Re: bind 9.11.2 - domain and subdomain with one zone does not work
> why so much complexity to begin with? > >t1 A 127.0.0.3 >sub.t30 A 127.0.0.2 --- Well, in first place to make it human readable, if needed to look into the zone. For some subdomains we would have entries for the subdomain itself, like couple NS,TXT,A,CNAME,SRV etc. So with these thoughts, the documentation gives this as a valid option and it worked in small scale on the testsystem, so we decieded to go this way. If this needs to be changed, I need a reason besides of 'that is this way more easy', because these zones get generated from an automated system and I need an argument to get a permission for a change request. Sincerely ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.11.2 - domain and subdomain with one zone does not work
Good morning,
we try to use in our zone files for easy including of new sub domains.
While it worked on my test system, in production we get either NXDOMAIN or
SERVFAIL,
both use bind 9.11.2 from the distro. Level 10 debug with all possible logs
enabled did gave no answer.
Maybe someone on this list will find our problem, like in the past.
named.conf from test system, besides of the amount of zones the same as
production:
---
options {
allow-transfer { none;};
check-names master ignore;
check-names slave ignore;
check-names response ignore;
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { any; };
notify no;
forward only;
forwarders { 127.0.0.1; };
allow-recursion { 127.0.0.1; };
allow-query { 127.0.0.1; };
response-policy {
zone "testoverride" log no;
zone "logoverride" log yes;
};
disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};
acl AllowDDNS { 127.0.0.1/32; };
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
view public {
zone "." in {
type hint;
file "db.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "127.0.0.zone";
};
zone "test.local" IN {
type master;
file "db.test.local";
};
zone "testoverride" {
type master;
file "Multistuff";
allow-query { AllowDDNS; };
allow-update { AllowDDNS; };
};
zone "logoverride" {
type master;
file "LogStuff";
allow-query { AllowDDNS; };
allow-update { AllowDDNS; };
};
};
logging {
channel default_syslog {
# Send most of the named messages to syslog.
syslog local2;
severity debug;
};
channel audit_log {
#Send the security related messages to a separate file.
syslog local2;
severity debug;
print-time yes;
};
channel null {
null;
};
category default { default_syslog; };
category config { default_syslog; };
category dispatch { default_syslog; };
category network { default_syslog; };
category general { default_syslog; };
category resolver { default_syslog; };
category cname { default_syslog; };
category delegation-only { default_syslog; };
category lame-servers { default_syslog; };
category edns-disabled { default_syslog; };
category dnssec { default_syslog; };
category notify { default_syslog; };
category xfer-in { default_syslog; };
category xfer-out { default_syslog; };
category update{ default_syslog; };
category update-security { default_syslog; };
category client{ default_syslog; };
category security { default_syslog; };
category rate-limit { default_syslog; };
category spill { default_syslog; };
category database { default_syslog; };
category rpz { default_syslog; };
category dnstap { default_syslog; };
category queries { default_syslog; };
category query-errors { default_syslog; };
};
---
The zone file:
---
$ORIGIN .
$TTL 604800 ; 1 week
test.local IN SOA mytest.test.local. root.test.local. (
2020040123 ; serial
1800 ; refresh (30 minutes)
900; retry (15 minutes)
2592000; expire (4 weeks 2 days)
604800 ; minimum (1 week)
)
NS test.local.
NS test.local.
A 127.0.0.1
MX 10 test.local.
MX 20 test.local.
TXT "AD buc"
$ORIGIN test.local.
t1 A 127.0.0.3
sub NS test.local.
NS test.local.
MX 10 test.local.
MX 20 test.local.
$ORIGIN sub.test.local.
localhost A
Using $INCLUDE in zones
Hello, I am trying to use $INCLUDE in zones, but getting the error "dns_master_load: file not found". My main zone: # @ 28800 IN SOA test.localhost. test.localhost. ( 2018070402 ; serial 10800 ; refresh (3 hour) 3600; retry (15 minutes) 604800 ; expire (1 week ) 28800 ; minimum (8 Stunden) ); IN A 127.0.0.1 IN NS test.localhost. $INCLUDE db.sub.test.org sub.test.org. # Content of db.sub.test.org: # www IN A 127.0.0.1 # According to the documentation this should work. What do I miss? Greetings ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate with respone-policy zone
Thank you very much, this did the trick. Have a nice day! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
nsupdate with respone-policy zone
Hello, I try to update my RPZ Zone 'testoverride' with nsupdate. Sadly I get only 127.0.0.1#56851: view public: updating zone 'testoverride/IN': update failed: update RR is outside zone (NOTZONE) as error message. How do I update a RPZ zone with nsupdate? Do I miss something? Do I understand something wrong? My nsupdate file is this: server 127.0.0.1 debug no zone testoverride update add zzz.google.de 604800 A 127.0.0.1 send Sincerely ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
