Named will not start when $ORIGIN is present, other errors also, bind 9.7.3-p3
Keith Christian
keith1christian at gmail.com
Tue Mar 6 20:09:34 UTC 2012
Hello,
Attempting to set up a small dns server purely for testing purposes,
using a non-existent domain name.
I have run into problems with my very simple setup, have tried
changing multiple tokens in the config files, no success, but have
found a few items:
- The zone file loads, and BIND starts, if the $ORIGIN line is
commented out of the zone file. Apparently, $ORIGIN is not required,
but why would its presence cause an error?
- "dig" lookups do not succeed even when $ORIGIN is commented out,
with named running.
There is an error somewhere in the config files, but I cannot locate
it, or I'm doing something fundamentally wrong.
NS and SOA records exist, contrary to bind's output messages.
Any insight or corrections appreciated.
Thanks.
START OF PASTED DATA
START OF PASTED DATA
START OF PASTED DATA
1 Running on CentOS 6.x, with the following packages:
2 ================================================================================
3 bind-9.7.3-8.P3.el6_2.2.i686
4 bind-chroot-9.7.3-8.P3.el6_2.2.i686
5 bind-libs-9.7.3-8.P3.el6_2.2.i686
6 bind-utils-9.7.3-8.P3.el6_2.2.i686
7 ================================================================================
8
9
10
11
12 Output from dig when looking up a nameserver on the fictitious domain:
13 ================================================================================
14 dig @localhost keith1q2w.com ns
15
16 ; <<>> DiG 9.5.2-P3 <<>> @localhost keith1q2w.com ns
17 ; (2 servers found)
18 ;; global options: printcmd
19 ;; Got answer:
20 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38557
21 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
22
23 ;; QUESTION SECTION:
24 ;keith1q2w.com. IN NS
25
26 ;; AUTHORITY SECTION:
27 com. 900 IN SOA
a.gtld-servers.net. nstld.verisign-grs.com. 1331061717 1800 900 604800
86400
28
29 ;; Query time: 144 msec
30 ;; SERVER: 127.0.0.1#53(127.0.0.1)
31 ;; WHEN: Tue Mar 6 12:22:29 2012
32 ;; MSG SIZE rcvd: 104
33
34
35
36
37 Error messages from BIND when $ORIGIN is un-commented in the zone file:
38 ================================================================================
39 Stopping named: [ OK ]
40 Starting named:
41 Error in named configuration:
42 zone localhost/IN: loaded serial 0
43 zone 0.0.127.in-addr.arpa/IN: loaded serial 0
44 zone/zone001:5: ignoring out-of-zone data (keith1q2w.com)
45 zone/zone001:21: ignoring out-of-zone data (nameserver01.keith1q2w.com)
46 zone/zone001:22: ignoring out-of-zone data (mail.keith1q2w.com)
47 zone/zone001:23: ignoring out-of-zone data (mail2.keith1q2w.com)
48 zone/zone001:24: ignoring out-of-zone data (mail3.keith1q2w.com)
49 zone zone001/IN: has 0 SOA records
50 zone zone001/IN: has no NS records
51 zone zone001/IN: not loaded due to errors.
52 _default/zone001/IN: bad zone
53 [FAILED]
54 rndc: connect failed: 127.0.0.1#953: connection refused
55 named is stopped
56
57
58
59
60 Contents of /etc/named.conf:
61 ================================================================================
62
63 options {
64 directory "/etc/named";
65 pid-file "/var/run/named.pid";
66 statistics-file "/var/run/named.stats";
67 # hide our "real" version number
68 version "[secured]";
69 dump-file "/var/run/named.db";
70
71
72 /*
73 * If there is a firewall between you and nameservers you want
74 * to talk to, you might need to uncomment the query-source
75 * directive below. Previous versions of BIND always asked
76 * questions using port 53, but BIND 8.1 uses an unprivileged
77 * port by default.
78 */
79
80 // query-source address * port 53;
81 allow-recursion { any; };
82 allow-query { any; };
83 //allow-query-cache { any; };
84 //also-notify { www.xxx.yyy.zzz ; www.xxx.yyy.zzz ;
www.xxx.yyy.z
85 };
86
87
88 logging {
89 channel querylog {
90 file "/var/run/named-query.log" versions 5 size 10M;
91 print-severity yes;
92 print-time yes;
93 };
94 category queries { querylog; };
95 };
96
97
98 //
99 // a caching only nameserver config
100 //
101 #Use with the following in named.conf, adjusting the allow
list as needed
102 #
103 controls {
104 inet 127.0.0.1 port 953
105 allow { 127.0.0.1; } keys { "rndc-key"; };
106 };
107 zone "." IN {
108 type hint;
109 file "named.ca";
110 };
111
112 zone "localhost" IN {
113 type master;
114 file "localhost.zone";
115 allow-update { none; };
116 };
117
118 zone "0.0.127.in-addr.arpa" IN {
119 type master;
120 file "named.local";
121 allow-update { none; };
122 };
123
124 zone "zone001" IN {
125 type master;
126 file "zone/zone001";
127 allow-update { none; };
128 notify no;
129 };
130
131 /************************************************************
132 zone "zone002" IN {
133 type master;
134 file "zone/zone002";
135 allow-update { none; };
136 };
137
138 zone "zone003" IN {
139 type master;
140 file "zone/zone003";
141 allow-update { none; };
142
143 };
144
145 zone "zone004" IN {
146 type master;
147 file "zone/zone004";
148 allow-update { none; };
149
150 };
151
152 zone "zone005" IN {
153 type master;
154 file "zone/zone005";
155 allow-update { none; };
156 };
157 ************************************************************/
158
159 include "/etc/rndc.key";
160
161
162
163
164 Contents of the zone file "zone/zone001" for the fictitous zone
"keith1q2w.com":
165 ================================================================================
166 ; IPv4 zone file for zone zone001
167 ;$ORIGIN keith1q2w.com.
168 $TTL 1d ; One day
169
170 @ IN SOA nameserver01.keith1q2w.com.
sysadmin.keith1q2w.com. (
171 2012030602 ;
zone serial number
172 12h ; refresh
173 15m ; retry
174 30d ; expiry
175 2h ; minimum
176 )
177
178
179 IN NS nameserver01.keith1q2w.com.
180 IN NS nameserver02.keith1q2w.com.
181
182 IN MX 10 mail.keith1q2w.com.
183 IN MX 20 mail2.keith1q2w.com.
184 IN MX 30 mail3.keith1q2w.com.
185
186 nameserver01 IN A 192.168.55.168
187 mail IN A 192.168.55.126
188 mail2 IN A 192.168.55.130
189 mail3 IN A 192.168.55.253
190
191
192
193
194
195 Contents of /etc/resolv.conf
196 ================================================================================
197 nameserver 127.0.0.1
198 search keith1q2w.com local
END OF PASTED DATA
END OF PASTED DATA
END OF PASTED DATA
========Keith
More information about the bind-users
mailing list