<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter. Ôroubleshooting</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter. ÂIND 9 Security Considerations">
<link rel="next" href="Bv9ARM.ch08.html" title="Appendix Á. Òelease Notes">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr><th colspan="3" align="center">Chapter. Ôroubleshooting</th></tr>
<tr>
<td width="20%" align="left">
<a accesskey="p" href="Bv9ARM.ch06.html">Prev</a>/td>
<th width="60%" align="center">/th>
<td width="20%" align="right">a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
<div class="chapter">
<div class="titlepage"><div><div><h1 class="title">
<a name="Bv9ARM.ch07"></a>Chapter. Ôroubleshooting</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch07.html#common_problems">Common Problems</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.2.2">It's not working; how can I figure out what's wrong?</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.2.3">EDNS compliance issues</a></span></dt>
</dl></dd>
<dt><span class="section"><a href="Bv9ARM.ch07.html#id-1.8.3">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch07.html#more_help">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="common_problems"></a>Common Problems</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.8.2.2"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
up logging files beforehand. The log files provide a
source of hints and information that can be used to figure out
what went wrong and how to fix the problem.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="id-1.8.2.3"></a>EDNS compliance issues</h3></div></div></div>
<p>
EDNS (Extended DNS) is a standard that was first specified
in 1999. It is required for DNSSEC validation, DNS COOKIE
options, and other features. There are broken and outdated
DNS servers and firewalls still in use which misbehave when
queried with EDNS; for example, they may drop EDNS queries
rather than replying with FORMERR. BIND and other recursive
name servers have traditionally employed workarounds in this
situation, retrying queries in different ways and eventually
falling back to plain DNS queries without EDNS.
</p>
<p>
Such workarounds cause unnecessary resolution delays,
increase code complexity, and prevent deployment of new DNS
features. As of February 2019, all major DNS software vendors
have agreed to remove these workarounds; see
<a class="link" href="https://dnsflagday.net" target="_top">https://dnsflagday.net</a>
for further details. This change was implemented in BIND
as of release 9.14.0.
</p>
<p>
As a result, some domains may be non-resolvable without manual
intervention. In these cases, resolution can be restored by
adding <span class="command"><strong>server</strong></span> clauses for the offending
servers, specifying <span class="command"><strong>edns no</strong></span> or
<span class="command"><strong>send-cookie no</strong></span>, depending on the specific
noncompliance.
</p>
<p>
To determine which <span class="command"><strong>server</strong></span> clause to use,
run the following commands to send queries to the authoritative
servers for the broken domain:
</p>
<div class="literallayout"><p><br>
dig óoalt;zone> À<server>dnssec<br>
dig óoalt;zone> À<server>dnssecnocookie<br>
dig óoalt;zone> À<server>noedns<br>
</p></div>
<p>
If the first command fails but the second succeeds, the
server most likely needs <span class="command"><strong>send-cookie no</strong></span>.
If the first two fail but the third succeeds, then the server
needs EDNS to be fully disabled with <span class="command"><strong>edns no</strong></span>.
</p>
<p>
Please contact the administrators of noncompliant domains
and encourage them to upgrade their broken DNS servers.
</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.8.3"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
represents a date, usually of the form YYYYMMDDRR.
Occasionally they will make a mistake and set them to a
"date in the future" then try to correct them by setting
them to the "current date". This causes problems because
serial numbers are used to indicate that a zone has been
updated. If the serial number on the slave server is
lower than the serial number on the master, the slave
server will attempt to update its copy of the zone.
</p>
<p>
Setting the serial number to a lower number on the master
server than the slave server means that the slave will not perform
updates to its copy of the zone.
</p>
<p>
The solution to this is to add 2147483647 (2^31-1) to the
number, reload the zone and make sure all slaves have updated to
the new zone serial number, then reset the number to what you want
it to be, and reload the zone again.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="more_help"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
of support and service agreements for <acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym> servers. Four
levels of premium support are available and each level includes
support for all <acronym class="acronym">ISC</acronym> programs,
significant discounts on products
and training, and a recognized priority on bug fixes and
non-funded feature requests. In addition, <acronym class="acronym">ISC</acronym> offers a standard
support agreement package which includes services ranging from bug
fix announcements to remote support. It also includes training in
<acronym class="acronym">BIND</acronym> and <acronym class="acronym">DHCP</acronym>.
</p>
<p>
To discuss arrangements for support, contact
<a class="link" href="mailto:info@isc.org" target="_top">info@isc.org</a> or visit the
<acronym class="acronym">ISC</acronym> web page at
<a class="link" href="http://www.isc.org/services/support/" target="_top">http://www.isc.org/services/support/</a>
to read more.
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch06.html">Prev</a>/td>
<td width="20%" align="center">/td>
<td width="40%" align="right">a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter.acronym class="acronym">BIND</acronym> 9 Security Considerations/td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top"> Áppendix Á. Òelease Notes</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.14.1 (Stable Release)</p>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to Bv9ARM.ch07.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / external / mpl / bind / dist / doc / arm