named-checkzone with multiple $ORIGIN

Bernard Fay bernard.fay at gmail.com
Mon Jun 5 14:09:51 UTC 2017 

Ok that was my misunderstanding of named-checkzone. I though I had to check
for all $ORIGINs.

I haven't played with IPv6 yet.  I hope I'll have a chance to do it
eventually.

Thanks for your time guys!



On Mon, Jun 5, 2017 at 9:49 AM, Mark Elkins <mje at posix.co.za> wrote:

> Most certainly - Yes.
>
> You have a single zone here, thus only:
>
>      named-checkzone example.com example.com.zone
> ...should work.
>
> Wait till you play with a reverse IPv6 zone - where I personally use many
> $ORIGIN statements - saves hours of typing and makes reading the Zones so
> much easier.
>
>
>
> On 05/06/2017 15:40, Bernard Fay wrote:
>
> I understand what $ORIGIN is doing by reducing the typing and making it
> easier to maintain the zone files.
>
> To Tony, should I understand while using named-checkzone I need to enter
> *only* the top domain and named-checkzone will understand the subdomains
> defined by the multiple $ORIGIN in the zone file?
>
> Thanks,
> Bernard
>
>
> On Mon, Jun 5, 2017 at 9:18 AM, Tony Finch <dot at dotat.at> wrote:
>
>> Bernard Fay <bernard.fay at gmail.com> wrote:
>> >
>> > I took control of a DNS based on Bind 9.9.  One of the zone files have
>> > multiple $ORIGIN for example:
>>
>> The key thing to understand is that $ORIGIN just controls how unqualified
>> domain names are expanded into fully-qualified domain names. In
>> particular, $ORIGIN is completely independent of zone boundaries.
>>
>> So in the master file you sketched out,
>>
>> > $ORIGIN example.com
>> > ...
>> > $ORIGIN sub1.example.com
>> > ...
>> > $ORIGIN sub2.example.com
>> > ...
>> > $ORIGIN sub3.example.com
>> > ...
>>
>> The person who wrote the file is using $ORIGIN in order to abbreviate
>> unqualified names in subdomains, but the subdomains are all part of the
>> same zone.
>>
>> The other thing to be aware of is that it is possible to write a zone file
>> without any fuly-qualified names, which is why you have to specify the
>> zone name when loading the file. (This feature is useful for empty zones,
>> for example, but it's usually not a good idea for normal zones.) The zone
>> name is used to set the default $ORIGIN and for the zone sanity checks.
>>
>> So, this works...
>>
>> > While checking the zone file with:
>> > named-checkzone example.com example.com.zone
>> > named-checkzone returns ok for the first $ORIGIN.
>>
>> ...because the zone name you specified on the command line matches the
>> contents of the master file.
>>
>> However,
>>
>> > named-checkzone sub1.example.com example.com.zone
>> > named-checkzone sub2.example.com example.com.zone
>> > named-checkzone sub3.example.com example.com.zone
>> > named-checkzone reports many "ignoring out-of-zone data (....
>> example.com)"
>>
>> this doesn't make sense. The master file is one single whole complete
>> zone. The subdomains are not separate zones, and you can't load or check
>> part of the file.
>>
>> So the error message is saying that the SOA record and the apex NS records
>> at example.com and loads of other records are not subdomains of the zone
>> name that you gave on the commamnd line. I usually encounter this error
>> when I have accidentally got my zone name and master file name muddled
>> up, and once you get used to the error message it's a useful consistency
>> check.
>>
>> Tony.
>> --
>> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h
>> punycode
>> Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, decreasing 5
>> later
>> in southwest. Moderate or rough. Rain at first. Moderate or good.
>>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing listbind-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Mark James ELKINS  -  Posix Systems - (South) Africamje at posix.co.za       Tel: +27.128070590 <+27%2012%20807%200590>  Cell: +27.826010496 <+27%2082%20601%200496>
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170605/9026c346/attachment-0001.html>

More information about the bind-users mailing list