One of my zones is failing, don't know why.

Ondřej Surý ondrej at isc.org
Thu Oct 5 17:31:27 UTC 2023 

Can’t tell anything from a log snippet and incomplete config. Use named -px to provide more complete but sanitized configuration file and look what is happening when the zone is loaded on primary. You sent a log that confirms what you are saying - the primary is not serving the zone, but you need to look closely when named starts why the zone isn’t loaded.

Ondřej 
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 5. 10. 2023, at 19:26, William D. Colburn <wcolburn at nrao.edu> wrote:
> 
> 
> One of my zones doesn't work anymore.  It is an external view for
> aoc.nrao.edu.  The master, zia.aoc.nrao.edu can't server it, and the two
> slaves are showing an old zone from September 20th.
> 
> I see this in the logs.  Is this a helpful clue?  I don't see anything else in the logs that looks helpful, but there are a lot of logs...
> 
> 05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879 (aoc.nrao.edu): view external: query: aoc.nrao.edu IN SOA +E(0)K (146.88.1.4)
> 05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879 (aoc.nrao.edu): view external: query failed (zone not loaded) for aoc.nrao.edu/IN/SOA at query.c:5565
> 
> The server is running bind 9.16.43.
> 
> The start of the zone looks correct to me.
> 
> $ORIGIN .
> $TTL 86400
> aoc.nrao.edu            IN SOA  zia.aoc.nrao.edu. tech.nrao.edu. (
>                                2023100503 ; serial
>                                10800      ; refresh (3 hours)
>                                3600       ; retry (1 hour)
>                                3600000    ; expire (5 weeks 6 days 16 hours)
>                                3600       ; minimum (1 hour)
>                                )
>                        NS      cv3.cv.nrao.edu.
>                        NS      zia.aoc.nrao.edu.
>                        NS      sadira.gb.nrao.edu.
>                        A       146.88.1.4
>                        MX      9 revere-vml.aoc.nrao.edu.
>                        MX      30 cv3.cv.nrao.edu.
>                        MX      30 io.gb.nrao.edu.
> $TTL 300
>                        TXT     "v=spf1 mx ~all"
> $TTL 86400
> $ORIGIN aoc.nrao.edu.
> zia                     A       146.88.1.4
>                        MX      10 dropbox
>                        MX      15 revere-vml
> dns                     CNAME   zia
> info                    CNAME   zia
> [...]
> 
> The .conf looks somewhat like this:
> 
>    # Domain aoc.nrao.edu INTERNAL
>    zone "aoc.nrao.edu" {
>        type master;
>        file "internal/master/aoc.nrao.edu";
>        allow-query {
>            any;
>        };
>        allow-transfer {
>            trusted;
>            nrao-public-ns;
>            nrao-stealth-ns;
>        };
>        also-notify {           # An ACL doesnt work here! GRRR!
>          [various things]
>        };
>        allow-update {
>            146.88.1.4;      # Making sure of nsupdate on zia
>            127.0.0.1;
>        };
>    };
> 
> 
> I did a restore from the backups a few weeks ago, and I didn't see anything weird there either.
> 
> 
> 
> --Schlake
>  Sysadmin IV, NRAO
>  Work: 575-835-7281 (BACK IN THE OFFICE!)
>  Cell: 575-517-5668 (out of work hours)
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list