[nsd-users] nsd, zonec and out of zone data

Ondřej Surý ondrej at sury.org
Mon Jun 8 22:04:38 UTC 2009


Paul,

what does named-checkzone (and named-compilezone) say to you? My does:

ondrej at pagan:/tmp$ named-checkzone sury.cz sury.cz
sury.cz:15: ignoring out-of-zone data (ns-ext.isc.org)
sury.cz:16: ignoring out-of-zone data (ns-ext.isc.org)
zone sury.cz/IN: loaded serial 1
OK

Ondrej.

On Mon, Jun 8, 2009 at 19:04, Paul Wouters<paul at xelerance.com> wrote:
>
> Hi,
>
> I encountered a zone that has ns-ext.isc.org as one of its
> nameservers. The zone file provides an A record for ns-ext.isc.org in
> that zone. Bind will load this zone without issues, but nsd (well zonec)
> will reject the entire zone due to an "out of zone" error.
>
> I guess the entry is not glue. And the A record does not appear in either
> the answer or the additional section of the reply, and I cannot query
> for the A record with any of the nameservers for this zone, apart from
> ns-ext.isc.org itself.
>
> Why is there is discrepency between nsd and bind? Should nsd ignore
> the entry and still built the zone? Should bind error out? This zone is
> currently served using bind only, but will be served by nsd nameservers
> in the near future as well. So for migration, this might cause problems.
> I am also not sure yet what happens when nsd receives this entry via
> AXFR or IXFR.
>
> Paul
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/



More information about the nsd-users mailing list