Messege in syslog: Zone "mydomain.com" (file ns1.mydomain.com) no NS RRs found at zone top

Kevin Darcy kcd at daimlerchrysler.com
Tue Nov 21 01:51:47 UTC 2000 

zz at rockstone.com wrote:

> I would appreciate anyone's input or advise.
> I got error messages on my Redhat 7.0, in system message log,
>
> Problem 1:
>
> named error message in syslog, complaining:
> " Zone "myns.com" (file ns1.myns.zone): no NS RRs found at zone top":
> ------------------------------------------------------------------------
> # /usr/sbin/ndc restart
> It generates in file /var/log/messages:
>
> Nov 19 18:43:53 NS1 named[13463]: starting.  named 8.2.2-P5 Sat Aug  5 13:21:24
> EDT 2000 ^Iprospector at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P5/src
> /bin/named
> Nov 19 18:43:53 NS1 named[13463]: hint zone "" (IN) loaded (serial 0)
> Nov 19 18:43:53 NS1 named[13463]: Zone "myns.com" (file ns1.myns.zone): no NS RR
> s found at zone top
> Nov 19 18:43:53 NS1 named[13463]: master zone "myns.com" (IN) rejected due to er
> rors (serial 2000111917)
> Nov 19 18:43:53 NS1 named[13463]: master zone "0.0.127.in-addr.arpa" (IN) loaded
>  (serial 1997022700)
> Nov 19 18:43:53 NS1 named[13463]: Zone "16.172.in-addr.arpa" (file rever.myns.zo
> ne): no NS RRs found at zone top
>
> ------------------------------------------------------------------------
> Problem 2:
> Underscore character "_" in host name, e.g. if host name containins
>  "_", such as iss_demoserver, in A record, then named generates
> such error in message log:
>
> iss_demos   IN      A        172.16.1.13 ; this record generates error.
>
> Nov 19 17:22:10 NS1 named[13210]: owner name "iis_demo.myns.com" IN (primary) is
>  invalid - rejecting
> Nov 19 17:22:10 NS1 named[13210]: ns1.myns.zone:134: owner name error
> Nov 19 17:22:10 NS1 named[13210]: ns1.myns.zone:134: Database error near (A)
>
> But if change it so the CNAME contains "_" then the error message do not
> happen again. why?
>
> issdemos    IN      A        172.16.1.13   ; iss_demo renamed to issdemos
> iss_demos   IN      CNAME    issdemos      ; this name seems works fine.
> Following are my configuration files:
> ------------------------------------------------------------------------
> Contents of /etc/named.conf
> options {
>         directory "/var/named";
>          query-source address * port 53;
> // (This dns server is behind Cisco firewall serving internal LAN only)
> //
> zone "." IN {
>         type hint;
>         file "named.ca";
> };
> zone "myns.com" IN {
>         type master;
>         file "ns1.myns.zone";
>         allow-update { none; };
> };
> zone "0.0.127.in-addr.arpa" IN {
>         type master;
>         file "named.local";
>         allow-update { none; };
> };
> zone "16.172.in-addr.arpa" IN {
>         type master;
>         file "rever.myns.zone";
>         allow-update { none; };
> };
> -----------------------------------------------------
> Contents of file:  /var/named/ns1.myns.zone
>
> $TTL    864000
> @       IN      SOA     ns1.myns.com. mymail-hq (
>                         2000111917      ; serial number
>                         28800           ; Refresh
>                         14400           ; Retry
>                         720000          ; expire
>                         604800)         ; deafult TTL
> 172.16.1.200    IN      NS              ns1.myns.com.
> 172.16.1.201    IN      NS              ns2.myns.com.
>                 IN      MX      10      mymail-hq.myns.com.
>                 IN      MX      30      my2ndmail.myns.com.
> dragon               IN  A     172.16.1.3       ; Internal LAN Server1
> phoenix              IN  A     172.16.1.6
> mybdc-02             IN  A     172.16.1.12      ; My 2nd BDC
> mybdc03              IN  A     172.16.1.13      ; My 3rd BDC

Sorry, this is just plain wrong. You seem to be trying to create a A/NS hybrid by
cramming the IP address of the nameserver into the beginning of the NS record. What
in fact you did was unwittingly delegate the "172.16.1.200.myns.com" and a
"172.16.1.201.myns.com" subdomains to nameservers with unresolvable names
(ns1.myns.com and ns2.myns.com), and you left myns.com itself devoid of any NS
records at all! You can't combine NS and A records; you need to define
*separate* NS and A records, like so:

       in    ns    ns1.myns.com.
       in    ns    ns2.myns.com.
ns1    in    a     172.16.1.200
ns2    in    a     172.16.1.201

(Note: you should put these A records *after* the MX records, otherwise the
MX records will be misinterpreted.)

As for the underscores, it's an illegal character and you should be making plans to
eliminate them from all of your DNS names that are interpreted as hostnames (the
reason I make this qualification is because underscores in, say, SRV records are
legal -- and in fact encouraged -- because SRV records are not interpreted as
hostnames). In the interim, you can use the "check-names" option to relax named's
name-checking.

By the way, BIND 8.2.2-p5 has security problems. Upgrade to p7.

                                                                        - Kevin

More information about the bind-users mailing list