Forum Discussion
2 Replies
- AneshCirrostratuscan you paste the output of named-checkconf
- Brad_ParkerCirrus
The version of BIND in your new BigIP version is enforcing DNS rules more strictly than in the previous version. NS records must point to hostnames not IP addresses. If that hostname lives in the zone it will then confirm that an A record exists for that host name. What's happening here is that BIND/zonerunner is translating your previous NS record which was 1.1.1.1 into a hostname. Since 1.1.1.1 doesn't end in a trailing dot the zone name is appended, i.e. 1.1.1.1.test.com. It is then trying to validate that 1.1.1.1.test.com is a valid A record in the test.com zone. I would recommend updating all the NS records you see in the logs ASAP with valid hostnames that can be resolved via an A record lookup. MX records could potentially produce the same kind of logs.