Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running named-checkdns against the following zone file:
Quote:
$TTL 3D
; Information about "forward" domain se.dr.com
$ORIGIN se.digitalreefinc.com.
@ IN SOA ns1.se.digitalreefinc.com. webmaster.se.digitalreefinc.com. (
200912151458 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
1D ) ; minimum
@ IN NS ns1.se.digitalreefinc.com. ;
se20 A 172.30.4.20;
ns1.se.digitalreefinc.com. A 172.30.4.20;
localhost A 127.0.0.1;
se21 A 172.30.4.21;
se22 A 172.30.4.22;
se23 A 172.30.4.23;
se24 A 172.30.4.24;
se25 A 172.30.4.25;
and I get this as the output:
Quote:
[root@se20 named]# named-checkzone localhost se.digitalreefinc.com.zone
se.digitalreefinc.com.zone:4: ignoring out-of-zone data (se.digitalreefinc.com)
se.digitalreefinc.com.zone:10: ignoring out-of-zone data (se.digitalreefinc.com)
se.digitalreefinc.com.zone:11: ignoring out-of-zone data (se20.se.digitalreefinc.com)
se.digitalreefinc.com.zone:12: ignoring out-of-zone data (ns1.se.digitalreefinc.com)
se.digitalreefinc.com.zone:13: ignoring out-of-zone data (localhost.se.digitalreefinc.com)
se.digitalreefinc.com.zone:14: ignoring out-of-zone data (se21.se.digitalreefinc.com)
se.digitalreefinc.com.zone:15: ignoring out-of-zone data (se22.se.digitalreefinc.com)
se.digitalreefinc.com.zone:16: ignoring out-of-zone data (se23.se.digitalreefinc.com)
se.digitalreefinc.com.zone:17: ignoring out-of-zone data (se24.se.digitalreefinc.com)
se.digitalreefinc.com.zone:18: ignoring out-of-zone data (se25.se.digitalreefinc.com)
zone localhost/IN: has 0 SOA records
zone localhost/IN: has no NS records
If I do a dig, I get the QUERY status: NXDOMAIN resoponse
zone localhost/IN: has no NS records
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "Bind";
#allow-query { localhost; };
allow-recursion {127.0.0.1; 172.30.0.0/16; };
forward first;
forwarders { 172.30.0.10; 172.30.0.11; }; #IP of upstream ISP nameserver(s)
#forward only; #rely completely on our upstream nameservers
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "se.digitalreefinc.com" IN {
type master;
file "se.digitalreefinc.com.zone";
allow-update {none;};
};
zone "4.30.172.in-addr.arpa" IN {
type master;
file "reverse.se.digitalreefinc.com.zone";
allow-update {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
I think my SOA record might be wrong, but I cannot find the error.
Any help is apreciated
Last edited by zyzzogeton; 12-17-2009 at 09:03 AM.
Reason: used quote blocks for clarity
Your named-checkzone command is wrong. You should use the zone name and the zone file as arguments. To see if your zone is ok, run this from inside the directory where is your zone files:
Here is the output for the checkzone:
-------------begin output-----------------
Quote:
[root@se20 named]# named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
zone se.digitalreefinc.com/IN: loaded serial 3343656022
OK
-------------------------------------------
So nothing compelling there.
When I do a restart of named, I notice that my zone file isn't touched though:
------------begin output /var/log/messages----------------
Quote:
Dec 17 09:56:28 se20 named[17920]: received control channel command 'stop'
Dec 17 09:56:28 se20 named[17920]: shutting down: flushing changes
Dec 17 09:56:28 se20 named[17920]: stopping command channel on 127.0.0.1#953
Dec 17 09:56:28 se20 named[17920]: stopping command channel on ::1#953
Dec 17 09:56:28 se20 named[17920]: no longer listening on 127.0.0.1#53
Dec 17 09:56:28 se20 named[17920]: no longer listening on ::1#53
Dec 17 09:56:28 se20 named[17920]: exiting
Dec 17 09:56:28 se20 named[1767]: starting BIND 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 -u named
Dec 17 09:56:28 se20 named[1767]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-red
hat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc
' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '
--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--w
ith-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-red
hat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-prote
ctor --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Dec 17 09:56:28 se20 named[1767]: adjusted limit on open files from 1024 to 1048576
Dec 17 09:56:28 se20 named[1767]: found 4 CPUs, using 4 worker threads
Dec 17 09:56:28 se20 named[1767]: using up to 4096 sockets
Dec 17 09:56:28 se20 named[1767]: loading configuration from '/etc/named.conf'
Dec 17 09:56:28 se20 named[1767]: using default UDP/IPv4 port range: [1024, 65535]
Dec 17 09:56:28 se20 named[1767]: using default UDP/IPv6 port range: [1024, 65535]
Dec 17 09:56:28 se20 named[1767]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 17 09:56:28 se20 named[1767]: listening on IPv6 interface lo, ::1#53
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 127.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: D.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: A.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: B.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: command channel listening on 127.0.0.1#953
Dec 17 09:56:28 se20 named[1767]: command channel listening on ::1#953
Dec 17 09:56:28 se20 named[1767]: the working directory is not writable
Dec 17 09:56:28 se20 named[1767]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 0.in-addr.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone localhost.localdomain/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone localhost/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: running
[root@se20 named]# named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
zone se.digitalreefinc.com/IN: loaded serial 3343656022
OK
-------------------------------------------
So nothing compelling there.
Where is that serial number came from?
Quote:
Dec 17 09:56:28 se20 named[1767]: starting BIND 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 -u named
...
Dec 17 09:56:28 se20 named[1767]: the working directory is not writable
...
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
...
Dec 17 09:56:28 se20 named[1767]: zone localhost.localdomain/IN: loaded serial 0
...
Yes, you should see the zones defined in named.conf loading.
Are you sure you're using the named.conf you've posted previously? Because there are no such zones as the above and I don't think they came from the included /etc/named.rfc1912.zones.
Also you need to fix the permissions problem of /var/named (must be rw by user named).
I am not sure where that serial number comes from however I think I have tracked down the issue,
Quote:
Dec 17 14:57:59 se20 named[2071]: zone localhost.localdomain/IN: loaded serial 0
Dec 17 14:57:59 se20 named[2071]: zone localhost/IN: loaded serial 0
Dec 17 14:57:59 se20 named[2071]: running
Dec 17 14:58:43 se20 named[2071]: received control channel command 'reload'
Dec 17 14:58:43 se20 named[2071]: loading configuration from '/etc/named.conf'
Dec 17 14:58:43 se20 named[2071]: using default UDP/IPv4 port range: [1024, 65535]
Dec 17 14:58:43 se20 named[2071]: using default UDP/IPv6 port range: [1024, 65535]
I have been editing named.conf in /var/named this whole time!
Now, doing a dig gives me this:
Quote:
[root@se20 etc]# dig @localhost se20
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @localhost se20
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63982
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
I just need to track down my search domain issue. It looks like se20 is not using se.digitalreefinc.com as its search domain for some reason even though it is specified in the resolv.conf. If I use an fqdn, it works fine:
Because dig uses the dns server to resolve hostnames, you have to use a FQDN. The nslookup utility looks for the search/domain line in /etc/resolv.conf, so it can resolve hostnames without a domain name. If you want dig to do the same, you have to use the +search option:
Code:
dig se20 +search
Regarding:
Quote:
dig @localhost se20
...
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63982
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
...
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
you have to add the localhost ipv6 address ::1 in the allow-recursion arguments.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.