Forward zone files not working on Bind 9.3.6-P1 for Solaris and OpenSolaris??

Kevin Darcy kcd at chrysler.com
Fri Oct 30 22:07:31 UTC 2009 

Kaya Saman wrote:
> Kevin Darcy wrote:
>> If you're loading a zone as "sgd.test", then an owner name of 
>> ns-m.test doesn't belong in it, and BIND is correct to reject it.
>>
>> Either change that name to something under sgd.test, or set up a 
>> separate zone for ns-m.test or anything above that in the hierarchy 
>> (i.e. "test" or root).
>>
>> I don't know why this would have worked in your old environment, but 
>> then again I don't know what version "BIND 9 from Blastwave" is, or 
>> what you mean by "skeleton of the files".
>>
>> - Kevin
>>
>>
> Hi Keven,
>
> thanks for responding :-)
>
> By skeleton I meant format. Sorry if put badly but basically I have 
> noticed that through different versions of Bind the overall layout and 
> format of the zone files does change for some reason especially since 
> I have gone from various Linux distros to Solaris now;
I think the last significant update to the master-file syntax was when 
$TTL was defined in RFC 2308 (circa 1998).
>
> To give you an example of what I mean, taking the domain as domain.com:
>
> ;
> ; BIND data file for example.com
> ;
> $TTL 1d
> @ IN SOA ns-m.domain.com. mail.domain.com. (
> 2009103007 ; Serial
> 7200 ; Refresh
> 120 ; Retry
> 2419200 ; Expire
> 86400) ; Default TTL
> ;
> IN NS ns-m.domain.com.
> ns-m.domain.com. IN A 192.168.2.24
> sgd.domain.com. IN A 192.168.2.24
>
>
>
> Then reference this in named.conf calling the zone 'domain', like so:
>
> zone "domain" {
> type master;
> file "/var/named/domain.db";
> allow-query { internals; };
> }
No, that won't work. The names in the zone file are all under 
"domain.com", but you're trying to load the zone as simply "domain", 
which is not in the same naming hierarchy; in fact it's a completely 
different TLD (top-level domain).

As well as setting the default $ORIGIN, the name of a zone in named.conf 
also defines the allowable scope of all owner names within it. You can't 
just pick some name arbitrarily, like you can with, for examples, "view" 
or "acl". It actually forms a branch in the DNS database; all of the 
owner names in the zone must then be at or underneath that point in the 
hierarchy.

- Kevin

More information about the bind-users mailing list