Most certainly - Yes. You have a single zone here, thus only:
named-checkzone example.com <http://example.com> example.com.zone ...should work. Wait till you play with a reverse IPv6 zone - where I personally use many $ORIGIN statements - saves hours of typing and makes reading the Zones so much easier. On 05/06/2017 15:40, Bernard Fay wrote: > I understand what $ORIGIN is doing by reducing the typing and making > it easier to maintain the zone files. > > To Tony, should I understand while using named-checkzone I need to > enter _only_ the top domain and named-checkzone will understand the > subdomains defined by the multiple $ORIGIN in the zone file? > > Thanks, > Bernard > > > On Mon, Jun 5, 2017 at 9:18 AM, Tony Finch <d...@dotat.at > <mailto:d...@dotat.at>> wrote: > > Bernard Fay <bernard....@gmail.com <mailto:bernard....@gmail.com>> > wrote: > > > > I took control of a DNS based on Bind 9.9. One of the zone > files have > > multiple $ORIGIN for example: > > The key thing to understand is that $ORIGIN just controls how > unqualified > domain names are expanded into fully-qualified domain names. In > particular, $ORIGIN is completely independent of zone boundaries. > > So in the master file you sketched out, > > > $ORIGIN example.com <http://example.com> > > ... > > $ORIGIN sub1.example.com <http://sub1.example.com> > > ... > > $ORIGIN sub2.example.com <http://sub2.example.com> > > ... > > $ORIGIN sub3.example.com <http://sub3.example.com> > > ... > > The person who wrote the file is using $ORIGIN in order to abbreviate > unqualified names in subdomains, but the subdomains are all part > of the > same zone. > > The other thing to be aware of is that it is possible to write a > zone file > without any fuly-qualified names, which is why you have to specify the > zone name when loading the file. (This feature is useful for empty > zones, > for example, but it's usually not a good idea for normal zones.) > The zone > name is used to set the default $ORIGIN and for the zone sanity > checks. > > So, this works... > > > While checking the zone file with: > > named-checkzone example.com <http://example.com> example.com.zone > > named-checkzone returns ok for the first $ORIGIN. > > ...because the zone name you specified on the command line matches the > contents of the master file. > > However, > > > named-checkzone sub1.example.com <http://sub1.example.com> > example.com.zone > > named-checkzone sub2.example.com <http://sub2.example.com> > example.com.zone > > named-checkzone sub3.example.com <http://sub3.example.com> > example.com.zone > > named-checkzone reports many "ignoring out-of-zone data > (....example.com <http://example.com>)" > > this doesn't make sense. The master file is one single whole complete > zone. The subdomains are not separate zones, and you can't load or > check > part of the file. > > So the error message is saying that the SOA record and the apex NS > records > at example.com <http://example.com> and loads of other records are > not subdomains of the zone > name that you gave on the commamnd line. I usually encounter this > error > when I have accidentally got my zone name and master file name muddled > up, and once you get used to the error message it's a useful > consistency > check. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at <mailto:d...@dotat.at>> > http://dotat.at/ - I xn--zr8h punycode > Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, > decreasing 5 later > in southwest. Moderate or rough. Rain at first. Moderate or good. > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark James ELKINS - Posix Systems - (South) Africa m...@posix.co.za Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users