named service suddenly fails to start

Petr Menšík pemensik at redhat.com
Fri Nov 5 13:03:34 UTC 2021 

I am not 100% sure, but what format of the zone were used?

I think this should be usually catched by default check-names value on
master zones. However, in masterfile-format, I found this sentence [1]:

> In particular, *check-names* checks do not apply for the |raw| format.

Does that mean dynamic updated zones saved in raw format would never
have check-names active, both on dynamic updates and on (re)start of
named? I have not tested it yet, but it might be somehow hard to avoid.
I found no details about dynamic updates related in check-names. I think
it should refuse such updates on primary server, but not sure that is
enforced. Especially if zone file format is raw.

Cheers,
Petr

1. https://bind.isc.org/doc/arm/9.11/Bv9ARM.ch06.html#options_grammar

On 11/4/21 20:27, Bruce Johnson via bind-users wrote:
> On Nov 4, 2021, at 12:01 PM, Bruce Johnson
> <johnson at pharmacy.arizona.edu> wrote:
>>
>> This morning our server started failing to reload or start.
>>
>> checking the status reveals not a lot of info:
>>
>> systemctl status named-chroot
>> ● named-chroot.service - Berkeley Internet Name Domain (DNS)
>>   Loaded: loaded (/usr/lib/systemd/system/named-chroot.service;
>> enabled; vendor preset: disabled)
>>   Active: failed (Result: exit-code) since Thu 2021-11-04 11:55:17
>> MST; 27s ago
>>  Process: 2020 ExecStartPre=/bin/bash -c if [ !
>> "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf
>> -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone
>> files is disabled"; fi (code=exit>
>
> named-checkconf -z revealed a name had been entered with underscores.
> The person responsible has been sacked. (not really, merely reminded
> no underscores are allowed in A records :-)
>
> Does named-checkzone not check for this? 
>
>
> -- 
> Bruce Johnson
> University of Arizona
> College of Pharmacy
> Information Technology Group
>
> Institutions do not have opinions, merely customs
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20211105/a6b09b30/attachment.htm>

More information about the bind-users mailing list