations in both old and new config. the zone is zone1.example.com which contains a record name1.zone1.example.com as below: name1.zone1.example.com. NS othername1.example.com. othername1.example.com. A 1.2.3.4 dig @localhost name1.zone1.example.com. # this doesn't give any hint. Here are the steps I tried and still no luck: 1. Compared zone transfer output of zone1.example.com before and after migration, both look similar and contains delegation entry. 2. I tried this and works ok (before and after migration) in both cases indicating that the NS is still reachable and respond to DNS queries before and after migration. dig @othername1.example.com. name1.zone1.example.com. ## Returns 5.6.7.8 as expected ACLs broken 3. Checked cache dump file (db file) - I see the following entry when it works (pre-migration): cache_dump.db:; 1.2.3.4 [srtt 0] [flags 00000000] [ttl 1797] however, the above entry is missing after I migrate to new BIND config. I compared the BIND configs before and after migration and I don't see any significant difference which might cause this issue.. wondering what am I missed? Thanks Blr _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users