"not at top of zone" in BIND9: what the heck?

David Tonhofer david.tonhofer at synapse.lu
Sun Mar 4 20:39:38 UTC 2001

Yup, it works now, with 10.in-addr.arpa in the SOA and the
the zone origin in named.conf.

Thanks, Kevin.

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Kevin Darcy
Sent: Saturday, March 03, 2001 4:49 AM
To: bind-users at isc.org
Subject: Re: "not at top of zone" in BIND9: what the heck?

The owner name of the SOA record must *exactly* match the origin of the
zone. You're trying to load a "10.in-addr.arpa" zone with a
"0.0.10.in-addr.arpa" SOA record. So it's being rejected.

Change the origin of the zone or the owner name of the SOA record, or
both, so that they match.

- Kevin

David Tonhofer wrote:

> Sorry to be even more bother...
> ...I must be missing something generously obvious.
> I'm trying to set up a subdomain "dmz.synapse.lu" as a
> private network on a DNS which is *also* the secondary DNS
> of a publicly visible network. So we have the not unusual:
>   ---- ---- SERVER ---- -----
>        (on Ethernet 1)      BIND 9   (on Ethernet 2)
> I succeeded in setting up the forward name resolution for
>, no problem.
> However, in-addr.arpa. name resolution has given me red-rimmed
> eyes. Whenever I 'reload' the namerver I get
> -------------
> dns_master_load: named.dmz.rev:10: not at top of zone
> named[526]: dns_zone_load: zone 10.in-addr.arpa/IN:
>   loading master file named.dmz.rev: not at top of zone
> -------------
> ...which of course means that will I please put a single SOA into
> the file and at the top too. Problem is, I did. Here's the file:
> -------------------
> $TTL 28800
> 0.0.10.in-addr.arpa.            IN      SOA     mithras.dmz.synapse.lu.
> dnsadmin.synapse.lu. (
>                                 2001030309 ; serial
>                                 28800      ; refresh (8 hours)
>                                 7200       ; retry (2 hours)
>                                 604800     ; expire (1 week)
>                                 86400      ; minimum (1 day)
>                                 )
> 0.0.10.in-addr.arpa.            IN      NS      mithras.dmz.synapse.lu.
> -------------------
> So you see I have already removed all the PTR records, even
> tried to remove the NS record to no avail. If you get me a
> clue-injection I would be very grateful (and I checked the
> archives, too). Note that I tried 10.in-addr.arpa. too.
>                                 -- David Tonhofer

More information about the bind-users mailing list