Tony, the zones that are giving me the not auth error are indeed off cache, as I see the RA flag and the AA is missing. I never really thought this was happening because I have all zones configure the same way and some are not getting the not auth error and have the aa flag present. I was querying the slave directly and it never occurred to me that the info I was getting back might be cached info, I should of looked at the flags :(. Well it turns out I accidently commented out a huge portion of the named.conf file by mistake with the */ /*, I didn't close the commented section correctly and it caused some zones not to be configured. When using vi to edit/look at named.conf I was relying on the color and never saw the zones in blue (comment color) that gave me not auth so I assumed the config was good, I even ran named-checkconf which came back with no errors which makes sense. It also didn't click when using rndc status and the number of zones on the slave was significant less than on the master server :(.
I hope this stupid mistake helps someone else, thanks for all that replied. Now what is everyone using to make sure the zones in named.conf are still pointing to your NS servers? I have a lot of stale DNS zones I want to remove. Thanks, Paul -----Original Message----- From: Tony Finch [mailto:[email protected]] Sent: Thursday, July 28, 2016 10:45 AM To: Casey Deccio <[email protected]> Cc: Paul A <[email protected]>; [email protected] Subject: Re: getting not authoritative with some notifies Casey Deccio <[email protected]> wrote: > On Thu, Jul 28, 2016 at 10:34 AM, Paul A <[email protected]> wrote: > > > Yes on both server and the slave and primary are listed on the NS RR. > > I'm really at a loss here, the zone updates on the slave but I keep > > getting that message. > > There's a difference between a server being listed in the NS RRset and > a server being authoritative for the zone. Is there a "zone" > statement for that zone in your named.conf? When you query the slave for a problem zone, look at the flags in the header, e.g. this answer comes from a recursive query - "ra" is present and "aa" is missing ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 this answer comes from an authoritative zone - "aa" is present ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h punycode South Thames, Dover: Southwesterly 5 or 6. Slight or moderate. Rain or showers. Good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
