Annotation of src/external/mpl/bind/dist/doc/arm/Bv9ARM.ch07.html, Revision 1.1.1.8
1.1 christos 1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2: <!--
1.1.1.8 ! christos 3: - Copyright (C) 2000-2020 Internet Systems Consortium, Inc. ("ISC")
1.1 christos 4: -
5: - This Source Code Form is subject to the terms of the Mozilla Public
6: - License, v. 2.0. If a copy of the MPL was not distributed with this
7: - file, You can obtain one at http://mozilla.org/MPL/2.0/.
8: -->
9: <html lang="en">
10: <head>
11: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
12: <title>Chapter 7. Troubleshooting</title>
13: <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
14: <link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
15: <link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
16: <link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Security Considerations">
17: <link rel="next" href="Bv9ARM.ch08.html" title="Appendix A. Release Notes">
18: </head>
19: <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
20: <div class="navheader">
21: <table width="100%" summary="Navigation header">
22: <tr><th colspan="3" align="center">Chapter 7. Troubleshooting</th></tr>
23: <tr>
24: <td width="20%" align="left">
25: <a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td>
26: <th width="60%" align="center"> </th>
27: <td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
28: </td>
29: </tr>
30: </table>
31: <hr>
32: </div>
33: <div class="chapter">
34: <div class="titlepage"><div><div><h1 class="title">
35: <a name="Bv9ARM.ch07"></a>Chapter 7. Troubleshooting</h1></div></div></div>
36: <div class="toc">
37: <p><b>Table of Contents</b></p>
38: <dl class="toc">
39: <dt><span class="section"><a href="Bv9ARM.ch07.html#common_problems">Common Problems</a></span></dt>
1.1.1.2 christos 40: <dd><dl>
41: <dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.2.2">It's not working; how can I figure out what's wrong?</a></span></dt>
42: <dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.2.3">EDNS compliance issues</a></span></dt>
43: </dl></dd>
1.1 christos 44: <dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.3">Incrementing and Changing the Serial Number</a></span></dt>
45: <dt><span class="section"><a href="Bv9ARM.ch07.html#more_help">Where Can I Get Help?</a></span></dt>
46: </dl>
47: </div>
48:
49: <div class="section">
50: <div class="titlepage"><div><div><h2 class="title" style="clear: both">
51: <a name="common_problems"></a>Common Problems</h2></div></div></div>
52:
53: <div class="section">
54: <div class="titlepage"><div><div><h3 class="title">
55: <a name="id-1.8.2.2"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
56:
57: <p>
58: The best solution to solving installation and
59: configuration issues is to take preventative measures by setting
60: up logging files beforehand. The log files provide a
61: source of hints and information that can be used to figure out
62: what went wrong and how to fix the problem.
63: </p>
1.1.1.2 christos 64: </div>
1.1 christos 65:
1.1.1.2 christos 66: <div class="section">
67: <div class="titlepage"><div><div><h3 class="title">
68: <a name="id-1.8.2.3"></a>EDNS compliance issues</h3></div></div></div>
69: <p>
70: EDNS (Extended DNS) is a standard that was first specified
71: in 1999. It is required for DNSSEC validation, DNS COOKIE
72: options, and other features. There are broken and outdated
73: DNS servers and firewalls still in use which misbehave when
74: queried with EDNS; for example, they may drop EDNS queries
75: rather than replying with FORMERR. BIND and other recursive
76: name servers have traditionally employed workarounds in this
77: situation, retrying queries in different ways and eventually
78: falling back to plain DNS queries without EDNS.
79: </p>
80: <p>
81: Such workarounds cause unnecessary resolution delays,
82: increase code complexity, and prevent deployment of new DNS
83: features. As of February 2019, all major DNS software vendors
84: have agreed to remove these workarounds; see
85: <a class="link" href="https://dnsflagday.net" target="_top">https://dnsflagday.net</a>
86: for further details. This change was implemented in BIND
87: as of release 9.14.0.
88: </p>
89: <p>
90: As a result, some domains may be non-resolvable without manual
91: intervention. In these cases, resolution can be restored by
92: adding <span class="command"><strong>server</strong></span> clauses for the offending
93: servers, specifying <span class="command"><strong>edns no</strong></span> or
94: <span class="command"><strong>send-cookie no</strong></span>, depending on the specific
95: noncompliance.
96: </p>
97: <p>
98: To determine which <span class="command"><strong>server</strong></span> clause to use,
99: run the following commands to send queries to the authoritative
100: servers for the broken domain:
101: </p>
102: <div class="literallayout"><p><br>
103: dig soa <zone> @<server> +dnssec<br>
104: dig soa <zone> @<server> +dnssec +nocookie<br>
105: dig soa <zone> @<server> +noedns<br>
106: </p></div>
107: <p>
108: If the first command fails but the second succeeds, the
109: server most likely needs <span class="command"><strong>send-cookie no</strong></span>.
110: If the first two fail but the third succeeds, then the server
111: needs EDNS to be fully disabled with <span class="command"><strong>edns no</strong></span>.
112: </p>
113: <p>
114: Please contact the administrators of noncompliant domains
115: and encourage them to upgrade their broken DNS servers.
116: </p>
1.1 christos 117: </div>
118: </div>
119: <div class="section">
120: <div class="titlepage"><div><div><h2 class="title" style="clear: both">
121: <a name="id-1.8.3"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
122:
123: <p>
124: Zone serial numbers are just numbers — they aren't
125: date related. A lot of people set them to a number that
126: represents a date, usually of the form YYYYMMDDRR.
127: Occasionally they will make a mistake and set them to a
128: "date in the future" then try to correct them by setting
129: them to the "current date". This causes problems because
130: serial numbers are used to indicate that a zone has been
131: updated. If the serial number on the slave server is
132: lower than the serial number on the master, the slave
133: server will attempt to update its copy of the zone.
134: </p>
135:
136: <p>
137: Setting the serial number to a lower number on the master
138: server than the slave server means that the slave will not perform
139: updates to its copy of the zone.
140: </p>
141:
142: <p>
143: The solution to this is to add 2147483647 (2^31-1) to the
144: number, reload the zone and make sure all slaves have updated to
145: the new zone serial number, then reset the number to what you want
146: it to be, and reload the zone again.
147: </p>
148:
149: </div>
150: <div class="section">
151: <div class="titlepage"><div><div><h2 class="title" style="clear: both">
152: <a name="more_help"></a>Where Can I Get Help?</h2></div></div></div>
153:
154: <p>
155: The Internet Systems Consortium
156: (<acronym class="acronym">ISC</acronym>) offers a wide range
157: of support and service agreements for <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym> servers. Four
158: levels of premium support are available and each level includes
159: support for all <acronym class="acronym">ISC</acronym> programs,
160: significant discounts on products
161: and training, and a recognized priority on bug fixes and
162: non-funded feature requests. In addition, <acronym class="acronym">ISC</acronym> offers a standard
163: support agreement package which includes services ranging from bug
164: fix announcements to remote support. It also includes training in
165: <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym>.
166: </p>
167:
168: <p>
169: To discuss arrangements for support, contact
170: <a class="link" href="mailto:info@isc.org" target="_top">info@isc.org</a> or visit the
171: <acronym class="acronym">ISC</acronym> web page at
172: <a class="link" href="http://www.isc.org/services/support/" target="_top">http://www.isc.org/services/support/</a>
173: to read more.
174: </p>
175: </div>
176: </div>
177: <div class="navfooter">
178: <hr>
179: <table width="100%" summary="Navigation footer">
180: <tr>
181: <td width="40%" align="left">
182: <a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td>
183: <td width="20%" align="center"> </td>
184: <td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
185: </td>
186: </tr>
187: <tr>
188: <td width="40%" align="left" valign="top">Chapter 6. <acronym class="acronym">BIND</acronym> 9 Security Considerations </td>
189: <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
190: <td width="40%" align="right" valign="top"> Appendix A. Release Notes</td>
191: </tr>
192: </table>
193: </div>
1.1.1.8 ! christos 194: <p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.16.3 (Stable Release)</p>
1.1 christos 195: </body>
196: </html>
CVSweb <webmaster@jp.NetBSD.org>