LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-15-2009, 02:20 PM   #1
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Rep: Reputation: 0
ignoring out-of-zone data in my DNS file


I am running named-checkdns against the following zone file:
Quote:
$TTL 3D
; Information about "forward" domain se.dr.com
$ORIGIN se.digitalreefinc.com.
@ IN SOA ns1.se.digitalreefinc.com. webmaster.se.digitalreefinc.com. (
200912151458 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
1D ) ; minimum
@ IN NS ns1.se.digitalreefinc.com. ;
se20 A 172.30.4.20;
ns1.se.digitalreefinc.com. A 172.30.4.20;
localhost A 127.0.0.1;
se21 A 172.30.4.21;
se22 A 172.30.4.22;
se23 A 172.30.4.23;
se24 A 172.30.4.24;
se25 A 172.30.4.25;
and I get this as the output:

Quote:
[root@se20 named]# named-checkzone localhost se.digitalreefinc.com.zone
se.digitalreefinc.com.zone:4: ignoring out-of-zone data (se.digitalreefinc.com)
se.digitalreefinc.com.zone:10: ignoring out-of-zone data (se.digitalreefinc.com)
se.digitalreefinc.com.zone:11: ignoring out-of-zone data (se20.se.digitalreefinc.com)
se.digitalreefinc.com.zone:12: ignoring out-of-zone data (ns1.se.digitalreefinc.com)
se.digitalreefinc.com.zone:13: ignoring out-of-zone data (localhost.se.digitalreefinc.com)
se.digitalreefinc.com.zone:14: ignoring out-of-zone data (se21.se.digitalreefinc.com)
se.digitalreefinc.com.zone:15: ignoring out-of-zone data (se22.se.digitalreefinc.com)
se.digitalreefinc.com.zone:16: ignoring out-of-zone data (se23.se.digitalreefinc.com)
se.digitalreefinc.com.zone:17: ignoring out-of-zone data (se24.se.digitalreefinc.com)
se.digitalreefinc.com.zone:18: ignoring out-of-zone data (se25.se.digitalreefinc.com)
zone localhost/IN: has 0 SOA records
zone localhost/IN: has no NS records
If I do a dig, I get the QUERY status: NXDOMAIN resoponse
zone localhost/IN: has no NS records
Quote:
[root@se20 named]# dig @localhost se20

; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @localhost se20
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30626
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;se20. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009121500 1800 900 604800 86400

;; Query time: 583 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Dec 15 15:18:06 2009
;; MSG SIZE rcvd: 97
my named.conf is as follows:
Quote:
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "Bind";
#allow-query { localhost; };
allow-recursion {127.0.0.1; 172.30.0.0/16; };
forward first;
forwarders { 172.30.0.10; 172.30.0.11; }; #IP of upstream ISP nameserver(s)
#forward only; #rely completely on our upstream nameservers
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "se.digitalreefinc.com" IN {
type master;
file "se.digitalreefinc.com.zone";
allow-update {none;};
};
zone "4.30.172.in-addr.arpa" IN {
type master;
file "reverse.se.digitalreefinc.com.zone";
allow-update {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";

I think my SOA record might be wrong, but I cannot find the error.

Any help is apreciated

Last edited by zyzzogeton; 12-17-2009 at 09:03 AM. Reason: used quote blocks for clarity
 
Old 12-15-2009, 03:29 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

Your named-checkzone command is wrong. You should use the zone name and the zone file as arguments. To see if your zone is ok, run this from inside the directory where is your zone files:
Code:
named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
Regarding the NXDOMAIN, you need to add
Code:
domain se.digitalreefinc.com
in top of /etc/hosts, if you want to resolve hostnames without using the FQDN.

Note also that you don't need forward and forwarders. Your nameserver can use the hint zone to resolve unknown domains.

Regards
 
1 members found this post helpful.
Old 12-17-2009, 08:59 AM   #3
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks for redirecting me back here Bathory.

Here is the output for the checkzone:
-------------begin output-----------------
Quote:
[root@se20 named]# named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
zone se.digitalreefinc.com/IN: loaded serial 3343656022
OK
-------------------------------------------
So nothing compelling there.

When I do a restart of named, I notice that my zone file isn't touched though:
------------begin output /var/log/messages----------------
Quote:
Dec 17 09:56:28 se20 named[17920]: received control channel command 'stop'
Dec 17 09:56:28 se20 named[17920]: shutting down: flushing changes
Dec 17 09:56:28 se20 named[17920]: stopping command channel on 127.0.0.1#953
Dec 17 09:56:28 se20 named[17920]: stopping command channel on ::1#953
Dec 17 09:56:28 se20 named[17920]: no longer listening on 127.0.0.1#53
Dec 17 09:56:28 se20 named[17920]: no longer listening on ::1#53
Dec 17 09:56:28 se20 named[17920]: exiting
Dec 17 09:56:28 se20 named[1767]: starting BIND 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 -u named
Dec 17 09:56:28 se20 named[1767]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-red
hat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc
' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '
--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--w
ith-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-red
hat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-prote
ctor --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Dec 17 09:56:28 se20 named[1767]: adjusted limit on open files from 1024 to 1048576
Dec 17 09:56:28 se20 named[1767]: found 4 CPUs, using 4 worker threads
Dec 17 09:56:28 se20 named[1767]: using up to 4096 sockets
Dec 17 09:56:28 se20 named[1767]: loading configuration from '/etc/named.conf'
Dec 17 09:56:28 se20 named[1767]: using default UDP/IPv4 port range: [1024, 65535]
Dec 17 09:56:28 se20 named[1767]: using default UDP/IPv6 port range: [1024, 65535]
Dec 17 09:56:28 se20 named[1767]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 17 09:56:28 se20 named[1767]: listening on IPv6 interface lo, ::1#53
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 127.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: D.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: A.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: B.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: command channel listening on 127.0.0.1#953
Dec 17 09:56:28 se20 named[1767]: command channel listening on ::1#953
Dec 17 09:56:28 se20 named[1767]: the working directory is not writable
Dec 17 09:56:28 se20 named[1767]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 0.in-addr.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone localhost.localdomain/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone localhost/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: running
-------------------------------------------------------

