problem loading dynamic zone

Cuttler, Brian (HEALTH) brian.cuttler at health.ny.gov
Thu Jan 29 14:45:49 UTC 2015


Bind users list,

I am having problems with dynamic DNS config. It 'looks' simple enough
but I'm unable to load the dynamic zone.

I have stripped down my config, checked the protections on the data
directory and on the data files.

I simply do not see where the error is.

I have included info on the OS, bind version, displayed my config
files, nnamed-checkconf and named-checkzone info, shown file protections.

I will also include the logging output, almost forgot that.

Please let me know what additional info is needed.
Please let me know what I have overlooked, too many other people are
successfully doing this for it to be a bug (right??).

thank you,
Brian Cuttler
Wadsworth Center
Albany, NY

# uname -a
Linux znix.wadsworth.org 3.10.0-123.6.3.el7.x86_64 #1 SMP Wed Aug 6
21:12:36 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Installed Packages
Name        : bind
Arch        : x86_64
Epoch       : 32
Version     : 9.9.4
Release     : 14.el7_0.1
Size        : 4.3 M
Repo        : installed
>From repo   : updates
Summary     : The Berkeley Internet Name Domain (BIND) DNS (Domain
Name System) server

[root at znix dns-root]# cat /etc/named.conf
OPTIONS {
        //
        //
        //boot file for authorative master name server for
wadsworth.ph.albany.edu
        //note that ther should be one primary entry for each soa
record.
        //
        //type domain source file or host
        //
        //
        directory        "/etc/dns-root/";
        query-source address * port 53;
        dnssec-validation no;
        auth-nxdomain yes;  # conform to RFC1035
        empty-zones-enable no;
        //secondary 5.204.128.in-addr.arpa 172.16.1.6 db.128.204.5
        allow-transfer { 199.184.28.129; 199.184.28.125;
199.184.28.128; 199.184.30.42; 199.184.28.130; 199.184.30.36;
150.142.80.208; 150.142.80.209; 10.49.66.7; 10.50.156.45; 172.16.1.50;
};
        //secondary 6.204.128.in-addr.arpa 172.16.1.6 db.128.204.6
allow-recursion {any;};
};


key "rndc-key" {
        algorithm hmac-md5;
        secret "hide key #1";
};

key dhcpupdate {
        algorithm hmac-md5;
        secret "hide key #2";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};

** removing channel logging config lines to save space ***

zone "." in {
        type hint;
        file "db.cache";
};


zone "wadsworth.org" in {
        type master;
        file "db.wadsworth.org";
};

zone "dynamic.wadsworth.org." in {
        type master;
        file "db.dynamic";
        allow-update { key dhcpupdate; };
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "db.127.0.0";
};


[root at znix dns-root]# cat db.wadsworth.org
$TTL 86400
@       IN      SOA     admin.wadsworth.org.  qll.wadsworth.org. (
;                        1.58    ; serial
1501231306  ; serial number
                        10800           ; refresh after 3 hours
                        3600            ; retry after 1 hour
                        604800          ; expire after 1000 hour
                        86400 )         ; minimum ttl of 1 day


        IN      NS      znix.wadsworth.org.

;

; Updating this file updates the SOA, important because all of the
; db.wadsworth.org.ip.number.files are included from this file and
; are dependent on the SOA serial number in this file.
; Just update a comment field if you have no changes to make here.
; I generally just change the number of ";" in the next line.
;;;;;;;;

newton.wadsworth.org.           IN      A       172.16.1.6
;ldap1.wadsworth.org.           IN      A       199.184.30.42
nnewton.wadsworth.org.          IN      A       199.184.30.36
oxenopus.wadsworth.org.         IN      A       172.16.1.118
bionsc.wadsworth.org.           IN      A       199.184.28.129
localhost       IN      A       127.0.0.1


[root at znix dns-root]# cat db.dynamic
$TTL 86400
@       IN      SOA     admin.wadsworth.org.  qll.wadsworth.org. (
;                        1.58    ; serial
1501231306  ; serial number
                        10800           ; refresh after 3 hours
                        3600            ; retry after 1 hour
                        604800          ; expire after 1000 hour
                        86400 )         ; minimum ttl of 1 day


        IN      NS      znix.wadsworth.org.
znix    IN      A       199.184.30.15
;

; Updating this file updates the SOA, important because all of the
; db.wadsworth.org.ip.number.files are included from this file and
; are dependent on the SOA serial number in this file.
; Just update a comment field if you have no changes to make here.
; I generally just change the number of ";" in the next line.
;;;;;;;;

localhost       IN      A       127.0.0.1


[root at znix dns-root]# cat db.dynamic.jnl
[root at znix dns-root]#


[root at znix dns-root]# /usr/sbin/named-checkconf -j
[root at znix dns-root]# /usr/sbin/named-checkconf -z
zone wadsworth.org/IN: loaded serial 1501231306
zone dynamic.wadsworth.org/IN: loaded serial 1501231306
zone 0.0.127.in-addr.arpa/IN: loaded serial 1409291326



[root at znix dns-root]# /usr/sbin/named-checkzone -j wadsworth.org
db.dynamic
zone wadsworth.org/IN: journal rollforward failed: no more
zone wadsworth.org/IN: not loaded due to errors.


[root at znix dns-root]# /usr/sbin/named-checkzone -j wadsworth.org
db.wadsworth.org
zone wadsworth.org/IN: loaded serial 1501231306
OK


root at znix dns-root]# /usr/sbin/named-checkzone -j wadsworth.org
db.dynamic
zone wadsworth.org/IN: journal rollforward failed: no more
zone wadsworth.org/IN: not loaded due to errors.

[root at znix dns-root]# ls -ld /etc/dns-root
drwxrwxr-x. 2 named named 12288 Jan 28 10:39 /etc/dns-root

drwxrwxr-x. 2 named named 12288 Jan 28 10:39 /etc/dns-root
[root at znix dns-root]# ls -las db.wadsworth.org db.dynamic*
4 -rw-rw-r--. 1 named named  844 Jan 27 17:09 db.dynamic
0 -rw-rw-r--. 1 named named    0 Jan 27 14:08 db.dynamic.jnl
12 -rw-rw-r--. 1 named named 8605 Jan 28 10:37 db.wadsworth.org


>From my /var/log/named-logs/dns_general_log file

28-Jan-2015 10:44:17.199 general: info: managed-keys-zone: loaded
serial 0
28-Jan-2015 10:44:17.200 general: info: zone 0.0.127.in-addr.arpa/IN:
loaded serial 1409291326
28-Jan-2015 10:44:17.332 general: info: zone wadsworth.org/IN: loaded
serial 1501231306
28-Jan-2015 10:44:17.332 general: error: zone
dynamic.wadsworth.org/IN: journal rollforward failed: no more
28-Jan-2015 10:44:17.332 general: error: zone
dynamic.wadsworth.org/IN: not loaded due to errors.
28-Jan-2015 10:44:17.333 general: notice: all zones loaded
28-Jan-2015 10:44:17.333 general: notice: running


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150129/1f4ff1a9/attachment-0001.html>


More information about the bind-users mailing list