"not at top of zone" in BIND9: what the heck?
david.tonhofer at synapse.lu
Sun Mar 4 20:39:38 UTC 2001
Yup, it works now, with 10.in-addr.arpa in the SOA and the
the zone origin in named.conf.
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Kevin Darcy
Sent: Saturday, March 03, 2001 4:49 AM
To: bind-users at isc.org
Subject: Re: "not at top of zone" in BIND9: what the heck?
The owner name of the SOA record must *exactly* match the origin of the
zone. You're trying to load a "10.in-addr.arpa" zone with a
"0.0.10.in-addr.arpa" SOA record. So it's being rejected.
Change the origin of the zone or the owner name of the SOA record, or
both, so that they match.
David Tonhofer wrote:
> Sorry to be even more bother...
> ...I must be missing something generously obvious.
> I'm trying to set up a subdomain "dmz.synapse.lu" as a 10.0.0.0
> private network on a DNS which is *also* the secondary DNS
> of a publicly visible network. So we have the not unusual:
> ---- 220.127.116.11 ---- SERVER ---- 10.0.0.0 -----
> (on Ethernet 1) BIND 9 (on Ethernet 2)
> I succeeded in setting up the forward name resolution for
> 10.0.0.0, no problem.
> However, in-addr.arpa. name resolution has given me red-rimmed
> eyes. Whenever I 'reload' the namerver I get
> dns_master_load: named.dmz.rev:10: not at top of zone
> named: dns_zone_load: zone 10.in-addr.arpa/IN:
> loading master file named.dmz.rev: not at top of zone
> ...which of course means that will I please put a single SOA into
> the file and at the top too. Problem is, I did. Here's the file:
> $TTL 28800
> 0.0.10.in-addr.arpa. IN SOA mithras.dmz.synapse.lu.
> dnsadmin.synapse.lu. (
> 2001030309 ; serial
> 28800 ; refresh (8 hours)
> 7200 ; retry (2 hours)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> 0.0.10.in-addr.arpa. IN NS mithras.dmz.synapse.lu.
> So you see I have already removed all the PTR records, even
> tried to remove the NS record to no avail. If you get me a
> clue-injection I would be very grateful (and I checked the
> archives, too). Note that I tried 10.in-addr.arpa. too.
> -- David Tonhofer
More information about the bind-users