Named will not start when $ORIGIN is present, other errors also, bind 9.7.3-p3
Mark Andrews
marka at isc.org
Tue Mar 6 20:47:54 UTC 2012
In message <CAFWoy7HMbssOxE3n-dsW+R2COYwd94qwwdQupTAi2q6GyoJO=Q at mail.gmail.com>
, Keith Christian writes:
> Hello,
>
>
> Attempting to set up a small dns server purely for testing purposes,
> using a non-existent domain name.
>
> I have run into problems with my very simple setup, have tried
> changing multiple tokens in the config files, no success, but have
> found a few items:
>
> - The zone file loads, and BIND starts, if the $ORIGIN line is
> commented out of the zone file. Apparently, $ORIGIN is not required,
> but why would its presence cause an error?
>
> - "dig" lookups do not succeed even when $ORIGIN is commented out,
> with named running.
>
> There is an error somewhere in the config files, but I cannot locate
> it, or I'm doing something fundamentally wrong.
>
> NS and SOA records exist, contrary to bind's output messages.
>
>
> Any insight or corrections appreciated.
Read and correct the errror messages from named-checkconf. named.conf
and the zone's contents are not consistant. named.conf says the zones
name is "zone001" while the $ORIGIN say it is "keith1q2w.com" so not
records for "zone001" are found.
"zone001" != "keith1q2w.com"
Mark
P.S. named would have loaded if the load had been attempted. This
was named-checkconf reporting errors and the startup script choosing
to abort the startup. I would have expected this sort of error to
abort a restart before shutting down the running server but to not
stop a named starting up in the first place (i.e. on reboot).
> Thanks.
>
>
>
> START OF PASTED DATA
> START OF PASTED DATA
> START OF PASTED DATA
>
> 1 Running on CentOS 6.x, with the following packages:
> 2 ===============================================================
> =================
> 3 bind-9.7.3-8.P3.el6_2.2.i686
> 4 bind-chroot-9.7.3-8.P3.el6_2.2.i686
> 5 bind-libs-9.7.3-8.P3.el6_2.2.i686
> 6 bind-utils-9.7.3-8.P3.el6_2.2.i686
> 7 ===============================================================
> =================
> 8
> 9
> 10
> 11
> 12 Output from dig when looking up a nameserver on the fictitious
> domain:
> 13 ===============================================================
> =================
> 14 dig @localhost keith1q2w.com ns
> 15
> 16 ; <<>> DiG 9.5.2-P3 <<>> @localhost keith1q2w.com ns
> 17 ; (2 servers found)
> 18 ;; global options: printcmd
> 19 ;; Got answer:
> 20 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38557
> 21 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITION
> AL: 0
> 22
> 23 ;; QUESTION SECTION:
> 24 ;keith1q2w.com. IN NS
> 25
> 26 ;; AUTHORITY SECTION:
> 27 com. 900 IN SOA
> a.gtld-servers.net. nstld.verisign-grs.com. 1331061717 1800 900 604800
> 86400
> 28
> 29 ;; Query time: 144 msec
> 30 ;; SERVER: 127.0.0.1#53(127.0.0.1)
> 31 ;; WHEN: Tue Mar 6 12:22:29 2012
> 32 ;; MSG SIZE rcvd: 104
> 33
> 34
> 35
> 36
> 37 Error messages from BIND when $ORIGIN is un-commented in the zo
> ne file:
> 38 ===============================================================
> =================
> 39 Stopping named: [ O
> K ]
> 40 Starting named:
> 41 Error in named configuration:
> 42 zone localhost/IN: loaded serial 0
> 43 zone 0.0.127.in-addr.arpa/IN: loaded serial 0
> 44 zone/zone001:5: ignoring out-of-zone data (keith1q2w.com)
> 45 zone/zone001:21: ignoring out-of-zone data (nameserver01.keith1
> q2w.com)
> 46 zone/zone001:22: ignoring out-of-zone data (mail.keith1q2w.com)
> 47 zone/zone001:23: ignoring out-of-zone data (mail2.keith1q2w.com
> )
> 48 zone/zone001:24: ignoring out-of-zone data (mail3.keith1q2w.com
> )
> 49 zone zone001/IN: has 0 SOA records
> 50 zone zone001/IN: has no NS records
> 51 zone zone001/IN: not loaded due to errors.
