Named will not start when $ORIGIN is present, other errors also, bind 9.7.3-p3

Keith Christian keith1christian at gmail.com
Tue Mar 6 20:09:34 UTC 2012


Hello,


Attempting to set up a small dns server purely for testing purposes,
using a non-existent domain name.

I have run into problems with my very simple setup, have tried
changing multiple tokens in the config files, no success, but have
found a few items:

 - The zone file loads, and BIND starts, if the $ORIGIN line is
commented out of the zone file.  Apparently, $ORIGIN is not required,
but why would its presence cause an error?

  - "dig" lookups do not succeed even when $ORIGIN is commented out,
with named running.

There is an error somewhere in the config files, but I cannot locate
it, or I'm doing something fundamentally wrong.

NS and SOA records exist, contrary to bind's output messages.


Any insight or corrections appreciated.

Thanks.



START OF PASTED DATA
START OF PASTED DATA
START OF PASTED DATA

     1	Running on CentOS 6.x, with the following packages:
     2	================================================================================
     3	bind-9.7.3-8.P3.el6_2.2.i686
     4	bind-chroot-9.7.3-8.P3.el6_2.2.i686
     5	bind-libs-9.7.3-8.P3.el6_2.2.i686
     6	bind-utils-9.7.3-8.P3.el6_2.2.i686
     7	================================================================================
     8	
     9	
    10	
    11	
    12	Output from dig when looking up a nameserver on the fictitious domain:
    13	================================================================================
    14	dig @localhost keith1q2w.com ns
    15	
    16	; <<>> DiG 9.5.2-P3 <<>> @localhost keith1q2w.com ns
    17	; (2 servers found)
    18	;; global options:  printcmd
    19	;; Got answer:
    20	;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38557
    21	;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    22	
    23	;; QUESTION SECTION:
    24	;keith1q2w.com.                 IN      NS
    25	
    26	;; AUTHORITY SECTION:
    27	com.                    900     IN      SOA
a.gtld-servers.net. nstld.verisign-grs.com. 1331061717 1800 900 604800
86400
    28	
    29	;; Query time: 144 msec
    30	;; SERVER: 127.0.0.1#53(127.0.0.1)
    31	;; WHEN: Tue Mar  6 12:22:29 2012
    32	;; MSG SIZE  rcvd: 104
    33	
    34	
    35	
    36	
    37	Error messages from BIND when $ORIGIN is un-commented in the zone file:
    38	================================================================================
    39	Stopping named:                                            [  OK  ]
    40	Starting named:
    41	Error in named configuration:
    42	zone localhost/IN: loaded serial 0
    43	zone 0.0.127.in-addr.arpa/IN: loaded serial 0
    44	zone/zone001:5: ignoring out-of-zone data (keith1q2w.com)
    45	zone/zone001:21: ignoring out-of-zone data (nameserver01.keith1q2w.com)
    46	zone/zone001:22: ignoring out-of-zone data (mail.keith1q2w.com)
    47	zone/zone001:23: ignoring out-of-zone data (mail2.keith1q2w.com)
    48	zone/zone001:24: ignoring out-of-zone data (mail3.keith1q2w.com)
    49	zone zone001/IN: has 0 SOA records
    50	zone zone001/IN: has no NS records
    51	zone zone001/IN: not loaded due to errors.
    52	_default/zone001/IN: bad zone
    53	                                                           [FAILED]
    54	rndc: connect failed: 127.0.0.1#953: connection refused
    55	named is stopped
    56	
    57	
    58	
    59	
    60	Contents of /etc/named.conf:
    61	================================================================================
    62	
    63	options {
    64	        directory       "/etc/named";
    65	        pid-file        "/var/run/named.pid";
    66	        statistics-file "/var/run/named.stats";
    67	# hide our "real" version number
    68	        version         "[secured]";
    69	        dump-file       "/var/run/named.db";
    70	
    71	
    72	         /*
    73	          * If there is a firewall between you and nameservers you want
    74	          * to talk to, you might need to uncomment the query-source
    75	          * directive below.  Previous versions of BIND always asked
    76	          * questions using port 53, but BIND 8.1 uses an unprivileged
