[SOLVED] bind9 config files: leading whitespace requirements?

catkin · 04-19-2011, 12:53 PM

Hello

Is leading whitespace significant in bind9 config files?

This reverse lookup file (/var/chroot/bind9/etc/bind/zones/rev.168.168.192.in-addr.arpa) did not work; /var/log/messages had "zone 168.168.192.in-addr.arpa/IN: has no NS records".

Inserting 3 spaces before IN in the NS line fixed it:

Code:

; IP Address-to-Host DNS Pointers for the 192.168.168.0 subnet
@ IN SOA CW8vDS.localdomain. hostmaster.localdomain. (
    2011041901 ; serial
    8H ; refresh
    4H ; retry
    4W ; expire
    1D ; minimum
)
; Define the authoritative name server
   IN NS CW8vDS.localdomain.  <== leading spaces on this line
; Other hosts, in numeric order
1  IN PTR router.localdomain.
[snip]

Reading the man pages and netsearching, I did not find anything about indentation requirements except for "This is usually indented for readability, but the indents are required syntactically" here.

Although the above file works, named-checkconf reports an error in it:

Code:

root@CW8vDS:/var/chroot/bind9/etc/bind/zones# named-checkconf rev.168.168.192.in-addr.arpa 
rev.168.168.192.in-addr.arpa:1: syntax error near ';'

but named initialisation does not log any errors or warnings in /var/log/messages when processing this file except "/etc/bind/zones/rev.168.168.192.in-addr.arpa:2: no TTL specified; using SOA MINTTL instead".

Best

Charles

MensaWater · 04-19-2011, 01:37 PM

It's not so much leading white space as it is that there is a "field" before the IN that could be populated if your zone file had a different recordsfor the NS files. If you look at your other zones and "IN A" records it would be obvious there is a field before the "IN".

e.g.
Standard NS for the current zone:
IN NS CW8vDS.localdomain
-OR-
service.dns.localdomain. IN NS CW8vDS.localdomain

catkin · 04-20-2011, 08:46 AM

Thanks MensaWater

that explains it. For transparency I have changed the line to

Code:

<defective change removed>

EDIT:

Code:

@ IN NS CW8vDS.localdomain.

catkin · 04-21-2011, 03:06 AM

Quote:

Originally Posted by catkin

Although the above file works, named-checkconf reports an error in it:

Code:

root@CW8vDS:/var/chroot/bind9/etc/bind/zones# named-checkconf rev.168.168.192.in-addr.arpa 
rev.168.168.192.in-addr.arpa:1: syntax error near ';'

If I now understand correctly the above error message is because named-checkconf cannot be used for checking zone files such as rev.168.168.192.in-addr.arpa in which the ";" comment introducer is allowed.

bathory · 04-21-2011, 03:22 AM

Hi,

You're right. named-checkconf is used to check named.conf where ";" is used in the statements.
Btw, regarding the leading whitespace, quoting from here:

Quote:

@
; replace with the current value of $ORIGIN

; blank/space or tab in which case the last name used or the value of $ORIGIN (or its default value) is substituted

Regards

catkin · 04-21-2011, 03:48 AM

Thanks bathory

I finally found an explanation of leading whitespace in O'Reilly's "DNS and BIND 5th Edition" in section 4.4.3. "Repeat Last Name":

If a resource record name (that starts in the first column) is a space or tab, then the name from the last resource record is used. You use this if there are multiple resource records for a name. Here's an example in which there are two address records for one name:

Code:

wormhole      IN A        192.249.249.1
              IN A        192.253.253.1

In the second address record, the name wormhole is implied. You can use this shortcut even if the resource records are of different types.

In the case of the first resource record, leading whitespace is equivalent to @.

EDIT: @ is shorthand for $ORIGIN

EDIT 2: great link; bookmarked. It even has a section on file naming conventions (although I have chosen to follow the Debian and O'Reilly convention instead).

