Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-01-2012, 09:13 PM   #1
LQ Newbie
Registered: Apr 2012
Posts: 1

Rep: Reputation: Disabled
DNS reverse zone delgation work in BIND8 but not BIND9

I found that DNS reverse zone delgation is not working in BIND9.x but working perfectly OK in BIND8.x with the same setup.

I am getting 'Non-existent host/domain' error when querying (for eg)
nslookup -type=any
* localhost can't find host/domain
Here are my configuration files setup.
Anyone know what are the changes in BIND9... ??
(actually this happened on an Tru64 unix server)

| . .
|zone "" {
| type master;
| file "zone/";
| . .

|$TTL 300
|@ IN SOA (
| 2012032600 ; serial
| . .
| 1d ) ; min
| . .
|112 IN NS
|112 IN NS
| . .
|13.115 IN PTR
|116 IN NS
|116 IN NS
| . .
| . .
|122 IN NS
|122 IN NS
| . .
|14.127 IN PTR
|24.127 IN PTR
| . .
| . .
Old 04-03-2012, 04:26 PM   #2
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,581

Rep: Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799

I guess this is a consequence of:
6. No Information Leakage between Zones

BIND 9 stores the authoritative data for each zone in a separate data
structure, as recommended in RFC1035 and as required by DNSSEC and
IXFR. When a BIND 9 server is authoritative for both a child zone and
its parent, it will have two distinct sets of NS records at the
delegation point: the authoritative NS records at the child's apex,
and a set of glue NS records in the parent.

BIND 8 was unable to properly distinguish between these two sets of NS
records and would "leak" the child's NS records into the parent,
effectively causing the parent zone to be silently modified: responses
and zone transfers from the parent contained the child's NS records
rather than the glue configured into the parent (if any). In the case
of children of type "stub", this behaviour was documented as a feature,
allowing the glue NS records to be omitted from the parent

Sites that were relying on this BIND 8 behaviour need to add any
omitted glue NS records, and any necessary glue A records, to the
parent zone.

Although stub zones can no longer be used as a mechanism for injecting
NS records into their parent zones, they are still useful as a way of
directing queries for a given domain to a particular set of name
(Quote from bind-9.8.1-P1/doc/misc/migration)
You should use $ORIGIN and create new zone files for the child zones in the authoritatives name server(s), e.g:
$TTL 300
@ IN SOA (
 2012032600 ; serial
  . .
  1d ) ; min
  . .



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
bind9 reverse zone alkingg Linux - Server 7 02-25-2011 10:36 AM
role of zone files in bind9 dns aceone Red Hat 3 12-21-2010 05:05 AM
dns: bind9: cascading server sub-zone polemon Linux - Networking 1 11-18-2009 08:30 AM
Reverse DNS on Bind9 Taleya Linux - Networking 1 11-04-2009 12:39 PM
DNS Zone x-fer - From one zone to another / Debian 3.1 + BIND9 kenwoodgt Linux - Software 0 11-01-2006 11:28 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:16 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration