Re: rndc addzone type forward

[Evan Hunt]

> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:

Unfortunately that's not currently possible. The configuration syntax is
misleading here. You configure forwarding in a view by putting a "zone"
statement in named.conf, but it doesn't actually build a zone *object*,
the way type "master" or "slave" does; it tells the server to set up a
different data structure entirely.  The addzone command is focused on zone
objects and doesn't know what to do with this.

(I thought I remembered documenting this limitation, but I don't see it in
the ARM; my apologies for that oversight.)

We've had a feature request in our queue for some time to make it possible
to configure forwarding via rndc. Hopefully in 9.12.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc addzone type forward

[Tony Finch]

Emil Natan  wrote:
>
> I also compiled BIND 9.11.0rc3, but nothing changed, no more verbosity,
> only the name of the .nzf file created changed from hash to plain text.

Try 9.11.0-P1 which has a few changes since rc3.

> Another finding is that the failure .nzf file is created, but it's empty
> and the next run of rndc addzone fails with "already exists".

Is the zone present in memory but not on disk, perhaps? Try something like:

$ curl -Ssf http://server:8053/json/v1/zones | grep name

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
South Biscay, South Fitzroy: Northeasterly 4 or 5 at times in Fitzroy,
otherwise variable 3 or 4, becoming westerly 5 or 6 in north. Slight or
moderate, becoming rough later in north. Rain or showers. Moderate or good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc addzone type forward

[Emil Natan]

 Original Message 
Subject: Re: rndc addzone type forward
Local Time: November 16, 2016 5:50 PM
UTC Time: November 16, 2016 3:50 PM
From: e...@foowatch.com
To: bind-users@lists.isc.org <bind-users@lists.isc.org>








 Original Message 
Subject: Re: rndc addzone type forward
Local Time: November 16, 2016 5:12 PM
UTC Time: November 16, 2016 3:12 PM
From: d...@dotat.at
To: Emil Natan <e...@foowatch.com>
bind-users@lists.isc.org <bind-users@lists.isc.org>

Emil Natan <e...@foowatch.com> wrote:
>
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
>
> rndc addzone zone.org '{type forward; forward only; forwarders { 
> 192.168.20.115; }; };'
> rndc: 'addzone' failed: not found

I think this happens if you are using a version before 9.11 (which has a
more verbose error) and you get the view name wrong. The view name can be
wrong if you have multiple views and you don't specify which one.

e.g. on a 9.10 server with views:

$ rndc addzone google '{ type forward; forward only; forwarders { 8.8.8.8; }; 
};'
rndc: 'addzone' failed: not found
$

And on a 9.11 server with views:

$ rndc addzone google '{ type forward; forward only; forwarders { 8.8.8.8; }; 
};'
rndc: 'addzone' failed: not found
no matching view found for '_default'
$

You can get a similar error if you specify an incorrect view:

$ rndc addzone google in error '{ type forward; forward only; forwarders { 
8.8.8.8; }; };'
rndc: 'addzone' failed: not found
no matching view found for 'error'
$

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode
Shannon: West 6 to gale 8, perhaps severe gale 9 later. Rough or very rough,
becoming mainly high. Thundery showers. Good, occasionally poor.

Thank you for your response.
I'm not using and not specifying view, which is optional anyway. I also 
compiled BIND 9.11.0rc3, but nothing changed, no more verbosity, only the name 
of the .nzf file created changed from hash to plain text.
Another finding is that the failure .nzf file is created, but it's empty and 
the next run of rndc addzone fails with "already exists".

root@debugtzc:/usr/local/stow# find /chroot/named -name "*.nzf"
root@debugtzc:/usr/local/stow# rndc addzone google '{ type forward; forward 
only; forwarders { 8.8.8.8; }; };'
rndc: 'addzone' failed: not found
root@debugtzc:/usr/local/stow# find /chroot/named -name "*.nzf"
/chroot/named/var/named/_default.nzf
root@debugtzc:/usr/local/stow# rndc addzone google '{ type forward; forward 
only; forwarders { 8.8.8.8; }; };'
rndc: 'addzone' failed: already exists
configure_zone failed: already exists
ls -l /chroot/named/var/named/_default.nzf -rw-r--r-- 1 named named 0 Nov 16 
17:39 /chroot/named/var/named/_default.nzf

Emil

Update: despite the errors, the forwarding takes effect, checked with tcpdump.
But now I can't remove the forwarding zone:
After:
root@debugtzc:/usr/local/stow# rndc addzone google.com '{ type forward; forward 
only; forwarders { 8.8.4.4; }; };
'rndc: 'addzone' failed: not found

Here forwarding works:
18:04:36.703150 IP debugtzc.isoc.org.il.55531 > 8.8.4.4.domain: 20892+% [1au] 
A? google.com. (51)

But then:
root@debugtzc:/usr/local/stow# rndc delzone google.com
rndc: 'delzone' failed: not found
no matching zone 'google.com' in any view

And the queries for google.com are still forwarded to 8.8.4.4.

Emil___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc addzone type forward

[Emil Natan]

 Original Message 
Subject: Re: rndc addzone type forward
Local Time: November 16, 2016 5:12 PM
UTC Time: November 16, 2016 3:12 PM
From: d...@dotat.at
To: Emil Natan <e...@foowatch.com>
bind-users@lists.isc.org <bind-users@lists.isc.org>

Emil Natan <e...@foowatch.com> wrote:
>
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
>
> rndc addzone zone.org '{type forward; forward only; forwarders { 
> 192.168.20.115; }; };'
> rndc: 'addzone' failed: not found

I think this happens if you are using a version before 9.11 (which has a
more verbose error) and you get the view name wrong. The view name can be
wrong if you have multiple views and you don't specify which one.

e.g. on a 9.10 server with views:

$ rndc addzone google '{ type forward; forward only; forwarders { 8.8.8.8; }; 
};'
rndc: 'addzone' failed: not found
$

And on a 9.11 server with views:

$ rndc addzone google '{ type forward; forward only; forwarders { 8.8.8.8; }; 
};'
rndc: 'addzone' failed: not found
no matching view found for '_default'
$

You can get a similar error if you specify an incorrect view:

$ rndc addzone google in error '{ type forward; forward only; forwarders { 
8.8.8.8; }; };'
rndc: 'addzone' failed: not found
no matching view found for 'error'
$

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode
Shannon: West 6 to gale 8, perhaps severe gale 9 later. Rough or very rough,
becoming mainly high. Thundery showers. Good, occasionally poor.

Thank you for your response.
I'm not using and not specifying view, which is optional anyway. I also 
compiled BIND 9.11.0rc3, but nothing changed, no more verbosity, only the name 
of the .nzf file created changed from hash to plain text.
Another finding is that the failure .nzf file is created, but it's empty and 
the next run of rndc addzone fails with "already exists".

root@debugtzc:/usr/local/stow# find /chroot/named -name "*.nzf"
root@debugtzc:/usr/local/stow# rndc addzone google '{ type forward; forward 
only; forwarders { 8.8.8.8; }; };'
rndc: 'addzone' failed: not found
root@debugtzc:/usr/local/stow# find /chroot/named -name "*.nzf"
/chroot/named/var/named/_default.nzf
root@debugtzc:/usr/local/stow# rndc addzone google '{ type forward; forward 
only; forwarders { 8.8.8.8; }; };'
rndc: 'addzone' failed: already exists
configure_zone failed: already exists
ls -l /chroot/named/var/named/_default.nzf -rw-r--r-- 1 named named 0 Nov 16 
17:39 /chroot/named/var/named/_default.nzf

Emil___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: rndc addzone type forward

[Tony Finch]

Emil Natan  wrote:
>
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
>
> rndc addzone zone.org '{type forward; forward only; forwarders { 
> 192.168.20.115; }; };'
> rndc: 'addzone' failed: not found

I think this happens if you are using a version before 9.11 (which has a
more verbose error) and you get the view name wrong. The view name can be
wrong if you have multiple views and you don't specify which one.

e.g. on a 9.10 server with views:

$ rndc addzone google '{ type forward; forward only; forwarders { 8.8.8.8; }; 
};'
rndc: 'addzone' failed: not found
$

And on a 9.11 server with views:

$ rndc addzone google '{ type forward; forward only; forwarders { 8.8.8.8; }; 
};'
rndc: 'addzone' failed: not found
no matching view found for '_default'
$

You can get a similar error if you specify an incorrect view:

$ rndc addzone google in error '{ type forward; forward only; forwarders { 
8.8.8.8; }; };'
rndc: 'addzone' failed: not found
no matching view found for 'error'
$

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Shannon: West 6 to gale 8, perhaps severe gale 9 later. Rough or very rough,
becoming mainly high. Thundery showers. Good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users