# parent zone only exists on the host [root@dev76-sandbox-pdnsslave01]# curl -v -H 'X-API-Key: -----------' https://dev76-sandbox-pdnsslave01.domain.net:8443/api/v1/servers/localhost/zones | jq . [ { "account": "admin", "dnssec": false, "edited_serial": 1615589654, "id": "example.sandbox.domain.net.", "kind": "Slave", "last_check": 1615589374, "masters": [ "10.63.70.196" ], "name": "example.sandbox.domain.net.", "notified_serial": 1615589374, "serial": 1615589374, "url": "/api/v1/servers/localhost/zones/example.sandbox.domain.net." }, ] # we can get SOA records and NS records for the parent domain [root@dev76-sandbox-pdnsslave01]# dig +short @127.0.0.1 SOA example.sandbox.domain.net dev76-sandbox-pdnsmaster01.domain.net. admin.domain.net. 1615588649 10800 3600 604800 86400 [root@dev76-sandbox-pdnsslave01]# dig +short @127.0.0.1 NS example.sandbox.domain.net dev76-sandbox-pdnsmaster01.domain.net. dev76-sandbox-pdnsmaster02.domain.net. # can't get SOA record for child zone [root@dev76-sandbox-pdnsslave01]# dig +short @127.0.0.1 SOA child.example.sandbox.domain.net [root@dev76-sandbox-pdnsslave01]# # can't get any records frmo child zone [root@dev76-sandbox-pdnsslave01]# dig +short @127.0.0.1 record.child.example.sandbox.domain.net [root@dev76-sandbox-pdnsslave01]# # logs from trace on dev76-sandbox-pdnsslave01 record.child.example.sandbox.domain.net: Wants DNSSEC processing, auth data in query for A record.child.example.sandbox.domain.net: Looking for CNAME cache hit of 'record.child.example.sandbox.domain.net|CNAME' record.child.example.sandbox.domain.net: Looking for DNAME cache hit of 'record.child.example.sandbox.domain.net|DNAME' or its ancestors record.child.example.sandbox.domain.net: No CNAME or DNAME cache hit of 'record.child.example.sandbox.domain.net' found record.child.example.sandbox.domain.net: No cache hit for 'record.child.example.sandbox.domain.net|A', trying to find an appropriate NS record : got TA for '.' : setting cut state for . to Secure record.child.example.sandbox.domain.net: initial validation status for record.child.example.sandbox.domain.net is Indeterminate record.child.example.sandbox.domain.net: Cache consultations done, have 1 NS to contact record.child.example.sandbox.domain.net: Domain has hardcoded nameserver record.child.example.sandbox.domain.net.: Nameservers: -192.168.32.3:53(1.30ms) record.child.example.sandbox.domain.net: Resolved 'domain.net' NS (empty) to: 192.168.32.3 record.child.example.sandbox.domain.net: Trying IP 192.168.32.3:53, asking 'record.child.example.sandbox.domain.net|A' record.child.example.sandbox.domain.net: Got 2 answers from (empty) (192.168.32.3), rcode=3 (Non-Existent domain), aa=1, in 6ms record.child.example.sandbox.domain.net: accept answer 'example.sandbox.domain.net|SOA|dev76-sandbox-pdnsmaster01.domain.net. admin.domain.net. 1615589061 10800 3600 604800 86400' from 'domain.net' nameservers? ttl=3600, place=2 YES! - This answer was received from a server we forward to. record.child.example.sandbox.domain.net: OPT answer '.' from 'domain.net' nameservers : got initial zone status Indeterminate for record example.sandbox.domain.net|SOA record.child.example.sandbox.domain.net: determining status after receiving this packet record.child.example.sandbox.domain.net: got negative caching indication for name 'record.child.example.sandbox.domain.net' (accept=1), newtarget='(empty)' record.child.example.sandbox.domain.net: status=NXDOMAIN, we are done (have negative SOA) record.child.example.sandbox.domain.net: