Groups | Search | Server Info | Login | Register
Groups > comp.protocols.dns.bind > #16094
| From | "Duncan" <duncan@isn-portal.de> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | RE: Upgrading from 9.14.12 to 9.16.4 - with existing DNSSEC zones |
| Date | 2020-09-03 12:36 +0200 |
| Organization | TE Corp. |
| Message-ID | <mailman.871.1599129307.942.bind-users@lists.isc.org> (permalink) |
| References | <!&!AAAAAAAAAAAuAAAAAAAAAHJdIH4gV7hNloyozA7DYZQBAMO2jhD3dRHOtM0AqgC7tuYAAAAAAA4AABAAAACkjitonLN9Q5Iy0M5h8E43AQAAAAA=@isn-portal.de> <6AB3E1D2-2192-4E34-A1E9-F9157EC222CF@isc.org> <!&!AAAAAAAAAAAuAAAAAAAAAHJdIH4gV7hNloyozA7DYZQBAMO2jhD3dRHOtM0AqgC7tuYAAAAAAA4AABAAAAAI5nbq+LDVSYIufcfyUKD2AQAAAAA=@isn-portal.de> |
[Multipart message — attachments visible in raw view] - view raw
I think, I 've found the problem... Read in the documentation: "UDP network ports used for listening can no longer simultaneously be used for sending traffic." I had listen-on, notify-source and transfer-source all set to the same IP and Port (53). Setting notify-source and transfer-source to different ports seems to solve my problems. Under 9.14.12 there were no problems - that's the difference to 9.16.4, which caused my problems. -----Original Message----- From: Mark Andrews <marka@isc.org> Sent: Wednesday, September 2, 2020 12:38 AM To: duncan@isn-portal.de Cc: bind-users@lists.isc.org Subject: Re: Upgrading from 9.14.12 to 9.16.4 - with existing DNSSEC zones Do you go to your mechanic and not take the car when you have a problem you don’t understand with the car? BIND 9.16.4 should be a drop in replacement for 9.14.12. As you are seeing issues you will need to supply more details like the name of the zone so people can actually try and figure out what the issue is. Mark > On 2 Sep 2020, at 01:06, Duncan <duncan@isn-portal.de> wrote: > > I am using DNSSEC for more than 5 years now (never had a problem so far), but after upgrading to the latest bind-9.16.4 the verification fails using Verisign's DNSSEC Validator. > > I reverted back to 9.14.12 and everything works as expected. > > First I started upgrading my secondary DNS-Server (primary left untouched !!!) to 9.16.4 - restarted named and everything seems to be OK. > > So I tested with Verisign's DNSSEC Validator https://dnssec-analyzer.verisignlabs.com/ before upgrading my primary DNS. > > And Verisign reported an error -> All Queries to secondary.my-dnsserver-domain.com for my-domain.com/Atimed out or failed > > Test Results: https://ibb.co/7QLVJsC > > Any ideas? …or should I upgrade both servers before I do my first test (not only the secondary server)? As I said, I only updated my secondary server and left my primary server untouched! > > Are there any related upgrade issues from from 9.14.12 to 9.16.4, which I should take care first (do I have to update something in my configs)? Is it possible to keep my already signed zones of my 9.14.12 installation? Or do I have to re-sign anything? > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list > > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Back to comp.protocols.dns.bind | Previous | Next | Find similar
RE: Upgrading from 9.14.12 to 9.16.4 - with existing DNSSEC zones "Duncan" <duncan@isn-portal.de> - 2020-09-03 12:36 +0200
csiph-web