A tale of two nameservers - resolution problems

Tue, 01 Sep 2015 06:11:37 -0700 

I have one nameserver running bind 9.8.2 and a new one running 9.9.4.

Both can resolve www.ietf.org

Only the 9.8.2 can resolve 0.centos.pool.ntp.org
I literally rsynced all the of the conf and zone files from the old to the new, then changed all of the server name references. I have done this before. I have another box running the 9.8.2 code that I built the same way and it resolves both fqdns just fine. 

I am a lost at what is the problem.  Both have the same named.conf:

//
//

    include "/etc/named/named.acl";

options
{
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };

    allow-query        { localhost; };
    allow-query-cache    { localhost; };
    recursion no;

    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

//    dnssec-enable yes;
//    dnssec-validation yes;
//    dnssec-lookaside auto;

    dnssec-enable no;
    dnssec-validation no;

    /* Path to ISC DLV key */
//    bindkeys-file "/etc/named.iscdlv.key";

//    managed-keys-directory "/var/named/dynamic";


};
logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named). * By default, SELinux policy does not allow named to modify the /var/named directory, 
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

view "internal"
{

    include "/etc/named/named.internal";

};
view    "external"
{

    include "/etc/named/named.external";

};

include "/etc/named/rndc.key";

==============
and named.internal has:

/* This view will contain zones you want to serve only to "internal" clients
* that have addresses that are not on your directly attached LAN interface subnets: 
 */
    match-clients        { httnets; };
    match-destinations    { httnets; };
    allow-query        { httnets; };
    allow-query-cache    { httnets; };
    allow-recursion        { httnets; };
    recursion yes;
    empty-zones-enable yes;

//    include "/etc/named/named.trusted.key";
        include "/etc/named.rfc1912.zones";

    zone "." IN {
        type hint;
        file "named.root";
    };

    // These are your "authoritative" internal zones:

    zone "htt-consult.com" {
        type master;
        file "httin-consult.com.zone";
    };

etc.


==============


Is the dnssec disabled possibly the problem?  Like required now?


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to