failed (res=3) 3 [8/1] answer to question 'record.child.example.sandbox.domain.net|A': 0 answers, 1 additional, took 1 packets, 6.411 netw ms, 7.343 tot ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=3 # zone still doesn't exist on the host [root@dev76-sandbox-pdnsslave01]# curl -v -H 'X-API-Key: -----------' https://dev76-sandbox-pdnsslave01.domain.net:8443/api/v1/servers/localhost/zones | jq . [ { "account": "admin", "dnssec": false, "edited_serial": 1615589834, "id": "example.sandbox.domain.net.", "kind": "Slave", "last_check": 1615589464, "masters": [ "10.63.70.196" ], "name": "example.sandbox.domain.net.", "notified_serial": 1615589464, "serial": 1615589464, "url": "/api/v1/servers/localhost/zones/example.sandbox.domain.net." }, ] # SOA records can now be found [root@dev76-sandbox-pdnsslave01]# dig +short @127.0.0.1 SOA child.example.sandbox.domain.net dev76-sandbox-pdnsmaster01.domain.net. admin.domain.net. 1615589596 10800 3600 604800 86400 # same with any other child zone record [root@dev76-sandbox-pdnsslave01]# dig +short @127.0.0.1 record.child.example.sandbox.domain.net 8.8.8.8 record.child.example.sandbox.domain.net: Wants DNSSEC processing, auth data in query for A record.child.example.sandbox.domain.net: Looking for CNAME cache hit of 'record.child.example.sandbox.domain.net|CNAME' record.child.example.sandbox.domain.net: Looking for DNAME cache hit of 'record.child.example.sandbox.domain.net|DNAME' or its ancestors record.child.example.sandbox.domain.net: No CNAME or DNAME cache hit of 'record.child.example.sandbox.domain.net' found record.child.example.sandbox.domain.net: No cache hit for 'record.child.example.sandbox.domain.net|A', trying to find an appropriate NS record : got TA for '.' : setting cut state for . to Secure record.child.example.sandbox.domain.net: initial validation status for record.child.example.sandbox.domain.net is Indeterminate record.child.example.sandbox.domain.net: Cache consultations done, have 1 NS to contact record.child.example.sandbox.domain.net: Domain has hardcoded nameserver record.child.example.sandbox.domain.net.: Nameservers: -192.168.32.3:53(0.00ms) record.child.example.sandbox.domain.net: Resolved 'domain.net' NS (empty) to: 192.168.32.3 record.child.example.sandbox.domain.net: Trying IP 192.168.32.3:53, asking 'record.child.example.sandbox.domain.net|A' record.child.example.sandbox.domain.net: Got 3 answers from (empty) (192.168.32.3), rcode=0 (No Error), aa=0, in 6ms record.child.example.sandbox.domain.net: accept answer 'child.example.sandbox.domain.net|NS|dev76-sandbox-pdnsmaster01.domain.net.' from 'domain.net' nameservers? ttl=3600, place=2 YES! - This answer was received from a server we forward to. record.child.example.sandbox.domain.net: accept answer 'child.example.sandbox.domain.net|NS|dev76-sandbox-pdnsmaster02.domain.net.' from 'domain.net' nameservers? ttl=3600, place=2 YES! - This answer was received from a server we forward to. record.child.example.sandbox.domain.net: OPT answer '.' from 'domain.net' nameservers : got initial zone status Indeterminate for record child.example.sandbox.domain.net|NS record.child.example.sandbox.domain.net: determining status after receiving this packet record.child.example.sandbox.domain.net: got NS record 'child.example.sandbox.domain.net' -> 'dev76-sandbox-pdnsmaster01.domain.net.' record.child.example.sandbox.domain.net: got NS record 'child.example.sandbox.domain.net' -> 'dev76-sandbox-pdnsmaster02.domain.net.' record.child.example.sandbox.domain.net: