<div dir="ltr"><div><div>Ok that was my misunderstanding of named-checkzone. I though I had to check for all $ORIGINs.<br><br></div>I haven't played with IPv6 yet. I hope I'll have a chance to do it eventually.<br><br> </div>Thanks for your time guys!<br><br><div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 5, 2017 at 9:49 AM, Mark Elkins <span dir="ltr"><<a href="mailto:mje@posix.co.za" target="_blank">mje@posix.co.za</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Most certainly - Yes.</p>
<p>You have a single zone here, thus only:</p>
<p> <span>named-checkzone <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>
example.com.zone</span></p>
...should work.<br>
<br>
Wait till you play with a reverse IPv6 zone - where I personally use
many $ORIGIN statements - saves hours of typing and makes reading
the Zones so much easier.<div><div class="h5"><br>
<br>
<br>
<div class="m_-4049677022412451529moz-cite-prefix">On 05/06/2017 15:40, Bernard Fay wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>I understand what $ORIGIN is doing by reducing the typing
and making it easier to maintain the zone files.<br>
<br>
</div>
<div>To Tony, should I understand while using named-checkzone I
need to enter <u>only</u> the top domain and named-checkzone
will understand the subdomains defined by the multiple $ORIGIN
in the zone file?<br>
<br>
</div>
<div>Thanks,<br>
</div>
<div>Bernard<br>
<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jun 5, 2017 at 9:18 AM, Tony
Finch <span dir="ltr"><<a href="mailto:dot@dotat.at" target="_blank">dot@dotat.at</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>Bernard Fay <<a href="mailto:bernard.fay@gmail.com" target="_blank">bernard.fay@gmail.com</a>>
wrote:<br>
><br>
> I took control of a DNS based on Bind 9.9. One of
the zone files have<br>
> multiple $ORIGIN for example:<br>
<br>
</span>The key thing to understand is that $ORIGIN just
controls how unqualified<br>
domain names are expanded into fully-qualified domain names.
In<br>
particular, $ORIGIN is completely independent of zone
boundaries.<br>
<br>
So in the master file you sketched out,<br>
<span><br>
> $ORIGIN <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a><br>
> ...<br>
> $ORIGIN <a href="http://sub1.example.com" rel="noreferrer" target="_blank">sub1.example.com</a><br>
> ...<br>
> $ORIGIN <a href="http://sub2.example.com" rel="noreferrer" target="_blank">sub2.example.com</a><br>
> ...<br>
> $ORIGIN <a href="http://sub3.example.com" rel="noreferrer" target="_blank">sub3.example.com</a><br>
> ...<br>
<br>
</span>The person who wrote the file is using $ORIGIN in
order to abbreviate<br>
unqualified names in subdomains, but the subdomains are all
part of the<br>
same zone.<br>
<br>
The other thing to be aware of is that it is possible to
write a zone file<br>
without any fuly-qualified names, which is why you have to
specify the<br>
zone name when loading the file. (This feature is useful for
empty zones,<br>
for example, but it's usually not a good idea for normal
zones.) The zone<br>
name is used to set the default $ORIGIN and for the zone
sanity checks.<br>
<br>
So, this works...<br>
<span><br>
> While checking the zone file with:<br>
> named-checkzone <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> example.com.zone<br>
> named-checkzone returns ok for the first $ORIGIN.<br>
<br>
</span>...because the zone name you specified on the command
line matches the<br>
contents of the master file.<br>
<br>
However,<br>
<span><br>
> named-checkzone <a href="http://sub1.example.com" rel="noreferrer" target="_blank">sub1.example.com</a> example.com.zone<br>
> named-checkzone <a href="http://sub2.example.com" rel="noreferrer" target="_blank">sub2.example.com</a> example.com.zone<br>
> named-checkzone <a href="http://sub3.example.com" rel="noreferrer" target="_blank">sub3.example.com</a> example.com.zone<br>
> named-checkzone reports many "ignoring out-of-zone
data (....<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>)"<br>
<br>
</span>this doesn't make sense. The master file is one
single whole complete<br>
zone. The subdomains are not separate zones, and you can't
load or check<br>
part of the file.<br>
<br>
So the error message is saying that the SOA record and the
apex NS records<br>
at <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> and loads
of other records are not subdomains of the zone<br>
name that you gave on the commamnd line. I usually encounter
this error<br>
when I have accidentally got my zone name and master file
name muddled<br>
up, and once you get used to the error message it's a useful
consistency<br>
check.<br>
<span class="m_-4049677022412451529HOEnZb"><font color="#888888"><br>
Tony.<br>
--<br>
f.anthony.n.finch <<a href="mailto:dot@dotat.at" target="_blank">dot@dotat.at</a>> <a href="http://dotat.at/" rel="noreferrer" target="_blank">http://dotat.at/</a>
- I xn--zr8h punycode<br>
Fitzroy: Southwesterly, veering northwesterly, 6 to gale
8, decreasing 5 later<br>
in southwest. Moderate or rough. Rain at first. Moderate
or good.<br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="m_-4049677022412451529mimeAttachmentHeader"></fieldset>
<br>
</div></div><span class=""><pre>______________________________<wbr>_________________
Please visit <a class="m_-4049677022412451529moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="m_-4049677022412451529moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a>
<a class="m_-4049677022412451529moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a></pre>
</span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre class="m_-4049677022412451529moz-signature" cols="72">--
Mark James ELKINS - Posix Systems - (South) Africa
<a class="m_-4049677022412451529moz-txt-link-abbreviated" href="mailto:mje@posix.co.za" target="_blank">mje@posix.co.za</a> Tel: <a href="tel:+27%2012%20807%200590" value="+27128070590" target="_blank">+27.128070590</a> Cell: <a href="tel:+27%2082%20601%200496" value="+27826010496" target="_blank">+27.826010496</a>
For fast, reliable, low cost Internet in ZA: <a class="m_-4049677022412451529moz-txt-link-freetext" href="https://ftth.posix.co.za" target="_blank">https://ftth.posix.co.za</a>
</pre>
</font></span></div>
<br>______________________________<wbr>_________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/<wbr>listinfo/bind-users</a><br></blockquote></div><br></div>