LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   dns server error -- out of zone data error (https://www.linuxquestions.org/questions/linux-newbie-8/dns-server-error-out-of-zone-data-error-4175518267/)

Anandhc 09-11-2014 01:26 PM
dns server error -- out of zone data error
 
Hi I'm Muruganandan
I am configuring my dns server with Centos 6.5 bind Version 9.8.2
I configured everthing but if start the server I m getting out of zone error,
Here my named.conf
/acl "slave" { ip-address; };//

acl "blacklist" { 210.10.10.1; 192.168.10.1; 162.168.20.0/24; 192.168.0.0/24; };
acl "spoofingnetwork" { 10.0.0.0/8; 192.168.0.0/16; };

options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; mynet; };
allow-recursion { wls-net; };
blackhole { blacklist; spoofingnetwork; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";


Im configuring for the ISP with multiple zone I want allow our own network to query What shoul I do

But I try named-checkconf named.conf -z it does not give any error same I checked the zone file also not give error the structures looking okay but I could not find the reason any one help out


named.rf19192.zone file

view "internal" {
match-clients { "allow"; };
recursion yes;
allow-recursion { "allow"; };

zone "." IN {
type hint;
file "named.ca";
};

zone "102.122.202.in.addr-arpa" IN {
type master;
file "102.122.202.zone";
allow-update { none; };
allow-query { allow; };
};

zone "101.121.202.in.addr-arpa" IN {
type master;
file "101.121.202.zone";

where allow is my network in both named.conf and named.rfc

so tell me what could be the reason in details


Thanaks in advance

Muruganandan.C
linux Anandhc is online now

anotherlinuxuser 09-13-2014 02:10 AM
I don't think the word "allow" is valid element in your statements:

Your post shows elements like:
match-clients { "allow"; };
and
allow-recursion { "allow"; };
etc.

But, I think you mean { "any"; } instead of { "allow"; }, if by 'allow' you want to allow 'any'body.
'allow' would be valid, if there was an 'acl' statement defining 'allow' as an acl, but I don't see that in your post.

Try changing all occurances of "{ "allow"; }" to "{ "any"; }" in named.conf.

Anandhc 09-24-2014 04:53 AM
Hi Thanks for your reply


Your post shows elements like:
match-clients { "allow"; };
and
allow-recursion { "allow"; };
etc


where "allow" is my acl's name. But some how I managed to resolve the error, but I figured this is because some mis-configuration in zone files,
Now I have I another error my named.conf is starting well. but its not resolving names, I try to ping IP its pinging, I try to ping names like
ping yahoo.com
it gives me error unknown host, what would be be the reason

DNS-Bind 9.9.* in
OS-centos 7
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.

See the BIND Administrator's Reference Manual (ARM) for details, in:
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
its manual.
*/
acl “allow” { 127.0.0.1; 192.168.180.0/24; xx.x.x.x/21;};
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";


/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; allow; };

//listen-on-v6 port 53 { any; };
//listen-on-v6 port 53 { ::1; };


};
*/

allow-query { localhost; };
allow-query-cache { localhost; };

recursion yes;


//dnssec-enable yes;

//dnssec-validation yes;

//dnssec-lookaside auto;
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


view "localhost_resolver"

{
match-clients { localhost; allow; };
recursion yes;

# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

include "/etc/named.rfc1912.zones";
};
view "internal"
{
match-clients { localnets; };
allow-recursion { localhost; allow; };
allow-query { localhost; allow; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

*/
include "/etc/named.rfc1912.zones";


};

view "external"

{
match-clients { any; allow; };

zone "." IN {
type hint;
file "/var/named/named.ca";
};

recursion no;


};

};

Here is my named.conf file
Please tell me what could be reason
ther is error in lg

broken key chain

I have checked zone individually and named.conf file there is error reported but if try resolve names its gives me unknown host,

Thanks in advance

Regads
Muruganandan.C

---------- Post added 09-24-14 at 03:23 PM ----------

Hi Thanks for your reply


Your post shows elements like:
match-clients { "allow"; };
and
allow-recursion { "allow"; };
etc


where "allow" is my acl's name. But some how I managed to resolve the error, but I figured this is because some mis-configuration in zone files,
Now I have I another error my named.conf is starting well. but its not resolving names, I try to ping IP its pinging, I try to ping names like
ping yahoo.com
it gives me error unknown host, what would be be the reason

DNS-Bind 9.9.* in
OS-centos 7
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.

See the BIND Administrator's Reference Manual (ARM) for details, in:
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
its manual.
*/
acl “allow” { 127.0.0.1; 192.168.180.0/24; xx.x.x.x/21;};
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";


/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; allow; };

//listen-on-v6 port 53 { any; };
//listen-on-v6 port 53 { ::1; };


};
*/

allow-query { localhost; };
allow-query-cache { localhost; };

recursion yes;


//dnssec-enable yes;

//dnssec-validation yes;

//dnssec-lookaside auto;
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


view "localhost_resolver"

{
match-clients { localhost; allow; };
recursion yes;

# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

include "/etc/named.rfc1912.zones";
};
view "internal"
{
match-clients { localnets; };
allow-recursion { localhost; allow; };
allow-query { localhost; allow; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

*/
include "/etc/named.rfc1912.zones";


};

view "external"

{
match-clients { any; allow; };

zone "." IN {
type hint;
file "/var/named/named.ca";
};

recursion no;


};

};

Here is my named.conf file
Please tell me what could be reason
ther is error in lg

broken key chain

I have checked zone individually and named.conf file there is error reported but if try resolve names its gives me unknown host,

Thanks in advance

Regads
Muruganandan.C


All times are GMT -5. The time now is 02:52 AM.