[BACK]Return to Bv9ARM.ch07.html CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / external / mpl / bind / dist / doc / arm

Annotation of src/external/mpl/bind/dist/doc/arm/Bv9ARM.ch07.html, Revision 1.1.1.8

1.1       christos    1: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                      2: <!--
1.1.1.8 ! christos    3:  - Copyright (C) 2000-2020 Internet Systems Consortium, Inc. ("ISC")
1.1       christos    4:  -
                      5:  - This Source Code Form is subject to the terms of the Mozilla Public
                      6:  - License, v. 2.0. If a copy of the MPL was not distributed with this
                      7:  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
                      8: -->
                      9: <html lang="en">
                     10: <head>
                     11: <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
                     12: <title>Chapter 7. Troubleshooting</title>
                     13: <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
                     14: <link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
                     15: <link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
                     16: <link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Security Considerations">
                     17: <link rel="next" href="Bv9ARM.ch08.html" title="Appendix A. Release Notes">
                     18: </head>
                     19: <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
                     20: <div class="navheader">
                     21: <table width="100%" summary="Navigation header">
                     22: <tr><th colspan="3" align="center">Chapter 7. Troubleshooting</th></tr>
                     23: <tr>
                     24: <td width="20%" align="left">
                     25: <a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td>
                     26: <th width="60%" align="center"> </th>
                     27: <td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
                     28: </td>
                     29: </tr>
                     30: </table>
                     31: <hr>
                     32: </div>
                     33: <div class="chapter">
                     34: <div class="titlepage"><div><div><h1 class="title">
                     35: <a name="Bv9ARM.ch07"></a>Chapter 7. Troubleshooting</h1></div></div></div>
                     36: <div class="toc">
                     37: <p><b>Table of Contents</b></p>
                     38: <dl class="toc">
                     39: <dt><span class="section"><a href="Bv9ARM.ch07.html#common_problems">Common Problems</a></span></dt>
1.1.1.2   christos   40: <dd><dl>
                     41: <dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.2.2">It's not working; how can I figure out what's wrong?</a></span></dt>
                     42: <dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.2.3">EDNS compliance issues</a></span></dt>
                     43: </dl></dd>
1.1       christos   44: <dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.3">Incrementing and Changing the Serial Number</a></span></dt>
                     45: <dt><span class="section"><a href="Bv9ARM.ch07.html#more_help">Where Can I Get Help?</a></span></dt>
                     46: </dl>
                     47: </div>
                     48:
                     49:       <div class="section">
                     50: <div class="titlepage"><div><div><h2 class="title" style="clear: both">
                     51: <a name="common_problems"></a>Common Problems</h2></div></div></div>
                     52:
                     53:         <div class="section">
                     54: <div class="titlepage"><div><div><h3 class="title">
                     55: <a name="id-1.8.2.2"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
                     56:
                     57:           <p>
                     58:             The best solution to solving installation and
                     59:             configuration issues is to take preventative measures by setting
                     60:             up logging files beforehand. The log files provide a
                     61:             source of hints and information that can be used to figure out
                     62:             what went wrong and how to fix the problem.
                     63:           </p>
1.1.1.2   christos   64:         </div>
1.1       christos   65:
1.1.1.2   christos   66:         <div class="section">
                     67: <div class="titlepage"><div><div><h3 class="title">
                     68: <a name="id-1.8.2.3"></a>EDNS compliance issues</h3></div></div></div>
                     69:           <p>
                     70:             EDNS (Extended DNS) is a standard that was first specified
                     71:             in 1999. It is required for DNSSEC validation, DNS COOKIE
                     72:             options, and other features. There are broken and outdated
                     73:             DNS servers and firewalls still in use which misbehave when
                     74:             queried with EDNS; for example, they may drop EDNS queries
                     75:             rather than replying with FORMERR. BIND and other recursive
                     76:             name servers have traditionally employed workarounds in this
                     77:             situation, retrying queries in different ways and eventually
                     78:             falling back to plain DNS queries without EDNS.
                     79:           </p>
                     80:           <p>
                     81:             Such workarounds cause unnecessary resolution delays,
                     82:             increase code complexity, and prevent deployment of new DNS
                     83:             features. As of February 2019, all major DNS software vendors
                     84:             have agreed to remove these workarounds; see
                     85:             <a class="link" href="https://dnsflagday.net" target="_top">https://dnsflagday.net</a>
                     86:             for further details. This change was implemented in BIND
                     87:             as of release 9.14.0.
                     88:           </p>
                     89:           <p>
                     90:             As a result, some domains may be non-resolvable without manual
                     91:             intervention.  In these cases, resolution can be restored by
                     92:             adding <span class="command"><strong>server</strong></span> clauses for the offending
                     93:             servers, specifying <span class="command"><strong>edns no</strong></span> or
                     94:             <span class="command"><strong>send-cookie no</strong></span>, depending on the specific
                     95:             noncompliance.
                     96:           </p>
                     97:           <p>
                     98:             To determine which <span class="command"><strong>server</strong></span> clause to use,
                     99:             run the following commands to send queries to the authoritative
                    100:             servers for the broken domain:
                    101:           </p>
                    102:   <div class="literallayout"><p><br>
                    103:             dig soa &lt;zone&gt; @&lt;server&gt; +dnssec<br>
                    104:             dig soa &lt;zone&gt; @&lt;server&gt; +dnssec +nocookie<br>
                    105:             dig soa &lt;zone&gt; @&lt;server&gt; +noedns<br>
                    106:   </p></div>
                    107:           <p>
                    108:             If the first command fails but the second succeeds, the
                    109:             server most likely needs <span class="command"><strong>send-cookie no</strong></span>.
                    110:             If the first two fail but the third succeeds, then the server
                    111:             needs EDNS to be fully disabled with <span class="command"><strong>edns no</strong></span>.
                    112:           </p>
                    113:           <p>
                    114:             Please contact the administrators of noncompliant domains
                    115:             and encourage them to upgrade their broken DNS servers.
                    116:           </p>
1.1       christos  117:         </div>
                    118:       </div>
                    119:       <div class="section">
                    120: <div class="titlepage"><div><div><h2 class="title" style="clear: both">
                    121: <a name="id-1.8.3"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
                    122:
                    123:         <p>
                    124:           Zone serial numbers are just numbers &#8212; they aren't
                    125:           date related.  A lot of people set them to a number that
                    126:           represents a date, usually of the form YYYYMMDDRR.
                    127:           Occasionally they will make a mistake and set them to a
                    128:           "date in the future" then try to correct them by setting
                    129:           them to the "current date".  This causes problems because
                    130:           serial numbers are used to indicate that a zone has been
                    131:           updated.  If the serial number on the slave server is
                    132:           lower than the serial number on the master, the slave
                    133:           server will attempt to update its copy of the zone.
                    134:         </p>
                    135:
                    136:         <p>
                    137:           Setting the serial number to a lower number on the master
                    138:           server than the slave server means that the slave will not perform
                    139:           updates to its copy of the zone.
                    140:         </p>
                    141:
                    142:         <p>
                    143:           The solution to this is to add 2147483647 (2^31-1) to the
                    144:           number, reload the zone and make sure all slaves have updated to
                    145:           the new zone serial number, then reset the number to what you want
                    146:           it to be, and reload the zone again.
                    147:         </p>
                    148:
                    149:       </div>
                    150:       <div class="section">
                    151: <div class="titlepage"><div><div><h2 class="title" style="clear: both">
                    152: <a name="more_help"></a>Where Can I Get Help?</h2></div></div></div>
                    153:
                    154:         <p>
                    155:           The Internet Systems Consortium
                    156:           (<acronym class="acronym">ISC</acronym>) offers a wide range
                    157:           of support and service agreements for <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym> servers. Four
                    158:           levels of premium support are available and each level includes
                    159:           support for all <acronym class="acronym">ISC</acronym> programs,
                    160:           significant discounts on products
                    161:           and training, and a recognized priority on bug fixes and
                    162:           non-funded feature requests. In addition, <acronym class="acronym">ISC</acronym> offers a standard
                    163:           support agreement package which includes services ranging from bug
                    164:           fix announcements to remote support. It also includes training in
                    165:           <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym>.
                    166:         </p>
                    167:
                    168:         <p>
                    169:           To discuss arrangements for support, contact
                    170:           <a class="link" href="mailto:info@isc.org" target="_top">info@isc.org</a> or visit the
                    171:           <acronym class="acronym">ISC</acronym> web page at
                    172:           <a class="link" href="http://www.isc.org/services/support/" target="_top">http://www.isc.org/services/support/</a>
                    173:           to read more.
                    174:         </p>
                    175:       </div>
                    176:     </div>
                    177: <div class="navfooter">
                    178: <hr>
                    179: <table width="100%" summary="Navigation footer">
                    180: <tr>
                    181: <td width="40%" align="left">
                    182: <a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td>
                    183: <td width="20%" align="center"> </td>
                    184: <td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
                    185: </td>
                    186: </tr>
                    187: <tr>
                    188: <td width="40%" align="left" valign="top">Chapter 6. <acronym class="acronym">BIND</acronym> 9 Security Considerations </td>
                    189: <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
                    190: <td width="40%" align="right" valign="top"> Appendix A. Release Notes</td>
                    191: </tr>
                    192: </table>
                    193: </div>
1.1.1.8 ! christos  194: <p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.16.3 (Stable Release)</p>
1.1       christos  195: </body>
                    196: </html>

CVSweb <webmaster@jp.NetBSD.org>