Hi I'm Muruganandan
I am configuring my dns server with Centos 6.5 bind Version 9.8.2
I configured everthing but if start the server I m getting out of zone error,
Here my named.conf
/acl "slave" { ip-address; };//

acl "blacklist" { 210.10.10.1; 192.168.10.1; 162.168.20.0/24; 192.168.0.0/24; };
acl "spoofingnetwork" { 10.0.0.0/8; 192.168.0.0/16; };

options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; mynet; };
allow-recursion { wls-net; };
blackhole { blacklist; spoofingnetwork; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";


Im configuring for the ISP with multiple zone I want allow our own network to query What shoul I do

But I try named-checkconf named.conf -z it does not give any error same I checked the zone file also not give error the structures looking okay but I could not find the reason any one help out


named.rf19192.zone file

view "internal" {
match-clients { "allow"; };
recursion yes;
allow-recursion { "allow"; };

zone "." IN {
type hint;
file "named.ca";
};

zone "102.122.202.in.addr-arpa" IN {
type master;
file "102.122.202.zone";
allow-update { none; };
allow-query { allow; };
};

zone "101.121.202.in.addr-arpa" IN {
type master;
file "101.121.202.zone";

where allow is my network in both named.conf and named.rfc

so tell me what could be the reason in details


Thanaks in advance

Muruganandan.C
linux Anandhc is online now

I don't think the word "allow" is valid element in your statements:

Your post shows elements like:
match-clients { "allow"; };
and
allow-recursion { "allow"; };
etc.

But, I think you mean { "any"; } instead of { "allow"; }, if by 'allow' you want to allow 'any'body.
'allow' would be valid, if there was an 'acl' statement defining 'allow' as an acl, but I don't see that in your post.

Try changing all occurances of "{ "allow"; }" to "{ "any"; }" in named.conf.

Hi Thanks for your reply


Your post shows elements like:
match-clients { "allow"; };
and
allow-recursion { "allow"; };
etc


where "allow" is my acl's name. But some how I managed to resolve the error, but I figured this is because some mis-configuration in zone files,
Now I have I another error my named.conf is starting well. but its not resolving names, I try to ping IP its pinging, I try to ping names like
ping yahoo.com
it gives me error unknown host, what would be be the reason

DNS-Bind 9.9.* in
OS-centos 7
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.

See the BIND Administrator's Reference Manual (ARM) for details, in:
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
its manual.
*/
acl “allow” { 127.0.0.1; 192.168.180.0/24; xx.x.x.x/21;};
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";


/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; allow; };

//listen-on-v6 port 53 { any; };
//listen-on-v6 port 53 { ::1; };


};
*/

allow-query { localhost; };
allow-query-cache { localhost; };

recursion yes;


//dnssec-enable yes;

//dnssec-validation yes;

//dnssec-lookaside auto;
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


view "localhost_resolver"

{
match-clients { localhost; allow; };
recursion yes;

# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

include "/etc/named.rfc1912.zones";
};
view "internal"
{
match-clients { localnets; };
allow-recursion { localhost; allow; };
allow-query { localhost; allow; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

*/
include "/etc/named.rfc1912.zones";


};

view "external"

{
match-clients { any; allow; };

zone "." IN {
type hint;
file "/var/named/named.ca";
};

recursion no;


};

};

Here is my named.conf file
Please tell me what could be reason
ther is error in lg

broken key chain

I have checked zone individually and named.conf file there is error reported but if try resolve names its gives me unknown host,

Thanks in advance

Regads
Muruganandan.C

---------- Post added 09-24-14 at 03:23 PM ----------

Hi Thanks for your reply


Your post shows elements like:
match-clients { "allow"; };
and
allow-recursion { "allow"; };
etc


where "allow" is my acl's name. But some how I managed to resolve the error, but I figured this is because some mis-configuration in zone files,
Now I have I another error my named.conf is starting well. but its not resolving names, I try to ping IP its pinging, I try to ping names like
ping yahoo.com
it gives me error unknown host, what would be be the reason

DNS-Bind 9.9.* in
OS-centos 7
/*
Sample named.conf BIND DNS server 'named' configuration file
for the Red Hat BIND distribution.

See the BIND Administrator's Reference Manual (ARM) for details, in:
file:///usr/share/doc/bind-{version}/arm/Bv9ARM.html
Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
its manual.
*/
acl “allow” { 127.0.0.1; 192.168.180.0/24; xx.x.x.x/21;};
options
{
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";


/*
Specify listenning interfaces. You can use list of addresses (';' is
delimiter) or keywords "any"/"none"
*/
//listen-on port 53 { any; };
listen-on port 53 { 127.0.0.1; allow; };

//listen-on-v6 port 53 { any; };
//listen-on-v6 port 53 { ::1; };


};
*/

allow-query { localhost; };
allow-query-cache { localhost; };

recursion yes;


//dnssec-enable yes;

//dnssec-validation yes;

//dnssec-lookaside auto;
};

logging
{
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


view "localhost_resolver"

{
match-clients { localhost; allow; };
recursion yes;

# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

include "/etc/named.rfc1912.zones";
};
view "internal"
{
match-clients { localnets; };
allow-recursion { localhost; allow; };
allow-query { localhost; allow; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

*/
include "/etc/named.rfc1912.zones";


};

view "external"

{
match-clients { any; allow; };

zone "." IN {
type hint;
file "/var/named/named.ca";
};

recursion no;


};

};

Here is my named.conf file
Please tell me what could be reason
ther is error in lg

broken key chain

I have checked zone individually and named.conf file there is error reported but if try resolve names its gives me unknown host,

Thanks in advance

Regads
Muruganandan.C