domain keys and name-checking
D. Stussy
spam at bde-arc.ampr.org
Fri Oct 17 21:27:53 UTC 2008
"aklist" <aklist_bind at enigmedia.com> wrote in message
news:gdausb$15ol$1 at sf1.isc.org...
> > My guess is that you inserted that line between records for the same
> > name, that were making use of the feature of automatically reusing the
> > name from the previous line, e.g. you started with:
> >
> > foo IN A 1.2.3.4
> > IN A 2.3.4.5
> >
> > and changed it to:
> >
> > foo IN A 1.2.3.4
> > server._domainkey IN TXT "k=rsa; p=[very long string]"
> > IN A 2.3.4.5
> >
> > Now the second A record is assigned to server._domainkey, which is not a
> > valid hostname.
>
> Hi: I'm close to fixing this...I moved the "sever._domainkeys..." record
to
> the bottom of the domain, and named-checkzone doesn't object.
>
> However, I have a subdomain that I'm trying to declare at the same time,
and
> when I append it to the end of the domain I get an "ignoring out-of-zone
> data" error for all the subdomain's A records. (The subdomain only
contains
> a single server, which is a mailserver with 5 IPs assigned to it.) My
> complete domain looks like this:
>
> $TTL 3h
> @ IN SOA ns.parent.com. hostmaster.parent.com. (
> 2008101601 ; serial
> 3h ; refresh
> 1h ; retry
> 1w ; expire
> 1h ) ; neg cache
> ;
> NS ns.parent.com.
> NS ns1.parent.com.
> ;
> MX 10 mail
> ;
> TXT "v=spf1 ip4:aaa.bbb.ccc.40/29 a mx -all"
> ;
> A aaa.bbb.ccc.41
> mail A aaa.bbb.ccc.42
> www A aaa.bbb.ccc.41
> ;
> server._domainkey.domain.com. IN TXT "k=rsa; p=[long string]"
> ;
> $ORIGIN sub.domain.com.
> server A aaa.bbb.ccc.42
> server A aaa.bbb.ddd.12
> server A aaa.bbb.ddd.13
> server A aaa.bbb.ddd.14
> server A aaa.bbb.ddd.15
> MX 10 server
> ;
> TXT "v=spf1 ip4:aaa.bbb.ccc.40/29 a mx -all"
If it's really a subdomain, then the $ORIGIN statement should be a RELATIVE
name (especially since there's only one such statement). The same thing
goes with the _domainkey label(s).
More information about the bind-users
mailing list