DNS reverse zone delgation work in BIND8 but not BIND9
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
DNS reverse zone delgation work in BIND8 but not BIND9
I found that DNS reverse zone delgation is not working in BIND9.x but working perfectly OK in BIND8.x with the same setup.
I am getting 'Non-existent host/domain' error when querying (for eg)
nslookup -type=any 112.35.10.in-addr.arpa
* localhost can't find 112.35.10.in-addr.arpa:Non-existent host/domain
--------------------
Here are my configuration files setup.
Anyone know what are the changes in BIND9... ??
(actually this happened on an Tru64 unix server)
BIND 9 stores the authoritative data for each zone in a separate data
structure, as recommended in RFC1035 and as required by DNSSEC and
IXFR. When a BIND 9 server is authoritative for both a child zone and
its parent, it will have two distinct sets of NS records at the
delegation point: the authoritative NS records at the child's apex,
and a set of glue NS records in the parent.
BIND 8 was unable to properly distinguish between these two sets of NS
records and would "leak" the child's NS records into the parent,
effectively causing the parent zone to be silently modified: responses
and zone transfers from the parent contained the child's NS records
rather than the glue configured into the parent (if any). In the case
of children of type "stub", this behaviour was documented as a feature,
allowing the glue NS records to be omitted from the parent
configuration.
Sites that were relying on this BIND 8 behaviour need to add any
omitted glue NS records, and any necessary glue A records, to the
parent zone.
Although stub zones can no longer be used as a mechanism for injecting
NS records into their parent zones, they are still useful as a way of
directing queries for a given domain to a particular set of name
servers.
(Quote from bind-9.8.1-P1/doc/misc/migration)
You should use $ORIGIN and create new zone files for the child zones in the authoritatives name server(s), e.g:
Code:
$TTL 300
@ IN SOA nsi1.testchem.org. dnsadm.testchem.org. (
2012032600 ; serial
. .
1d ) ; min
IN NS ns1.testchem.org.
IN NS ns2.testchem.org.
. .
$ORIGIN 112.35.10.in-addr.arpa.
IN NS ns5.radiochem.org.
IN NS ns5.radiochem.org.
$ORIGIN 116.35.10.in-addr.arpa.
IN NS ns6.geochem.org.
IN NS ns6.geochem.org.
...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.