We recently upgraded from our old version of bind (Bind 8.2 on Redhat 6.2) to a new version (Bind 9.2.2rc1 on Redhat 7.3)
That went relatively smoothly. There was a problem with the HINFO fields, so we took them out since we don't really use them, but then we started seeing a bundle of errors like:
Dec 5 10:52:47 my-dns named[11036]: client 192.168.100.1#4796: transfer of 'domain.name.com/IN': AXFR started Dec 5 10:52:47 my-dns named[11036]: socket.c:1098: unexpected error: Dec 5 10:52:47 my-dns named[11036]: internal_send: 192.169.100.1#4796: Connection reset by peer Dec 5 10:52:47 my-dns named[11036]: client 192.168.100.1#4796: transfer of 'domain.name.com/IN': send: connection reset
Where 192.168.100.1 was our slave/secondary DNS server. This caused some confusion and much running around while we tried to figure out what the problem was.
For the record, the master DNS server is Bind 9.2.2rc1 on Redhat 7.3 the slave DNS server is Microsoft's DNS running on Windows NT4 (sp6a).
Eventually we were able to fix things by adding the following lines to the entry of /etc/named.conf in the options field
auth-nxdomain yes ;
allow-notify { 192.168.100.1; };
transfer-format one-answer ;
I think the magic bit was changing
transfer-format
to one-answer. This sends the transfer one entry at a time as opposed to
many-answers which packs in as many answers as it possibly can. Apparently
old DNS servers need one-answer. I'm guessing NT4 classifies as an old server.
The other entry auth-nxdomain forces our master server to be authoritive for the domain. (This may need to be set for some old DNS servers)
allow-notify { IP; }; explicitly tells our slave server when the master server has been updated. Note the semi-colons.
Currently everything is working nicely... I hope :}