status=did not resolve, got 2 NS, looping to them record.child.example.sandbox.domain.net.: Nameservers: dev76-sandbox-pdnsmaster01.domain.net(0.00ms), dev76-sandbox-pdnsmaster02.domain.net(0.00ms) record.child.example.sandbox.domain.net: Trying to resolve NS 'dev76-sandbox-pdnsmaster01.domain.net' (1/2) dev76-sandbox-pdnsmaster01.domain.net: Wants DNSSEC processing, NO auth data in query for A dev76-sandbox-pdnsmaster01.domain.net: Looking for CNAME cache hit of 'dev76-sandbox-pdnsmaster01.domain.net|CNAME' dev76-sandbox-pdnsmaster01.domain.net: Looking for DNAME cache hit of 'dev76-sandbox-pdnsmaster01.domain.net|DNAME' or its ancestors dev76-sandbox-pdnsmaster01.domain.net: No CNAME or DNAME cache hit of 'dev76-sandbox-pdnsmaster01.domain.net' found dev76-sandbox-pdnsmaster01.domain.net: No cache hit for 'dev76-sandbox-pdnsmaster01.domain.net|A', trying to find an appropriate NS record : got TA for '.' : setting cut state for . to Secure dev76-sandbox-pdnsmaster01.domain.net: initial validation status for dev76-sandbox-pdnsmaster01.domain.net is Indeterminate dev76-sandbox-pdnsmaster01.domain.net: Cache consultations done, have 1 NS to contact dev76-sandbox-pdnsmaster01.domain.net: Domain has hardcoded nameserver dev76-sandbox-pdnsmaster01.domain.net.: Nameservers: -192.168.32.3:53(6.18ms) dev76-sandbox-pdnsmaster01.domain.net: Resolved 'domain.net' NS (empty) to: 192.168.32.3 dev76-sandbox-pdnsmaster01.domain.net: Trying IP 192.168.32.3:53, asking 'dev76-sandbox-pdnsmaster01.domain.net|A' dev76-sandbox-pdnsmaster01.domain.net: Got 2 answers from (empty) (192.168.32.3), rcode=0 (No Error), aa=1, in 2ms dev76-sandbox-pdnsmaster01.domain.net: accept answer 'dev76-sandbox-pdnsmaster01.domain.net|A|10.63.70.196' from 'domain.net' nameservers? ttl=3600, place=1 YES! - This answer was received from a server we forward to. dev76-sandbox-pdnsmaster01.domain.net: OPT answer '.' from 'domain.net' nameservers : got initial zone status Indeterminate for record dev76-sandbox-pdnsmaster01.domain.net|A dev76-sandbox-pdnsmaster01.domain.net: determining status after receiving this packet dev76-sandbox-pdnsmaster01.domain.net: answer is in: resolved to '10.63.70.196|A' dev76-sandbox-pdnsmaster01.domain.net: status=got results, this level of recursion done dev76-sandbox-pdnsmaster01.domain.net: validation status is Indeterminate record.child.example.sandbox.domain.net: Resolved 'child.example.sandbox.domain.net' NS dev76-sandbox-pdnsmaster01.domain.net to: 10.63.70.196 record.child.example.sandbox.domain.net: Trying IP 10.63.70.196:53, asking 'record.child.example.sandbox.domain.net|A' record.child.example.sandbox.domain.net: Got 2 answers from dev76-sandbox-pdnsmaster01.domain.net (10.63.70.196), rcode=0 (No Error), aa=1, in 5ms record.child.example.sandbox.domain.net: accept answer 'record.child.example.sandbox.domain.net|A|8.8.8.8' from 'child.example.sandbox.domain.net' nameservers? ttl=3600, place=1 YES! record.child.example.sandbox.domain.net: OPT answer '.' from 'child.example.sandbox.domain.net' nameservers : got initial zone status Indeterminate for record record.child.example.sandbox.domain.net|A record.child.example.sandbox.domain.net: determining status after receiving this packet record.child.example.sandbox.domain.net: answer is in: resolved to '8.8.8.8|A' record.child.example.sandbox.domain.net: status=got results, this level of recursion done record.child.example.sandbox.domain.net: validation status is Indeterminate 3 [1/1] answer to question 'record.child.example.sandbox.domain.net|A': 1 answers, 1 additional, took 3 packets, 13.963 netw ms, 15.66 tot ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 # child zone JSON of all records and config { "account": "", "api_rectify": false, "dnssec": false, "edited_serial": 1615590798, "id": "child.example.sandbox.domain.net.", "kind": "Master", "last_check": 0, "master_tsig_key_ids": [], "masters": [], "name": "child.example.sandbox.domain.net.", "notified_serial": 1615589046, "nsec3narrow": false, "nsec3param": "", "rrsets": [ { "comments": [], "name": "record.child.example.sandbox.domain.net.", "records": [ { "content": "8.8.8.8", "disabled": false } ], "ttl": 3600, "type": "A" }, { "comments": [], "name": "child.example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net. admin.domain.net. 1615589046 10800 3600 604800 86400", "disabled": false } ], "ttl": 3600, "type": "SOA" }, { "comments": [], "name": "child.example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net.", "disabled": false }, { "content": "dev76-sandbox-pdnsmaster02.domain.net.", "disabled": false } ], "ttl": 3600, "type": "NS" } ], "serial": 1615589046, "slave_tsig_key_ids": [], "soa_edit": "", "soa_edit_api": "", "url": "/api/v1/servers/localhost/zones/child.example.sandbox.domain.net." } # parent zone before adding NS records for child zone { "account": "", "api_rectify": false, "dnssec": false, "edited_serial": 1615588424, "id": "example.sandbox.domain.net.", "kind": "Master", "last_check": 0, "master_tsig_key_ids": [], "masters": [], "name": "example.sandbox.domain.net.", "notified_serial": 1614635274, "nsec3narrow": false, "nsec3param": "", "rrsets": [ { "comments": [], "name": "example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net. admin.domain.net. 1614635274 10800 3600 604800 86400", "disabled": false } ], "ttl": 3600, "type": "SOA" }, { "comments": [], "name": "example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net.", "disabled": false }, { "content": "dev76-sandbox-pdnsmaster02.domain.net.", "disabled": false } ], "ttl": 3600, "type": "NS" } ], "serial": 1614635274, "slave_tsig_key_ids": [], "soa_edit": "", "soa_edit_api": "", "url": "/api/v1/servers/localhost/zones/example.sandbox.domain.net." } # parent zone after adding NS records for child zone { "account": "admin", "api_rectify": false, "dnssec": false, "edited_serial": 1615589461, "id": "example.sandbox.domain.net.", "kind": "Slave", "last_check": 1615588974, "master_tsig_key_ids": [], "masters": [ "10.63.70.196" ], "name": "example.sandbox.domain.net.", "notified_serial": 1615588974, "nsec3narrow": false, "nsec3param": "", "rrsets": [ { "comments": [], "name": "example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net. admin.domain.net. 1615588974 10800 3600 604800 86400", "disabled": false } ], "ttl": 3600, "type": "SOA" }, { "comments": [], "name": "child.example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net.", "disabled": false }, { "content": "dev76-sandbox-pdnsmaster02.domain.net.", "disabled": false } ], "ttl": 3600, "type": "NS" }, { "comments": [], "name": "example.sandbox.domain.net.", "records": [ { "content": "dev76-sandbox-pdnsmaster01.domain.net.", "disabled": false }, { "content": "dev76-sandbox-pdnsmaster02.domain.net.", "disabled": false } ], "ttl": 3600, "type": "NS" } ], "serial": 1615588974, "slave_tsig_key_ids": [], "soa_edit": "", "soa_edit_api": "", "url": "/api/v1/servers/localhost/zones/example.sandbox.domain.net." }