Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-15-2009, 02:20 PM
|
#1
|
|
LQ Newbie
Registered: Oct 2009
Posts: 9
Rep: 
|
ignoring out-of-zone data in my DNS file
I am running named-checkdns against the following zone file:
Quote:
$TTL 3D
; Information about "forward" domain se.dr.com
$ORIGIN se.digitalreefinc.com.
@ IN SOA ns1.se.digitalreefinc.com. webmaster.se.digitalreefinc.com. (
200912151458 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
1D ) ; minimum
@ IN NS ns1.se.digitalreefinc.com. ;
se20 A 172.30.4.20;
ns1.se.digitalreefinc.com. A 172.30.4.20;
localhost A 127.0.0.1;
se21 A 172.30.4.21;
se22 A 172.30.4.22;
se23 A 172.30.4.23;
se24 A 172.30.4.24;
se25 A 172.30.4.25;
|
and I get this as the output:
Quote:
[root@se20 named]# named-checkzone localhost se.digitalreefinc.com.zone
se.digitalreefinc.com.zone:4: ignoring out-of-zone data (se.digitalreefinc.com)
se.digitalreefinc.com.zone:10: ignoring out-of-zone data (se.digitalreefinc.com)
se.digitalreefinc.com.zone:11: ignoring out-of-zone data (se20.se.digitalreefinc.com)
se.digitalreefinc.com.zone:12: ignoring out-of-zone data (ns1.se.digitalreefinc.com)
se.digitalreefinc.com.zone:13: ignoring out-of-zone data (localhost.se.digitalreefinc.com)
se.digitalreefinc.com.zone:14: ignoring out-of-zone data (se21.se.digitalreefinc.com)
se.digitalreefinc.com.zone:15: ignoring out-of-zone data (se22.se.digitalreefinc.com)
se.digitalreefinc.com.zone:16: ignoring out-of-zone data (se23.se.digitalreefinc.com)
se.digitalreefinc.com.zone:17: ignoring out-of-zone data (se24.se.digitalreefinc.com)
se.digitalreefinc.com.zone:18: ignoring out-of-zone data (se25.se.digitalreefinc.com)
zone localhost/IN: has 0 SOA records
zone localhost/IN: has no NS records
|
If I do a dig, I get the QUERY status: NXDOMAIN resoponse
zone localhost/IN: has no NS records
Quote:
[root@se20 named]# dig @localhost se20
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @localhost se20
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30626
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;se20. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009121500 1800 900 604800 86400
;; Query time: 583 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Dec 15 15:18:06 2009
;; MSG SIZE rcvd: 97
|
my named.conf is as follows:
Quote:
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "Bind";
#allow-query { localhost; };
allow-recursion {127.0.0.1; 172.30.0.0/16; };
forward first;
forwarders { 172.30.0.10; 172.30.0.11; }; #IP of upstream ISP nameserver(s)
#forward only; #rely completely on our upstream nameservers
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "se.digitalreefinc.com" IN {
type master;
file "se.digitalreefinc.com.zone";
allow-update {none;};
};
zone "4.30.172.in-addr.arpa" IN {
type master;
file "reverse.se.digitalreefinc.com.zone";
allow-update {none;};
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
|
I think my SOA record might be wrong, but I cannot find the error.
Any help is apreciated
Last edited by zyzzogeton; 12-17-2009 at 09:03 AM.
Reason: used quote blocks for clarity
|
|
|
|
|
12-15-2009, 03:29 PM
|
#2
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Hi,
Your named-checkzone command is wrong. You should use the zone name and the zone file as arguments. To see if your zone is ok, run this from inside the directory where is your zone files:
Code:
named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
Regarding the NXDOMAIN, you need to add
Code:
domain se.digitalreefinc.com
in top of /etc/hosts, if you want to resolve hostnames without using the FQDN.
Note also that you don't need forward and forwarders. Your nameserver can use the hint zone to resolve unknown domains.
Regards |
|
|
1 members found this post helpful.
|
|
12-17-2009, 08:59 AM
|
#3
|
|
LQ Newbie
Registered: Oct 2009
Posts: 9
Original Poster
Rep:
|
Thanks for redirecting me back here Bathory.
Here is the output for the checkzone:
-------------begin output-----------------
Quote:
[root@se20 named]# named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
zone se.digitalreefinc.com/IN: loaded serial 3343656022
OK
|
-------------------------------------------
So nothing compelling there.