> 52 _default/zone001/IN: bad zone
> 53 [FAI
> LED]
> 54 rndc: connect failed: 127.0.0.1#953: connection refused
> 55 named is stopped
> 56
> 57
> 58
> 59
> 60 Contents of /etc/named.conf:
> 61 ===============================================================
> =================
> 62
> 63 options {
> 64 directory "/etc/named";
> 65 pid-file "/var/run/named.pid";
> 66 statistics-file "/var/run/named.stats";
> 67 # hide our "real" version number
> 68 version "[secured]";
> 69 dump-file "/var/run/named.db";
> 70
> 71
> 72 /*
> 73 * If there is a firewall between you and nameservers
> you want
> 74 * to talk to, you might need to uncomment the query-s
> ource
> 75 * directive below. Previous versions of BIND always
> asked
> 76 * questions using port 53, but BIND 8.1 uses an unpri
> vileged
> 77 * port by default.
> 78 */
> 79
> 80 // query-source address * port 53;
> 81 allow-recursion { any; };
> 82 allow-query { any; };
> 83 //allow-query-cache { any; };
> 84 //also-notify { www.xxx.yyy.zzz ; www.xxx.yyy.zzz ;
> www.xxx.yyy.z
> 85 };
> 86
> 87
> 88 logging {
> 89 channel querylog {
> 90 file "/var/run/named-query.log" versions 5 siz
> e 10M;
> 91 print-severity yes;
> 92 print-time yes;
> 93 };
> 94 category queries { querylog; };
> 95 };
> 96
> 97
> 98 //
> 99 // a caching only nameserver config
> 100 //
> 101 #Use with the following in named.conf, adjusting the allow
> list as needed
> 102 #
> 103 controls {
> 104 inet 127.0.0.1 port 953
> 105 allow { 127.0.0.1; } keys { "rndc-key"; };
> 106 };
> 107 zone "." IN {
> 108 type hint;
> 109 file "named.ca";
> 110 };
> 111
> 112 zone "localhost" IN {
> 113 type master;
> 114 file "localhost.zone";
> 115 allow-update { none; };
> 116 };
> 117
> 118 zone "0.0.127.in-addr.arpa" IN {
> 119 type master;
> 120 file "named.local";
> 121 allow-update { none; };
> 122 };
> 123
> 124 zone "zone001" IN {
> 125 type master;
> 126 file "zone/zone001";
> 127 allow-update { none; };
> 128 notify no;
> 129 };
> 130
> 131 /************************************************************
> 132 zone "zone002" IN {
> 133 type master;
> 134 file "zone/zone002";
> 135 allow-update { none; };
> 136 };
> 137
> 138 zone "zone003" IN {
> 139 type master;
> 140 file "zone/zone003";
> 141 allow-update { none; };
> 142
> 143 };
> 144
> 145 zone "zone004" IN {
> 146 type master;
> 147 file "zone/zone004";
> 148 allow-update { none; };
> 149
> 150 };
> 151
> 152 zone "zone005" IN {
> 153 type master;
> 154 file "zone/zone005";
> 155 allow-update { none; };
> 156 };
> 157 ************************************************************/
> 158
> 159 include "/etc/rndc.key";
> 160
> 161
> 162
> 163
> 164 Contents of the zone file "zone/zone001" for the fictitous zone
> "keith1q2w.com":
> 165 ===============================================================
> =================
> 166 ; IPv4 zone file for zone zone001
> 167 ;$ORIGIN keith1q2w.com.
> 168 $TTL 1d ; One day
> 169
> 170 @ IN SOA nameserver01.keith1q2w.com.
> sysadmin.keith1q2w.com. (
> 171 2012030602 ;
> zone serial number
> 172 12h ;
> refresh
> 173 15m ;
> retry
> 174 30d ;
> expiry
> 175 2h ;
> minimum
> 176 )
> 177
> 178
> 179 IN NS nameserver01.keith1q2w
> .com.
> 180 IN NS nameserver02.keith1q2w
> .com.
> 181
> 182 IN MX 10 mail.keith1q2w.com.
> 183 IN MX 20 mail2.keith1q2w.com.
> 184 IN MX 30 mail3.keith1q2w.com.
> 185
> 186 nameserver01 IN A 192.168.55.168
> 187 mail IN A 192.168.55.126
> 188 mail2 IN A 192.168.55.130
> 189 mail3 IN A 192.168.55.253
> 190
> 191
> 192
> 193
> 194
> 195 Contents of /etc/resolv.conf
> 196 ===============================================================
> =================
> 197 nameserver 127.0.0.1
> 198 search keith1q2w.com local
>
>
> END OF PASTED DATA
> END OF PASTED DATA
> END OF PASTED DATA
>
>
>
>
> ========Keith
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list