<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Most certainly - Yes.</p>
<p>You have a single zone here, thus only:</p>
<p> <span class="">named-checkzone <a moz-do-not-send="true"
href="http://example.com" rel="noreferrer" target="_blank">example.com</a>
example.com.zone</span></p>
...should work.<br>
<br>
Wait till you play with a reverse IPv6 zone - where I personally use
many $ORIGIN statements - saves hours of typing and makes reading
the Zones so much easier.<br>
<br>
<br>
<div class="moz-cite-prefix">On 05/06/2017 15:40, Bernard Fay wrote:<br>
</div>
<blockquote
cite="mid:CAH3AE4Y3HZc8HgLJNn0+d5Rd39uZxZQHEN=7eorr3iFhBww3-w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>I understand what $ORIGIN is doing by reducing the typing
and making it easier to maintain the zone files.<br>
<br>
</div>
<div>To Tony, should I understand while using named-checkzone I
need to enter <u>only</u> the top domain and named-checkzone
will understand the subdomains defined by the multiple $ORIGIN
in the zone file?<br>
<br>
</div>
<div>Thanks,<br>
</div>
<div>Bernard<br>
<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jun 5, 2017 at 9:18 AM, Tony
Finch <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dot@dotat.at" target="_blank">dot@dotat.at</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class="">Bernard Fay <<a moz-do-not-send="true"
href="mailto:bernard.fay@gmail.com">bernard.fay@gmail.com</a>>
wrote:<br>
><br>
> I took control of a DNS based on Bind 9.9. One of
the zone files have<br>
> multiple $ORIGIN for example:<br>
<br>
</span>The key thing to understand is that $ORIGIN just
controls how unqualified<br>
domain names are expanded into fully-qualified domain names.
In<br>
particular, $ORIGIN is completely independent of zone
boundaries.<br>
<br>
So in the master file you sketched out,<br>
<span class=""><br>
> $ORIGIN <a moz-do-not-send="true"
href="http://example.com" rel="noreferrer"
target="_blank">example.com</a><br>
> ...<br>
> $ORIGIN <a moz-do-not-send="true"
href="http://sub1.example.com" rel="noreferrer"
target="_blank">sub1.example.com</a><br>
> ...<br>
> $ORIGIN <a moz-do-not-send="true"
href="http://sub2.example.com" rel="noreferrer"
target="_blank">sub2.example.com</a><br>
> ...<br>
> $ORIGIN <a moz-do-not-send="true"
href="http://sub3.example.com" rel="noreferrer"
target="_blank">sub3.example.com</a><br>
> ...<br>
<br>
</span>The person who wrote the file is using $ORIGIN in
order to abbreviate<br>
unqualified names in subdomains, but the subdomains are all
part of the<br>
same zone.<br>
<br>
The other thing to be aware of is that it is possible to
write a zone file<br>
without any fuly-qualified names, which is why you have to
specify the<br>
zone name when loading the file. (This feature is useful for
empty zones,<br>
for example, but it's usually not a good idea for normal
zones.) The zone<br>
name is used to set the default $ORIGIN and for the zone
sanity checks.<br>
<br>
So, this works...<br>
<span class=""><br>
> While checking the zone file with:<br>
> named-checkzone <a moz-do-not-send="true"
href="http://example.com" rel="noreferrer"
target="_blank">example.com</a> example.com.zone<br>
> named-checkzone returns ok for the first $ORIGIN.<br>
<br>
</span>...because the zone name you specified on the command
line matches the<br>
contents of the master file.<br>
<br>
However,<br>
<span class=""><br>
> named-checkzone <a moz-do-not-send="true"
href="http://sub1.example.com" rel="noreferrer"
target="_blank">sub1.example.com</a> example.com.zone<br>
> named-checkzone <a moz-do-not-send="true"
href="http://sub2.example.com" rel="noreferrer"
target="_blank">sub2.example.com</a> example.com.zone<br>
> named-checkzone <a moz-do-not-send="true"
href="http://sub3.example.com" rel="noreferrer"
target="_blank">sub3.example.com</a> example.com.zone<br>
> named-checkzone reports many "ignoring out-of-zone
data (....<a moz-do-not-send="true"
href="http://example.com" rel="noreferrer"
target="_blank">example.com</a>)"<br>
<br>
</span>this doesn't make sense. The master file is one
single whole complete<br>
zone. The subdomains are not separate zones, and you can't
load or check<br>
part of the file.<br>
<br>
So the error message is saying that the SOA record and the
apex NS records<br>
at <a moz-do-not-send="true" href="http://example.com"
rel="noreferrer" target="_blank">example.com</a> and loads
of other records are not subdomains of the zone<br>
name that you gave on the commamnd line. I usually encounter
this error<br>
when I have accidentally got my zone name and master file
name muddled<br>
up, and once you get used to the error message it's a useful
consistency<br>
check.<br>
<span class="HOEnZb"><font color="#888888"><br>
Tony.<br>
--<br>
f.anthony.n.finch <<a moz-do-not-send="true"
href="mailto:dot@dotat.at">dot@dotat.at</a>> <a
moz-do-not-send="true" href="http://dotat.at/"
rel="noreferrer" target="_blank">http://dotat.at/</a>
- I xn--zr8h punycode<br>
Fitzroy: Southwesterly, veering northwesterly, 6 to gale
8, decreasing 5 later<br>
in southwest. Moderate or rough. Rain at first. Moderate
or good.<br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Mark James ELKINS - Posix Systems - (South) Africa
<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a> Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: <a class="moz-txt-link-freetext" href="https://ftth.posix.co.za">https://ftth.posix.co.za</a>
</pre>
</body>
</html>