Shouldn't I see a

Quote:
Dec 17 09:56:28 se20 named[1767]: zone se.digitalreefinc.com/IN: loaded serial 200912151458
in there somewhere?
 
Old 12-17-2009, 09:25 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
[root@se20 named]# named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
zone se.digitalreefinc.com/IN: loaded serial 3343656022
OK
-------------------------------------------
So nothing compelling there.
Where is that serial number came from?
Quote:
Dec 17 09:56:28 se20 named[1767]: starting BIND 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 -u named
...
Dec 17 09:56:28 se20 named[1767]: the working directory is not writable
...
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
...
Dec 17 09:56:28 se20 named[1767]: zone localhost.localdomain/IN: loaded serial 0
...
Yes, you should see the zones defined in named.conf loading.
Are you sure you're using the named.conf you've posted previously? Because there are no such zones as the above and I don't think they came from the included /etc/named.rfc1912.zones.
Also you need to fix the permissions problem of /var/named (must be rw by user named).
 
1 members found this post helpful.
Old 12-17-2009, 02:14 PM   #5
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Original Poster
Rep: Reputation: 0
I am not sure where that serial number comes from however I think I have tracked down the issue,
Quote:
Dec 17 14:57:59 se20 named[2071]: zone localhost.localdomain/IN: loaded serial 0
Dec 17 14:57:59 se20 named[2071]: zone localhost/IN: loaded serial 0
Dec 17 14:57:59 se20 named[2071]: running
Dec 17 14:58:43 se20 named[2071]: received control channel command 'reload'
Dec 17 14:58:43 se20 named[2071]: loading configuration from '/etc/named.conf'
Dec 17 14:58:43 se20 named[2071]: using default UDP/IPv4 port range: [1024, 65535]
Dec 17 14:58:43 se20 named[2071]: using default UDP/IPv6 port range: [1024, 65535]
I have been editing named.conf in /var/named this whole time!

Now, doing a dig gives me this:
Quote:
[root@se20 etc]# dig @localhost se20

; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @localhost se20
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63982
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;se20. IN A

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Dec 17 15:11:11 2009
;; MSG SIZE rcvd: 22
Which I consider great progress.

I just need to track down my search domain issue. It looks like se20 is not using se.digitalreefinc.com as its search domain for some reason even though it is specified in the resolv.conf. If I use an fqdn, it works fine:
Quote:
[root@se20 etc]# dig se21.se.digitalreefinc.com

; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> se21.se.digitalreefinc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18172
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;se21.se.digitalreefinc.com. IN A

;; ANSWER SECTION:
se21.se.digitalreefinc.com. 259200 IN A 172.30.4.21

;; AUTHORITY SECTION:
se.digitalreefinc.com. 259200 IN NS ns1.se.digitalreefinc.com.

;; ADDITIONAL SECTION:
ns1.se.digitalreefinc.com. 259200 IN A 172.30.4.20

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Dec 17 15:24:30 2009
;; MSG SIZE rcvd: 94

Last edited by zyzzogeton; 12-17-2009 at 02:25 PM.
 
Old 12-17-2009, 04:55 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

Because dig uses the dns server to resolve hostnames, you have to use a FQDN. The nslookup utility looks for the search/domain line in /etc/resolv.conf, so it can resolve hostnames without a domain name. If you want dig to do the same, you have to use the +search option:
Code:
dig se20 +search
Regarding:
Quote:
dig @localhost se20
...
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63982
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
...
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
you have to add the localhost ipv6 address ::1 in the allow-recursion arguments.

Regards
 
Old 12-18-2009, 12:29 PM   #7
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Ok, did not know that. Thanks for all your help. I will mark this one solved.
 
  


Reply

Tags
dns, named, nxdomain, zone


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dns Problem Loading The Zone File Error(zone File Not Found) ramineni Linux - Newbie 1 09-14-2008 08:36 AM
DNS zone file not updating msteiner Linux - Server 3 11-01-2007 11:22 AM
DNS Zone file help mnm_mc Linux - Networking 2 05-22-2007 09:19 AM
DNS zone file help mnm_mc Linux - Networking 4 11-27-2006 03:28 PM
Need help with DNS zone file please:-) TippyToes Linux - Networking 5 04-28-2004 05:32 PM


All times are GMT -5. The time now is 08:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration