bind 9.11.2 - domain and subdomain with one zone does not work

mail-list-users at materna.de mail-list-users at materna.de
Fri Apr 3 06:19:05 UTC 2020


Good morning,

we try to use  in our zone files for easy including of new sub domains.
While it worked on my test system, in production we get either NXDOMAIN or SERVFAIL,
both use bind 9.11.2 from the distro. Level 10 debug with all possible logs enabled did gave no answer.
Maybe someone on this list will find our problem, like in the past.
named.conf from test system, besides of the amount of zones the same as production:
-----------------------

options {
	allow-transfer { none;};
	check-names master ignore;
	check-names slave ignore;
	check-names response ignore;
	directory "/var/lib/named";
	managed-keys-directory "/var/lib/named/dyn/";
	dump-file "/var/log/named_dump.db";
	statistics-file "/var/log/named.stats";
	listen-on-v6 { any; };
	notify no;
	forward only;
	forwarders { 127.0.0.1; };
	allow-recursion { 127.0.0.1; };
	allow-query { 127.0.0.1; };
        response-policy {
                zone "testoverride" log no;
		zone "logoverride" log yes;
        };

    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};

acl AllowDDNS { 127.0.0.1/32; };

include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

view public {
	zone "." in {
		type hint;
		file "db.hint";
	};

	zone "localhost" in {
		type master;
		file "localhost.zone";
	};

	zone "0.0.127.in-addr.arpa" in {
		type master;
		file "127.0.0.zone";
	};

	zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
	    type master;
	    file "127.0.0.zone";
	};

        zone "test.local" IN {
                type master;
                file "db.test.local";
        };

	zone "testoverride" {
		type master;
		file "Multistuff";
		allow-query { AllowDDNS; };
		allow-update { AllowDDNS; };
	};

        zone "logoverride" {
                type master;
                file "LogStuff";
                allow-query { AllowDDNS; };
                allow-update { AllowDDNS; };
        };

};

logging {

        channel default_syslog {
                # Send most of the named messages to syslog.
                syslog local2;
                severity debug;
        };

        channel audit_log {
                #Send the security related messages to a separate file.
                syslog local2;
                severity debug;
                print-time yes;
        };

        channel null {
                null;
        };


     category default { default_syslog;   };
     category config { default_syslog;   };
     category dispatch { default_syslog;   };
     category network { default_syslog;   };
     category general { default_syslog;   };
     category resolver { default_syslog;  };
     category cname { default_syslog;  };
     category delegation-only { default_syslog;  };
     category lame-servers { default_syslog;  };
     category edns-disabled { default_syslog;  };
     category dnssec { default_syslog;  };
     category notify { default_syslog;  };
     category xfer-in { default_syslog;  };
     category xfer-out { default_syslog;  };
     category update{ default_syslog;  };
     category update-security { default_syslog;  };
     category client{ default_syslog;  };
     category security { default_syslog;  };
     category rate-limit { default_syslog;  };
     category spill { default_syslog;  };
     category database { default_syslog;  };
     category rpz { default_syslog;  };
     category dnstap { default_syslog;  };
     category queries { default_syslog; };
     category query-errors { default_syslog; };


};
-----------------------

The zone file:
-----------------------
$ORIGIN .
$TTL 604800     ; 1 week
test.local         IN SOA  mytest.test.local. root.test.local. (
                                2020040123 ; serial
                                1800       ; refresh (30 minutes)
                                900        ; retry (15 minutes)
                                2592000    ; expire (4 weeks 2 days)
                                604800     ; minimum (1 week)
                                )
                        NS      test.local.
                        NS      test.local.
                        A       127.0.0.1
                        MX      10 test.local.
                        MX      20 test.local.
                        TXT     "AD buc"
$ORIGIN test.local.
t1	                A       127.0.0.3
sub                     NS      test.local.
                        NS      test.local.
                        MX      10 test.local.
                        MX      20 test.local.
$ORIGIN sub.test.local.
localhost               A       127.0.0.1
t30                     A       127.0.0.2
$ORIGIN test.local.
t31              	CNAME   t1

-----------------------

dig query on the main domain:
-----------------------
~ #dig t1.test.local. @127.0.0.1

; <<>> DiG 9.11.2 <<>> t1.test.local. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 54d8bba9ce2bbe1bd174692b5e86d27950eeeb14581a460e (good)
;; QUESTION SECTION:
;t1.test.local.                 IN      A

;; ANSWER SECTION:
t1.test.local.          604800  IN      A       127.0.0.3

;; AUTHORITY SECTION:
test.local.             604800  IN      NS      test.local.

;; ADDITIONAL SECTION:
test.local.             604800  IN      A       127.0.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 03 08:06:49 CEST 2020
;; MSG SIZE  rcvd: 116
-----------------------

dig query on the sub domain:
-----------------------
~# dig t30.sub.test.local. @127.0.0.1

; <<>> DiG 9.11.2 <<>> t30.sub.test.local. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7026
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fcd89e91476a9221e102a5745e86d25c9a23d3df00015683 (good)
;; QUESTION SECTION:
;t30.sub.test.local.            IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 03 08:06:20 CEST 2020
;; MSG SIZE  rcvd: 75
-----------------------


Sincerely


More information about the bind-users mailing list