> At 05:53 AM 10/4/2004, Danny Braniss wrote:
> >hi,
> > I'm about to upgrade our master dns server from 8.2.3 to 9.3.=

0, in
> >the process i'm discovering a 'little-problem' with class HS/hesiod:
> >zone updates when the slave is 9.3.0 and the master is 8.2.2 fail.
> >
> >general: info: zone passwd.NS.CS.HUJI.AC.IL/HS/hesiod: refresh: failur=

e =

> >trying
> >master 132.65.16.8#53 (source 0.0.0.0#0): FORMERR
> >
> >if the slave is runing version 9.2.2 it works fine, also between 9.3.0=

and
> >9.2.2
> >
> >I could just upgrade our dns to 9.3.0 (and buy a one way ticket to Rio=

) and
> >hope for the best, but i'd like a less drastic path.

> =


> Post the contents of the zone. However it is possible that 9.3.0 broke
> something in the hesiod space. There aren't many servers out there
> these days serving hesiod zones so it wouldn't have gotten the kind of
> testing that internet zones get.
> =


I don't think the contents of the zone are to blame. From looking at the
ethereal trace, the server doesn't like the first request (with option ED=
NS0
set) - so the client tries again without it, the servers says ok, but the=

client ignore it.

could it be that the non-error response has the the Auth. RR clear? if so=

1- is it an old bug in 8.2.3? the server IS the master for NS.CS.HUJI.AC.=
IL.
2- can 9.3.0 be made to accept data for class HS from the 'master' even i=
f it =

forgot
to set the Auth. bit?


[simplified ethereal trace]
client server Standard query SOA passwd.NS.CS.HUJI.AC.IL
Domain Name System (query)
Transaction ID: 0xd0d0
Flags: 0x0000 (Standard query)
0... .... .... .... =3D Response: Message is a query
.000 0... .... .... =3D Opcode: Standard query (0)
.... ..0. .... .... =3D Truncated: Message is not truncated
.... ...0 .... .... =3D Recursion desired: Don't do query recursi=
vely
.... .... .0.. .... =3D Z: reserved (0)
.... .... ...0 .... =3D Non-authenticated data OK: Non-authentica=
ted =

data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
passwd.NS.CS.HUJI.AC.IL: type SOA, class hesiod
Name: passwd.NS.CS.HUJI.AC.IL
Type: Start of zone of authority
Class: hesiod
Additional records
: type OPT, class unknown
Name:
Type: EDNS0 option
UDP payload size: 2048
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Z: 0x0
Data length: 0
Data

the response is:

server client Standard query response, Format error
Domain Name System (response)
Transaction ID: 0xd0d0
Flags: 0x8081 (Standard query response, Format error)
1... .... .... .... =3D Response: Message is a response
.000 0... .... .... =3D Opcode: Standard query (0)
.... .0.. .... .... =3D Authoritative: Server is not an authority=
for =

domain
.... ..0. .... .... =3D Truncated: Message is not truncated
.... ...0 .... .... =3D Recursion desired: Don't do query recursi=
vely
.... .... 1... .... =3D Recursion available: Server can do recurs=
ive =

queries
.... .... .0.. .... =3D Z: reserved (0)
.... .... ..0. .... =3D Answer authenticated: Answer/authority po=
rtion =

was not authenticated by the server
.... .... .... 0001 =3D Reply code: Format error (1)
Questions: 0
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0

Which is probably to be expected from a vintage bind-8.2.3, then a =

'simplified' request is sent

client server Standard query SOA passwd.NS.CS.HUJI.AC.IL
Domain Name System (query)
Transaction ID: 0x6868
Flags: 0x0000 (Standard query)
0... .... .... .... =3D Response: Message is a query
.000 0... .... .... =3D Opcode: Standard query (0)
.... ..0. .... .... =3D Truncated: Message is not truncated
.... ...0 .... .... =3D Recursion desired: Don't do query recursi=
vely
.... .... .0.. .... =3D Z: reserved (0)
.... .... ...0 .... =3D Non-authenticated data OK: Non-authentica=
ted =

data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
passwd.NS.CS.HUJI.AC.IL: type SOA, class hesiod
Name: passwd.NS.CS.HUJI.AC.IL
Type: Start of zone of authority
Class: hesiod

which is answered, this time without error but is ignored by bind-9.3.0

Domain Name System (response)
Transaction ID: 0x6868
Flags: 0x8480 (Standard query response, No error)
1... .... .... .... =3D Response: Message is a response
.000 0... .... .... =3D Opcode: Standard query (0)
.... .1.. .... .... =3D Authoritative: Server is an authority for=
domain
.... ..0. .... .... =3D Truncated: Message is not truncated
.... ...0 .... .... =3D Recursion desired: Don't do query recursi=
vely
.... .... 1... .... =3D Recursion available: Server can do recurs=
ive =

queries
.... .... .0.. .... =3D Z: reserved (0)
.... .... ..0. .... =3D Answer authenticated: Answer/authority po=
rtion =

was not authenticated by the server
.... .... .... 0000 =3D Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 2
Additional RRs: 4
Queries
passwd.NS.CS.HUJI.AC.IL: type SOA, class hesiod
Name: passwd.NS.CS.HUJI.AC.IL
Type: Start of zone of authority
Class: hesiod
Answers
passwd.NS.CS.HUJI.AC.IL: type SOA, class hesiod, mname =

shuldig.CS.HUJI.AC.IL


> >so, is there any simple fix?

> =


if there isn't, i think i can come up with a different upgrade approach.

> You could try 9.2.4. Try running the slave version of the zone through
> BIND 9.3.0 named-checkzone and see if it has any errors.


> =


> The ticket to Rio may be a good idea

you think i could find work there as a runaway dns manager? :-)

danny