bind 9.11.2 - domain and subdomain with one zone does not work

Dns Admin dnsadmdns at gmail.com
Fri Apr 3 22:10:05 UTC 2020 

Hi ?
   You have delegated the domain "sub.test.local" but you have no zone
statement for this  zone.
Suggest you create  a db.sub.test.local zone file and update your
configuration with

 zone "sub.test.local" IN {
                type master;
                file "db.sub.test.local";
        };

And remove the following from the db.test.local zone file:

$ORIGIN sub.test.local.
localhost               A       127.0.0.1
t30                     A       127.0.0.2

Br Peter


On 03/04/2020 08:19, mail-list-users at materna.de wrote:
> Good morning,
>
> we try to use  in our zone files for easy including of new sub domains.
> While it worked on my test system, in production we get either NXDOMAIN or SERVFAIL,
> both use bind 9.11.2 from the distro. Level 10 debug with all possible logs enabled did gave no answer.
> Maybe someone on this list will find our problem, like in the past.
> named.conf from test system, besides of the amount of zones the same as production:
> -----------------------
>
> options {
> 	allow-transfer { none;};
> 	check-names master ignore;
> 	check-names slave ignore;
> 	check-names response ignore;
> 	directory "/var/lib/named";
> 	managed-keys-directory "/var/lib/named/dyn/";
> 	dump-file "/var/log/named_dump.db";
> 	statistics-file "/var/log/named.stats";
> 	listen-on-v6 { any; };
> 	notify no;
> 	forward only;
> 	forwarders { 127.0.0.1; };
> 	allow-recursion { 127.0.0.1; };
> 	allow-query { 127.0.0.1; };
>         response-policy {
>                 zone "testoverride" log no;
> 		zone "logoverride" log yes;
>         };
>
>     disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
> };
>
> acl AllowDDNS { 127.0.0.1/32; };
>
> include "/etc/rndc.key";
>
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
>
> view public {
> 	zone "." in {
> 		type hint;
> 		file "db.hint";
> 	};
>
> 	zone "localhost" in {
> 		type master;
> 		file "localhost.zone";
> 	};
>
> 	zone "0.0.127.in-addr.arpa" in {
> 		type master;
> 		file "127.0.0.zone";
> 	};
>
> 	zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
> 	    type master;
> 	    file "127.0.0.zone";
> 	};
>
>         zone "test.local" IN {
>                 type master;
>                 file "db.test.local";
>         };
>
> 	zone "testoverride" {
> 		type master;
> 		file "Multistuff";
> 		allow-query { AllowDDNS; };
> 		allow-update { AllowDDNS; };
> 	};
>
>         zone "logoverride" {
>                 type master;
>                 file "LogStuff";
>                 allow-query { AllowDDNS; };
>                 allow-update { AllowDDNS; };
>         };
>
> };
>
> logging {
>
>         channel default_syslog {
>                 # Send most of the named messages to syslog.
>                 syslog local2;
>                 severity debug;
>         };
>
>         channel audit_log {
>                 #Send the security related messages to a separate file.
>                 syslog local2;
>                 severity debug;
>                 print-time yes;
>         };
>
>         channel null {
>                 null;
>         };
>
>
>      category default { default_syslog;   };
>      category config { default_syslog;   };
>      category dispatch { default_syslog;   };
>      category network { default_syslog;   };
>      category general { default_syslog;   };
>      category resolver { default_syslog;  };
>      category cname { default_syslog;  };
>      category delegation-only { default_syslog;  };
>      category lame-servers { default_syslog;  };
>      category edns-disabled { default_syslog;  };
>      category dnssec { default_syslog;  };
>      category notify { default_syslog;  };
>      category xfer-in { default_syslog;  };
>      category xfer-out { default_syslog;  };
>      category update{ default_syslog;  };
>      category update-security { default_syslog;  };
>      category client{ default_syslog;  };
>      category security { default_syslog;  };
>      category rate-limit { default_syslog;  };
>      category spill { default_syslog;  };
>      category database { default_syslog;  };
>      category rpz { default_syslog;  };
>      category dnstap { default_syslog;  };
>      category queries { default_syslog; };
>      category query-errors { default_syslog; };
>
>
> };
> -----------------------
>
> The zone file:
> -----------------------
> $ORIGIN .
> $TTL 604800     ; 1 week
> test.local         IN SOA  mytest.test.local. root.test.local. (
>                                 2020040123 ; serial
>                                 1800       ; refresh (30 minutes)
>                                 900        ; retry (15 minutes)
>                                 2592000    ; expire (4 weeks 2 days)
>                                 604800     ; minimum (1 week)
>                                 )
>                         NS      test.local.
>                         NS      test.local.
>                         A       127.0.0.1
>                         MX      10 test.local.
>                         MX      20 test.local.
>                         TXT     "AD buc"
> $ORIGIN test.local.
> t1	                A       127.0.0.3
> sub                     NS      test.local.
>                         NS      test.local.
>                         MX      10 test.local.
>                         MX      20 test.local.
> $ORIGIN sub.test.local.
> localhost               A       127.0.0.1
> t30                     A       127.0.0.2
> $ORIGIN test.local.
> t31              	CNAME   t1
>
> -----------------------
>
> dig query on the main domain:
> -----------------------
> ~ #dig t1.test.local. @127.0.0.1
>
> ; <<>> DiG 9.11.2 <<>> t1.test.local. @127.0.0.1
> ;; global options: +cmd
> ;; Got answer:
> ;; WARNING: .local is reserved for Multicast DNS
> ;; You are currently testing what happens when an mDNS query is leaked to DNS
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32410
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 54d8bba9ce2bbe1bd174692b5e86d27950eeeb14581a460e (good)
> ;; QUESTION SECTION:
> ;t1.test.local.                 IN      A
>
> ;; ANSWER SECTION:
> t1.test.local.          604800  IN      A       127.0.0.3
>
> ;; AUTHORITY SECTION:
> test.local.             604800  IN      NS      test.local.
>
> ;; ADDITIONAL SECTION:
> test.local.             604800  IN      A       127.0.0.1
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Apr 03 08:06:49 CEST 2020
> ;; MSG SIZE  rcvd: 116
> -----------------------
>
> dig query on the sub domain:
> -----------------------
> ~# dig t30.sub.test.local. @127.0.0.1
>
> ; <<>> DiG 9.11.2 <<>> t30.sub.test.local. @127.0.0.1
> ;; global options: +cmd
> ;; Got answer:
> ;; WARNING: .local is reserved for Multicast DNS
> ;; You are currently testing what happens when an mDNS query is leaked to DNS
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7026
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: fcd89e91476a9221e102a5745e86d25c9a23d3df00015683 (good)
> ;; QUESTION SECTION:
> ;t30.sub.test.local.            IN      A
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Apr 03 08:06:20 CEST 2020
> ;; MSG SIZE  rcvd: 75
> -----------------------
>
>
> Sincerely
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list