When I do a restart of named, I notice that my zone file isn't touched though:
------------begin output /var/log/messages----------------
Quote:
Dec 17 09:56:28 se20 named[17920]: received control channel command 'stop'
Dec 17 09:56:28 se20 named[17920]: shutting down: flushing changes
Dec 17 09:56:28 se20 named[17920]: stopping command channel on 127.0.0.1#953
Dec 17 09:56:28 se20 named[17920]: stopping command channel on ::1#953
Dec 17 09:56:28 se20 named[17920]: no longer listening on 127.0.0.1#53
Dec 17 09:56:28 se20 named[17920]: no longer listening on ::1#53
Dec 17 09:56:28 se20 named[17920]: exiting
Dec 17 09:56:28 se20 named[1767]: starting BIND 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 -u named
Dec 17 09:56:28 se20 named[1767]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-red
hat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc
' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '
--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--w
ith-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
'--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-red
hat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-prote
ctor --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Dec 17 09:56:28 se20 named[1767]: adjusted limit on open files from 1024 to 1048576
Dec 17 09:56:28 se20 named[1767]: found 4 CPUs, using 4 worker threads
Dec 17 09:56:28 se20 named[1767]: using up to 4096 sockets
Dec 17 09:56:28 se20 named[1767]: loading configuration from '/etc/named.conf'
Dec 17 09:56:28 se20 named[1767]: using default UDP/IPv4 port range: [1024, 65535]
Dec 17 09:56:28 se20 named[1767]: using default UDP/IPv6 port range: [1024, 65535]
Dec 17 09:56:28 se20 named[1767]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 17 09:56:28 se20 named[1767]: listening on IPv6 interface lo, ::1#53
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 127.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: D.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: A.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: automatic empty zone: B.E.F.IP6.ARPA
Dec 17 09:56:28 se20 named[1767]: command channel listening on 127.0.0.1#953
Dec 17 09:56:28 se20 named[1767]: command channel listening on ::1#953
Dec 17 09:56:28 se20 named[1767]: the working directory is not writable
Dec 17 09:56:28 se20 named[1767]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 0.in-addr.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone localhost.localdomain/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: zone localhost/IN: loaded serial 0
Dec 17 09:56:28 se20 named[1767]: running
|
-------------------------------------------------------
Shouldn't I see a
Quote:
|
Dec 17 09:56:28 se20 named[1767]: zone se.digitalreefinc.com/IN: loaded serial 200912151458
|
in there somewhere? |
|
|
|
|
12-17-2009, 09:25 AM
|
#4
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Quote:
[root@se20 named]# named-checkzone se.digitalreefinc.com se.digitalreefinc.com.zone
zone se.digitalreefinc.com/IN: loaded serial 3343656022
OK
-------------------------------------------
So nothing compelling there.
|
Where is that serial number came from?
Quote:
Dec 17 09:56:28 se20 named[1767]: starting BIND 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 -u named
...
Dec 17 09:56:28 se20 named[1767]: the working directory is not writable
...
Dec 17 09:56:28 se20 named[1767]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
...
Dec 17 09:56:28 se20 named[1767]: zone localhost.localdomain/IN: loaded serial 0
...
|
Yes, you should see the zones defined in named.conf loading.
Are you sure you're using the named.conf you've posted previously? Because there are no such zones as the above and I don't think they came from the included /etc/named.rfc1912.zones.
Also you need to fix the permissions problem of /var/named (must be rw by user named). |
|
|
1 members found this post helpful.
|
|
12-17-2009, 02:14 PM
|
#5
|
|
LQ Newbie
Registered: Oct 2009
Posts: 9
Original Poster
Rep:
|
I am not sure where that serial number comes from however I think I have tracked down the issue,
Quote:
Dec 17 14:57:59 se20 named[2071]: zone localhost.localdomain/IN: loaded serial 0
Dec 17 14:57:59 se20 named[2071]: zone localhost/IN: loaded serial 0
Dec 17 14:57:59 se20 named[2071]: running
Dec 17 14:58:43 se20 named[2071]: received control channel command 'reload'
Dec 17 14:58:43 se20 named[2071]: loading configuration from '/etc/named.conf'
Dec 17 14:58:43 se20 named[2071]: using default UDP/IPv4 port range: [1024, 65535]
Dec 17 14:58:43 se20 named[2071]: using default UDP/IPv6 port range: [1024, 65535]
|
I have been editing named.conf in /var/named this whole time!
Now, doing a dig gives me this:
Quote:
[root@se20 etc]# dig @localhost se20
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> @localhost se20
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63982
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;se20. IN A
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Dec 17 15:11:11 2009
;; MSG SIZE rcvd: 22
|
Which I consider great progress.
I just need to track down my search domain issue. It looks like se20 is not using se.digitalreefinc.com as its search domain for some reason even though it is specified in the resolv.conf. If I use an fqdn, it works fine:
Quote:
[root@se20 etc]# dig se21.se.digitalreefinc.com
; <<>> DiG 9.6.1-P2-RedHat-9.6.1-7.P2.fc11 <<>> se21.se.digitalreefinc.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18172
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;se21.se.digitalreefinc.com. IN A
;; ANSWER SECTION:
se21.se.digitalreefinc.com. 259200 IN A 172.30.4.21
;; AUTHORITY SECTION:
se.digitalreefinc.com. 259200 IN NS ns1.se.digitalreefinc.com.
;; ADDITIONAL SECTION:
ns1.se.digitalreefinc.com. 259200 IN A 172.30.4.20
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Dec 17 15:24:30 2009
;; MSG SIZE rcvd: 94
|
Last edited by zyzzogeton; 12-17-2009 at 02:25 PM.
|
|
|
|
|
12-17-2009, 04:55 PM
|
#6
|
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,224
|
Hi,
Because dig uses the dns server to resolve hostnames, you have to use a FQDN. The nslookup utility looks for the search/domain line in /etc/resolv.conf, so it can resolve hostnames without a domain name. If you want dig to do the same, you have to use the +search option:
Regarding:
Quote:
dig @localhost se20
...
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 63982
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
...
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
|
you have to add the localhost ipv6 address ::1 in the allow-recursion arguments.
Regards |
|
|
|
|
12-18-2009, 12:29 PM
|
#7
|
|
LQ Newbie
Registered: Oct 2009
Posts: 9
Original Poster
Rep:
|
Ok, did not know that. Thanks for all your help. I will mark this one solved.
|
|
|
|
All times are GMT -5. The time now is 01:53 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
