Something more. This server is not really in domain and I don't have domain server in DMZ.


RNDC key is configured.

include "/etc/rndc.key";
// We are the master server for server.example.com
zone "zimbra.si" {
type master;
file "/etc/bind/db.mail4.zimbra.si";
};


dig -t axfr zimbra.si
global opitions: printcmd
Transfer failed

I don't get what you mean, but any client that uses this box as a dns server should be able to resolve the domain.

I guess you're running it from the box that runs bind, so it should work. Anyway you can add a "allow-transfer" directive, just to be sure you're allowed to do zone transfers:
Restart bind and run any of the following:

Still the same

dig -t axfr zimbra.si

; <<>> DiG 9.5.0-P2 <<>> -t axfr zimbra.si
;; global options: printcmd
; Transfer failed.


Bind and rndc are working, ...

mail4:~ # /etc/init.d/named restart
..dead
Shutting down name server BIND - Warning: named not running! done
Starting name server BIND

mail4:~ # rndc reload
server reload successful

I also tray allow-transfer {any;}; But stil does not work

I also change file "/etc/bind/db.mail4.zimbra.si"; to file "/etc/db.mail4.zimbra.si";


Where is my problem ??

One more time, if I didn't understand exactly what you say


Server Linux suse 11

IP 192.168.2.22 /24 mail4.zimbra.si - in DMZ - gateway 192.168.2.1

hostname: mail4
domain name: zimbra.si

resolved in the world
IP (external): 84.255.0.0 - mail.zimbra.si
DNS (external): 84.0.0.1 and 84.0.0.2



named.conf

# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {

directory "/var/lib/named";

dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";


forwarders { 84.255.209.79; 84.255.210.79; };


};



zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};



include "/etc/rndc.key";
// We are the master server for server.example.com
zone "zimbra.si" in { I add in , is this OK ??
type master;
file "/etc/db.mail4.zimbra.si";
allow-transfer {any;};
};

include "/etc/named.conf.include";



db.mail4.zimbra.si

;
; Addresses and other host information.
;
@ IN SOA mail4.zimbra.si. root.mail4.zimbra.si. (
10659 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
; Define the nameservers and the mail servers
IN NS mail4.zimbra.si.
IN MX 10 mail.zimbra.si.
@ IN A 192.168.2.22
mail4 IN A 192.168.2.22
mail IN A 192.168.2.22


cat /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.2.22 mail4.zimbra.si mail4

# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback

fe00::0 nil

ff00::0 nil
ff02::1 nil
ff02::2 nil
ff02::3 nil



cat /etc/resolv.conf
search zimbra.si
nameserver 192.168.2.22


nslookup zimbra.si

Server: 192.168.2.22
Address: 192.168.2.22#53

Non-authoritative answer:
*** Can't find zimbra.si: No answer


dig zimbra.si mx

; <<>> DiG 9.5.0-P2 <<>> zimbra.si mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17531
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;zimbra.si. IN MX

;; ANSWER SECTION:
zimbra.si. 78532 IN MX 30 fw.datalab.si.
zimbra.si. 78532 IN MX 10 mail.zimbra.si.
zimbra.si. 78532 IN MX 20 mx2.t-2.net.

;; AUTHORITY SECTION:
zimbra.si. 78532 IN NS fwimp.alcad.si.
zimbra.si. 78532 IN NS drava.pronet.si.

;; ADDITIONAL SECTION:
mail.zimbra.si. 78532 IN A 84.255.195.106

;; Query time: 25 msec
;; SERVER: 192.168.2.22#53(192.168.2.22)
;; WHEN: Tue Aug 2 10:17:29 2011
;; MSG SIZE rcvd: 171



dig zimbra.si any
; <<>> DiG 9.5.0-P2 <<>> zimbra.si any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63889
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;zimbra.si. IN ANY

;; ANSWER SECTION:
zimbra.si. 78407 IN NS fwimp.alcad.si.
zimbra.si. 78407 IN NS drava.pronet.si.
zimbra.si. 78407 IN MX 20 mx2.t-2.net.
zimbra.si. 78407 IN MX 30 fw.datalab.si.
zimbra.si. 78407 IN MX 10 mail.zimbra.si.

;; AUTHORITY SECTION:
zimbra.si. 78407 IN NS drava.pronet.si.
zimbra.si. 78407 IN NS fwimp.alcad.si.

;; ADDITIONAL SECTION:
mail.zimbra.si. 78407 IN A 84.255.195.106

;; Query time: 1 msec
;; SERVER: 192.168.2.22#53(192.168.2.22)
;; WHEN: Tue Aug 2 10:19:34 2011
;; MSG SIZE rcvd: 199

Are you sure named is running? I don't know how you've installed bind, but from the above looks like it wasn't and maybe it's still not running for some reason. So any query you're trying to do, goes to the real external dns server for the zone in question and the answers you get are not those expected.
Better run:
to see if named is actually running and if not check the logs to find out why it fails
You may also run the following to see the zones that your dns is authoritative for and any potential config errors:

mail4:~ # ps -ef|grep named
root 2334 1 0 10:28 ? 00:00:00 /sbin/syslog-ng -a /var/lib/named/dev/log
named 3718 1 0 10:28 ? 00:00:00 /usr/sbin/named -t /var/lib/named -u named
root 8908 8875 0 12:00 pts/1 00:00:00 grep named


mail4:~ # named-checkconf -z /etc/named.conf
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 42
/etc/db.mail4.zimbra.si:4: no TTL specified; using SOA MINTTL instead
zone zimbra.si/IN: loaded serial 10659


