Messege in syslog: Zone "mydomain.com" (file ns1.mydomain.com) no NS RRs found at zone top
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 21 01:51:47 UTC 2000
zz at rockstone.com wrote:
> I would appreciate anyone's input or advise.
> I got error messages on my Redhat 7.0, in system message log,
>
> Problem 1:
>
> named error message in syslog, complaining:
> " Zone "myns.com" (file ns1.myns.zone): no NS RRs found at zone top":
> ------------------------------------------------------------------------
> # /usr/sbin/ndc restart
> It generates in file /var/log/messages:
>
> Nov 19 18:43:53 NS1 named[13463]: starting. named 8.2.2-P5 Sat Aug 5 13:21:24
> EDT 2000 ^Iprospector at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src
> /bin/named
> Nov 19 18:43:53 NS1 named[13463]: hint zone "" (IN) loaded (serial 0)
> Nov 19 18:43:53 NS1 named[13463]: Zone "myns.com" (file ns1.myns.zone): no NS RR
> s found at zone top
> Nov 19 18:43:53 NS1 named[13463]: master zone "myns.com" (IN) rejected due to er
> rors (serial 2000111917)
> Nov 19 18:43:53 NS1 named[13463]: master zone "0.0.127.in-addr.arpa" (IN) loaded
> (serial 1997022700)
> Nov 19 18:43:53 NS1 named[13463]: Zone "16.172.in-addr.arpa" (file rever.myns.zo
> ne): no NS RRs found at zone top
>
> ------------------------------------------------------------------------
> Problem 2:
> Underscore character "_" in host name, e.g. if host name containins
> "_", such as iss_demoserver, in A record, then named generates
> such error in message log:
>
> iss_demos IN A 172.16.1.13 ; this record generates error.
>
> Nov 19 17:22:10 NS1 named[13210]: owner name "iis_demo.myns.com" IN (primary) is
> invalid - rejecting
> Nov 19 17:22:10 NS1 named[13210]: ns1.myns.zone:134: owner name error
> Nov 19 17:22:10 NS1 named[13210]: ns1.myns.zone:134: Database error near (A)
>
> But if change it so the CNAME contains "_" then the error message do not
> happen again. why?
>
> issdemos IN A 172.16.1.13 ; iss_demo renamed to issdemos
> iss_demos IN CNAME issdemos ; this name seems works fine.
> Following are my configuration files:
> ------------------------------------------------------------------------
> Contents of /etc/named.conf
> options {
> directory "/var/named";
> query-source address * port 53;
> // (This dns server is behind Cisco firewall serving internal LAN only)
> //
> zone "." IN {
> type hint;
> file "named.ca";
> };
> zone "myns.com" IN {
> type master;
> file "ns1.myns.zone";
> allow-update { none; };
> };
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
> zone "16.172.in-addr.arpa" IN {
> type master;
> file "rever.myns.zone";
> allow-update { none; };
> };
> -----------------------------------------------------
> Contents of file: /var/named/ns1.myns.zone
>
> $TTL 864000
> @ IN SOA ns1.myns.com. mymail-hq (
> 2000111917 ; serial number
> 28800 ; Refresh
> 14400 ; Retry
> 720000 ; expire
> 604800) ; deafult TTL
> 172.16.1.200 IN NS ns1.myns.com.
> 172.16.1.201 IN NS ns2.myns.com.
> IN MX 10 mymail-hq.myns.com.
> IN MX 30 my2ndmail.myns.com.
> dragon IN A 172.16.1.3 ; Internal LAN Server1
> phoenix IN A 172.16.1.6
> mybdc-02 IN A 172.16.1.12 ; My 2nd BDC
> mybdc03 IN A 172.16.1.13 ; My 3rd BDC
Sorry, this is just plain wrong. You seem to be trying to create a A/NS hybrid by
cramming the IP address of the nameserver into the beginning of the NS record. What
in fact you did was unwittingly delegate the "172.16.1.200.myns.com" and a
"172.16.1.201.myns.com" subdomains to nameservers with unresolvable names
(ns1.myns.com and ns2.myns.com), and you left myns.com itself devoid of any NS
records at all! You can't combine NS and A records; you need to define
*separate* NS and A records, like so:
in ns ns1.myns.com.
in ns ns2.myns.com.
ns1 in a 172.16.1.200
ns2 in a 172.16.1.201
(Note: you should put these A records *after* the MX records, otherwise the
MX records will be misinterpreted.)
As for the underscores, it's an illegal character and you should be making plans to
eliminate them from all of your DNS names that are interpreted as hostnames (the
reason I make this qualification is because underscores in, say, SRV records are
legal -- and in fact encouraged -- because SRV records are not interpreted as
hostnames). In the interim, you can use the "check-names" option to relax named's
name-checking.
By the way, BIND 8.2.2-p5 has security problems. Upgrade to p7.
- Kevin
More information about the bind-users
mailing list