MensaWater · 04-21-2011, 01:09 PM

Quote:

Originally Posted by catkin

If I now understand correctly the above error message is because named-checkconf cannot be used for checking zone files such as rev.168.168.192.in-addr.arpa in which the ";" comment introducer is allowed.

named-checkconf is used for checking the named configuration file (typically named.conf). You can use named-checkzone for checking your zone files.

catkin · 04-22-2011, 04:35 AM

Quote:

Originally Posted by MensaWater

named-checkconf is used for checking the named configuration file (typically named.conf). You can use named-checkzone for checking your zone files.

Thanks MensaWater

It looks as if named-checkzone can be used to check zone files but not to check a reverse lookup zone file:

Code:

root@CW8vDS:/var/chroot/bind9/etc/bind# named-checkzone localdomain db.localdomain 
zone localdomain/IN: loaded serial 2011042101
OK
root@CW8vDS:/var/chroot/bind9/etc/bind# named-checkzone localdomain db.192.168.168
db.192.168.168:16: ignoring out-of-zone data (168.168.192.in-addr.arpa)
db.192.168.168:25: ignoring out-of-zone data (168.168.192.in-addr.arpa)
zone localdomain/IN: has 0 SOA records
zone localdomain/IN: has no NS records
zone localdomain/IN: not loaded due to errors.
root@CW8vDS:/var/chroot/bind9/etc/bind# cat db.192.168.168
; Address-to-name pointers for the 192.168.168.0 subnet

; WHEN CHANGING THIS FILE change the serial string!

; The format of this file is explained in O'Reilly's "DNS and BIND" 5th Edition
; in section 4.2. The definitive reference is available from http://www.bind9.net/manuals 
; but does not cover comments and blank lines (either in the 9.7.x pdf file or 
; the online 9.3.2 HTML).
; Leading space implies an empty (defaulted) "owner name"; for clarity this is 
; not used.

; Set the time-to-live of cached data from this zone
$TTL 30m

168.168.192.in-addr.arpa. IN SOA CW8vDS.localdomain. hostmaster.localdomain. (
    2011042101 ; serial, format YYYYMMDDII where II is an index
    8H ; refresh
    4H ; retry
    4W ; expire
    1D ; minimum
)

; Set CW8vDS as the localdomain Internet name server
168.168.192.in-addr.arpa. IN NS CW8vDS.localdomain.

; Other hosts in numeric order
1 IN PTR router.localdomain.
[snip similar]
51 IN PTR CW8vDS.localdomain.

AFAIK the only way to check a reverse lookup zone file is to use named-checkconf with the -z option on the master configuration file:

Code:

root@CW8vDS:~# named-checkconf -z /var/chroot/bind9/etc/bind/named.conf
zone localdomain/IN: loaded serial 2011042101
zone 168.168.192.in-addr.arpa/IN: loaded serial 2011042101
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1

bathory · 04-22-2011, 07:27 AM

Hi catkin,

named-checkzone syntax is:

Quote:

So to check the reverse zone you should run:

Code:

named-checkzone 168.168.192.in-addr.arpa /var/chroot/bind9/etc/bind/zones/rev.168.168.192.in-addr.arpa

Note also that named-checkconf -z is used to check all the zone files present in named.conf

Regards

catkin · 04-22-2011, 07:39 AM

Thanks bathory

"168.168.192.in-addr.arpa" was the zone name to use for the reverse lookup zone file

There had to be a way!

MensaWater · 04-22-2011, 11:56 AM

Quote:

Originally Posted by bathory

Hi catkin,

named-checkzone syntax is:

So to check the reverse zone you should run:

Code:

named-checkzone 168.168.192.in-addr.arpa /var/chroot/bind9/etc/bind/zones/rev.168.168.192.in-addr.arpa

Note also that named-checkconf -z is used to check all the zone files present in named.conf

Regards

Nice to know that. By the way if your setup is chrooted (as mine is) you can can specify "-t <chrootdir>" along with the -z to make it work. (It didn't work without that.) e.g. if your chroot is the standard RHEL5 one /var/named/chroot (so that etc and var/named are subdirectories of /var/named/chroot) you'd run:
named-checkconf -z -t /var/named/chroot /etc/named.conf