It's this OK

Although it is correct, the above line says that you're running named chrooted under /var/lib/named, so paths to named.conf, zone files etc, are relative to that directory.
Do you get the same with:
Also run the following commands and post the output:

mail4:~ # named-checkconf -z t /var/lib/named /etc/named.conf
usage: named-checkconf [-h] [-j] [-v] [-z] [-t directory] [named.conf]



mail4:~ # netstat -tanpl|grep named
tcp 0 0 192.168.2.22:53 0.0.0.0:* LISTEN 3718/named
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 3718/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 3718/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 3718/named
tcp 0 0 ::1:953 :::* LISTEN 3718/named



mail4:~ # dig ns zimbra.si

; <<>> DiG 9.5.0-P2 <<>> ns zimbra.si
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14628
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;zimbra.si. IN NS

;; ANSWER SECTION:
zimbra.si. 65307 IN NS drava.pronet.si.
zimbra.si. 65307 IN NS fwimp.alcad.si.

;; Query time: 13 msec
;; SERVER: 192.168.2.22#53(192.168.2.22)
;; WHEN: Tue Aug 2 13:57:54 2011
;; MSG SIZE rcvd: 80




mail4:~ # dig ns zimbra.si @localhost

; <<>> DiG 9.5.0-P2 <<>> ns zimbra.si @localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8955
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;zimbra.si. IN NS

;; ANSWER SECTION:
zimbra.si. 65277 IN NS fwimp.alcad.si.
zimbra.si. 65277 IN NS drava.pronet.si.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug 2 13:58:24 2011
;; MSG SIZE rcvd: 80

Oops I missed the dash before the "t" option
So it stills uses external dns to resolve the domain it is supposed to be authoritative for. Comment out the line
stop, then start bind, and try again with

I follow the steps, below.


mail4:~ # named-checkconf -z -t /var/lib/named /etc/named.conf
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 42
zone zimbra.si/IN: loading from master file /etc/db.mail4.zimbra.si failed: file not found
_default/zimbra.si/in: file not found

Then I commend forwarders { 84.255.209.79; 84.255.210.79; };

Then I stop, then start bind


mail4:~ # dig ns zimbra.si

; <<>> DiG 9.5.0-P2 <<>> ns zimbra.si
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46047
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;zimbra.si. IN NS

;; ANSWER SECTION:
zimbra.si. 86400 IN NS fwimp.alcad.si.
zimbra.si. 86400 IN NS drava.pronet.si.

;; Query time: 33 msec
;; SERVER: 192.168.2.22#53(192.168.2.22)
;; WHEN: Wed Aug 3 07:38:57 2011
;; MSG SIZE rcvd: 80



Then I rndc flush


mail4:~ # dig ns zimbra.si @localhost

; <<>> DiG 9.5.0-P2 <<>> ns zimbra.si @localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56984
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;zimbra.si. IN NS

;; ANSWER SECTION:
zimbra.si. 86400 IN NS fwimp.alcad.si.
zimbra.si. 86400 IN NS drava.pronet.si.

;; Query time: 337 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 3 07:39:53 2011
;; MSG SIZE rcvd: 80

What gives:
I guess named.conf is a symlink to /var/lib/named/etc/named.conf.
So copy the zone file into the jail directory
Run again the named-checkconf and if you get no errors, restart named and try resolving your domain

One time thanks for your help


mail4:~ # ls -l /etc/db.mail4.zimbra.si
-rw-r--r-- 1 root root 614 2011-08-01 11:12 /etc/db.mail4.zimbra.si


mail4:~ # ls -l /etc/named.conf
-rw-r--r-- 1 root named 4043 2011-08-03 07:38 /etc/named.conf

Yes there are the same


mail4:~ # named-checkconf -z -t /var/lib/named /etc/named.conf
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 42
/etc/db.mail4.zimbra.si:4: no TTL specified; using SOA MINTTL instead
zone amont.si/IN: loaded serial 10659

(I tried with #forwarders { 84.255.209.79; 84.255.210.79; }; and forwarders { 84.255.209.79; 84.255.210.79; }; ) and the same

nslookup zimbra.si

Server: 192.168.2.22
Address: 192.168.2.22#53

Non-authoritative answer:
*** Can't find zimbra.si: No answer

I guess you did restart named?
You still mixing the zones, or what?
Anyway run:
FYI I've added your zone and its zone file in my dns and it works just fine:

I guess you did restart named?
Yes I restarted named

/etc/init.d/named restart

rndc flush

And also restarted the server


I think not.



mail4:~ # named-checkzone -D -t /var/lib/named zimbra.si /etc/db.mail4.zimbra.si
/etc/db.mail4.zimbra.si:4: no TTL specified; using SOA MINTTL instead
zone zimbra.si/IN: loaded serial 10659
zimbra.si. 2592000 IN SOA mail4.zimbra.si. root.mail4.zimbra.si. 10659 43200 3600 3600000 2592000
zimbra.si. 2592000 IN NS mail4.zimbra.si.
zimbra.si. 2592000 IN A 192.168.2.22
zimbra.si. 2592000 IN MX 10 mail.zimbra.si.
mail.zimbra.si. 2592000 IN A 192.168.2.22
mail4.zimbra.si. 2592000 IN A 192.168.2.22
OK

This is intersting! Your zone file is correct and the zone zimbra.si has an A record (in red), but then it cannot be resolved!!!!!!
Can you try to resolve another host?
I still think that you are not using this zone file when named runs (or you have mixed the 2 zone files). Check the logs and see what zones are loading and from where.