[Pdns-users] Bind8 migration to PowerDNS - SERVFAIL vs NOERROR ?

Jaco Engelbrecht bje at serendipity.org.za
Wed May 28 22:48:26 UTC 2008 

Hi,

Currently we run a Bind9 hidden master, with three Bind8 (!)  
authoritative name servers serving DNS requests to the world.

I've configured the Bind9 hidden master to also notify a PowerDNS  
2.9.21 instance, which has the Bind9 hidden master configured as a  
super master.

Almost all but a hand full domains did not make it successfully into  
PowerDNS because of either errors in the zone files (!) or DNS  
delegation issues.  Busy dealing with those.

There's a few things I'd like to verify:

  1) Has anyone done a migration like this before (bind9->pdns using  
supermaster/also-notify vs. the manual import of each zone), and is  
there anything that you'd could advise me of to watch out for,  
anything that could bite us?

   - I'm aware of the "wildcards=yes" option - had to enable that :-/
   - but that's about all that I could think of that might be a problem?

  - FYI: we'll be changing all domains from SLAVE to NATIVE shortly,  
as soon as we're happy that there's no reason to roll back to our  
existing Bind setup.

  2) PowerDNS and Bind8 behave differently when you ask them for a non- 
existent domain [1]:

  - PowerDNS returns SERVFAIL with the authority bit set.
  - Bind8 (current NSs) returns NOERROR with the authority bit not set.
  - Neither return a response, though.

What is the net-effect on clients by this difference in behavior?   
I've read RFC1035, RFC2929, read several mailing list posts, but do  
not seem to find anything conclusive about whether this will really  
have any impact?

Cheers,
Jaco

[1]

--
[bje at tsogang ~]$ dig foosdfo233o3.com @bind8

; <<>> DiG 9.5.0b2 <<>> foosdfo233o3.com @bind8
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
;; WARNING: recursion requested but not available

[bje at tsogang ~]$ dig foosdfo233o3.com @pdns

; <<>> DiG 9.5.0b2 <<>> foosdfo233o3.com @pdns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63684
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

--

More information about the Pdns-users mailing list