Liu C. DNS & BIND Cookbook / 8.4 Configuring a Name Server to Accommodate a Slave Running BIND 4

Computers & Technology
Education & Reference
Business & Investing
Science & Math

DNS & BIND Cookbook
Authors: Liu C.
Published year: 2005
Pages: 154-156/220

Buy this book on amazon.com >>

<< Previous page
Table of contents
Next page >>

8.4 Configuring a Name Server to Accommodate a Slave Running BIND 4

8.4.1 Problem

You need to configure a name server to accommodate a BIND 4 slave.

8.4.2 Solution

On a BIND 9 name server, you may need to configure the name server to send old-style, one-answer zone transfers to the slave. Add a server statement specifying the slave's address, and use the transfer-format substatement to set the transfer format to one-answer :

server 192.168.0.2 {
    transfer-format one-answer;
};

BIND 8 name servers send one-answer zone transfers by default, so there's no need to add a server statement especially for a BIND 4 slave -- unless you've changed the default in a transfer-format options substatement.

You'll also need to avoid adding resource records to zones that were introduced after the version of BIND that the slave runs. In particular, watch out for SRV records, introduced in BIND 4.9.5.

8.4.3 Discussion

Since the ISC has deprecated the use of any version of BIND 4, you should also prod the administrator of the BIND 4 slave to upgrade.

8.4.4 See Also

"More efficient zone transfers" in Chapter 10 of DNS and BIND , and the ISC's BIND pages, at http://www.isc.org/products/BIND/, for recommended versions of BIND.

8.5 Configuring a BIND Name Server to Accommodate a Slave Running the Microsoft DNS Server

8.5.1 Problem

You need to configure a BIND name server to accommodate a slave running the Microsoft DNS Server.

8.5.2 Solution

Although the version of the Microsoft DNS Server that shipped with Windows 2000 Server nominally supports many-answers zone transfers, some versions have trouble with DNS messages larger than 16K -- exactly the kind a many-answers zone transfer might include. If you're running a BIND 9 name server, which sends many-answers zone transfers by default, you may need to add a server statement telling the name server to send one-answer zone transfers to the Microsoft DNS Server. For example:

server 10.0.0.1 {
    transfer-format one-answer;
};

Also, the Microsoft DNS Server doesn't handle some record types, including A6, DNAME, and all DNSSEC- related records (KEY, SIG and NXT), so make sure you don't add those to the zone.

8.5.3 Discussion

Unfortunately, transfers to the Microsoft DNS Server fail nearly silently if the zone contains these record types, making it difficult for the administrator to diagnose.

8.5.4 See Also

Section 3.2 of the file doc/misc/migration in the BIND 9 distribution.

8.6 Configuring a BIND Name Server as a Slave to a Microsoft DNS Server

8.6.1 Problem

You want to configure a BIND name server as a slave to a Microsoft DNS Server.

8.6.2 Solution

Configure the BIND name server as a slave for the zones you want to load from the Microsoft DNS Server, using the Microsoft DNS Server's address in the zones' masters substatements.

On the Microsoft DNS Server, make sure the name server doesn't include WINS or WINS-R records in zone transfers to your BIND slave. (You're adding a WINS record when you configure a Microsoft DNS Server to look up names using a WINS server if it can't find them in a zone, and a WINS-R record when you configure the name server to use a NETBIOS query to help with reverse mapping.) These records are included in zone transfers unless you check the Do not replicate this record checkbox on the WINS tab of the zone's Properties window in the DNS Console (for Windows 2000) or the Settings only affect local server checkbox on the WINS Lookup tab of the zone's Properties window in DNS Manager (for Windows NT 4.0).

8.6.3 Discussion

Remember to ask the administrator of the zone to add an NS record for the name server, assuming you want remote name servers to query it. If you don't want the name server listed in an NS record, you can still ask the administrator to configure his Microsoft DNS Server to send your name server NOTIFY messages for the slave zones.