    77	          * port by default.
    78	          */
    79	
    80	         // query-source address * port 53;
    81	         allow-recursion { any; };
    82	         allow-query { any; };
    83	         //allow-query-cache { any; };
    84	         //also-notify { www.xxx.yyy.zzz ; www.xxx.yyy.zzz ;
www.xxx.yyy.z
    85	 };
    86	
    87	
    88	 logging {
    89	         channel querylog {
    90	                 file "/var/run/named-query.log" versions 5 size 10M;
    91	                 print-severity yes;
    92	                 print-time yes;
    93	         };
    94	         category queries { querylog; };
    95	 };
    96	
    97	
    98	 //
    99	 // a caching only nameserver config
   100	 //
   101	 #Use with the following in named.conf, adjusting the allow
list as needed
   102	 #
   103	 controls {
   104	         inet 127.0.0.1 port 953
   105	                 allow { 127.0.0.1; } keys { "rndc-key"; };
   106	 };
   107	 zone "." IN {
   108	         type hint;
   109	         file "named.ca";
   110	 };
   111	
   112	 zone "localhost" IN {
   113	         type master;
   114	         file "localhost.zone";
   115	         allow-update { none; };
   116	 };
   117	
   118	 zone "0.0.127.in-addr.arpa" IN {
   119	         type master;
   120	         file "named.local";
   121	         allow-update { none; };
   122	 };
   123	
   124	 zone "zone001" IN {
   125	         type master;
   126	         file "zone/zone001";
   127	         allow-update { none; };
   128	         notify no;
   129	 };
   130	
   131	 /************************************************************
   132	 zone "zone002" IN {
   133	         type master;
   134	         file "zone/zone002";
   135	         allow-update { none; };
   136	 };
   137	
   138	 zone "zone003" IN {
   139	         type master;
   140	         file "zone/zone003";
   141	         allow-update { none; };
   142	
   143	 };
   144	
   145	 zone "zone004" IN {
   146	         type master;
   147	         file "zone/zone004";
   148	         allow-update { none; };
   149	
   150	 };
   151	
   152	 zone "zone005" IN {
   153	         type master;
   154	         file "zone/zone005";
   155	         allow-update { none; };
   156	 };
   157	 ************************************************************/
   158	
   159	 include "/etc/rndc.key";
   160	
   161	
   162	
   163	
   164	Contents of the zone file "zone/zone001" for the fictitous zone
"keith1q2w.com":
   165	================================================================================
   166	;       IPv4 zone file for zone zone001
   167	;$ORIGIN keith1q2w.com.
   168	$TTL 1d         ; One day
   169	
   170	@               IN      SOA     nameserver01.keith1q2w.com.
sysadmin.keith1q2w.com. (
   171	                                2012030602              ;
zone serial number
   172	                                12h                     ;       refresh
   173	                                15m                     ;       retry
   174	                                30d                     ;       expiry
   175	                                 2h                     ;       minimum
   176	                                 )
   177	
   178	
   179	                 IN      NS              nameserver01.keith1q2w.com.
   180	                 IN      NS              nameserver02.keith1q2w.com.
   181	
   182	                 IN      MX      10      mail.keith1q2w.com.
   183	                 IN      MX      20      mail2.keith1q2w.com.
   184	                 IN      MX      30      mail3.keith1q2w.com.
   185	
   186	 nameserver01    IN      A               192.168.55.168
   187	 mail            IN      A               192.168.55.126
   188	 mail2           IN      A               192.168.55.130
   189	 mail3           IN      A               192.168.55.253
   190	
   191	
   192	
   193	
   194	
   195	Contents of /etc/resolv.conf
   196	================================================================================
   197	nameserver 127.0.0.1
   198	search keith1q2w.com local


END OF PASTED DATA
END OF PASTED DATA
END OF PASTED DATA




========Keith



More information about the bind-users mailing list