Re: different result between normal query and zone transfer

2017-07-06 Thread Steven Carr 
On 6 July 2017 at 12:29, MAYER Hans  wrote:
> For me this looks like a bug. Why is the answer for a normal query different 
> than the answer from a zone transfer ?
> Or do I miss a special flag for this setup ?
> I am using BIND 9.11.1  but I had the same issue with older 
> versions too.

A zone transfer is transferring the contents of the zone, the zone in
question is 'iiasa.ac.at', but you've also created a subzone
'test44.iiasa.ac.at' which is a completely separate point of
administration that just happens to hide records inside of the parent
zone. So on your slaves you will also need to slave the subzone if you
want it to override the records there.

A query will traverse the tree until it finds the lowest point of
delegation with which to obtain a response from.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

different result between normal query and zone transfer

2017-07-06 Thread MAYER Hans 


Dear All,

In my environment we have internal DNS servers and 6 external server all 
running BIND. 
4 of these 6 are located in our network. These are slaves for our domain and 
fetching the data from one internal server.
And the remaining 2 are maintained by our ISP and doing a zone transfer from 
our external server.
For some reason we want to have that one DNS name get resolved different 
depending if the query goes to the internal server or to the external. 
So I configured in the external DNS server a subzone which overrides the 
information coming from the internal server. 
This works really fine for our internal and external server. I get the answer I 
expect. 
But not so if the servers of our ISP are queried. There I get the data which 
was originally defined in our internal DNS server. 
The same issue if I do a zone transfer with "dig axfr" from our external 
server. 

For me this looks like a bug. Why is the answer for a normal query different 
than the answer from a zone transfer ? 
Or do I miss a special flag for this setup ? 
I am using BIND 9.11.1  but I had the same issue with older 
versions too. 

BTW: I tried the same with RPZ but there I have the identical issues. 


Kind regards 
Hans 

-- 

This is the part of "named.conf" 

zone "test44.iiasa.ac.at" in {
  type master ;
  file "db.test44.iiasa.ac.at" ;
} ;

This is the db-file of our external DNS server. 

#  cat "db.test44.iiasa.ac.at"

$TTL 3600
$ORIGIN test44.iiasa.ac.at.

@   IN SOA ns2.iiasa.ac.at.  dnsmaster.localhost. (
00   ; serial
21600  ; refresh (6 hours)
3600   ; retry (1 hour)
1209600; expire (2 weeks)
86400  ; minimum (1 day)
)
@   IN NS  ns2.iiasa.ac.at.
test44.iiasa.ac.at. 600 IN A 147.125.5.5
test44.iiasa.ac.at. 600 IN  2001:628:21f0:5::5:5

Here a normal query from anywhere 

# dig +short test44.iiasa.ac.at @ns2.iiasa.ac.at
147.125.5.5

And here a zone transfer from an IP where a zone transfer is allowed 

# dig axfr iiasa.ac.at @ns2.iiasa.ac.at | grep test44
test44.iiasa.ac.at. 86400   IN  2001:628:21f0:4::4:4
test44.iiasa.ac.at. 86400   IN  A   147.125.4.4




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users