Thanks in advance for any replies.
What needs changing to avoid the ignoring out-of-zone data data problems?
# named-checkzone home /var/named/home.zone
/var/named/home.zone:18: ignoring out-of-zone data (myrtr.home.test) /var/named/home.zone:19: ignoring out-of-zone data (tb.home.test) /var/named/home.zone:20: ignoring out-of-zone data (wb.home.test)
<snipped all the other failures>
/var/named/home.zone:29: ignoring out-of-zone data (mtv.home.test)
zone home/IN: loaded serial 2022121001
OK
zone home/IN: final reference detached
# cat /var/named/home.zone
; Created by /local/bin/set_home_zones Sat 10 Dec 09:57 2022
$TTL 1D
@ IN SOA wb.home.test. root.wb.home.test. (
2022121001 ; Serial num yyymmddnn
1D ; Refresh
6H ; Retry
1W ; Expire
1H ; Minimum TTL
)
; DNS Servers
@ IN NS wb.home.test.
ns IN A 192.168.50.132
;
; also list other Machine Names
mail A 127.0.0.2
news IN CNAME wb.home.test.
localhost A 127.0.0.1
myrtr.home.test. IN A 192.168.50.1
tb.home.test. IN A 192.168.50.100
wb.home.test. IN A 192.168.50.132
wb1.home.test. IN A 192.168.50.133
wb4.home.test. IN A 192.168.50.140
ptr.home.test. IN A 192.168.50.190
scr.home.test. IN A 192.168.50.190
webcam4.wcams.test. IN A 192.168.50.195
webcam3.wcams.test. IN A 192.168.50.196
webcam2.wcams.test. IN A 192.168.50.197
webcam.wcams.test. IN A 192.168.50.198
mtv.home.test. IN A 192.168.50.200
; end of /var/named/home.zone
]# host wb.home.test
Host wb.home.test not found: 3(NXDOMAIN)
]$ hostname
wb.home.test
$ hostname --ip-address
192.168.50.132
$ grep hosts: /etc/nsswitch.conf
# hosts: mdns4_minimal files nis dns mdns4 myhostname
hosts: files dns myhostname
On Sat, 10 Dec 2022 13:34:39 -0500, Bit Twister <[email protected]> wrote:
Thanks in advance for any replies.
What needs changing to avoid the ignoring out-of-zone data data problems?
# named-checkzone home /var/named/home.zone
/var/named/home.zone:18: ignoring out-of-zone data (myrtr.home.test)
/var/named/home.zone:19: ignoring out-of-zone data (tb.home.test)
/var/named/home.zone:20: ignoring out-of-zone data (wb.home.test)
<snipped all the other failures>
/var/named/home.zone:29: ignoring out-of-zone data (mtv.home.test)
zone home/IN: loaded serial 2022121001
OK
zone home/IN: final reference detached
It's probably easier to show an example that is working.
In /etc/named.conf I've appeneded ...
zone "homeip.net" IN {
type master;
file "myzone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "myreverse";
allow-update { none; };
};
# head -n 21 /var/named/myzone
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
i7v.hodgins A 192.168.10.115
# head -n 14 /var/named/myreverse
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 1D
@ IN SOA hodgins.homeip.net. hostmaster.homeip.net. (
200405190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
; define the authoritative name server
NS hodgins.homeip.net.
; our hosts, in numeric order
2 PTR x3.hodgins.homeip.net.
14 PTR x8t.hodgins.homeip.net.
Because I've used an existing domain, homeip.net, if I want to access a system
that uses the real homeip.net I have to put an outside dns server such as google before mine in resolv.conf
As you are using a domain ending in test, that will not work for some software
that prohibits the use of rfc1918 domains. The first case I ran into with that
was kerberos.
$ nslookup x3.hodgins.homeip.net
Server: ::1
Address: ::1#53
Assuming I got your values right; Are you getting a clean run from
named-checkzone homeip.net /var/named/myzone
and
named-checkzone 10.168.192.in-addr.arpa /var/named/myreverse
?
------------7F0lT4UhMgpWfXoUTRCWdf
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: 8bit
On Sat, 10 Dec 2022 23:10:14 -0500, Bit Twister <[email protected]> wrote:
Assuming I got your values right; Are you getting a clean run from
named-checkzone homeip.net /var/named/myzone
and
named-checkzone 10.168.192.in-addr.arpa /var/named/myreverse
?
[root@x3 ~]# named-checkzone homeip.net /var/named/myzone
zone homeip.net/IN: loaded serial 201201021
OK
[root@x3 ~]# named-checkzone 10.168.192.in-addr.arpa /var/named/myreverse zone 10.168.192.in-addr.arpa/IN: loaded serial 200405190
OK
Attaching a version that passes
$ named-checkzone home.test ./wbzone
zone home.test/IN: loaded serial 2022121001
OK
I've set the zone to home.test, changed tabs to spaces and fixed some syntax errors including removing 'IN' where it doesn't belong, putting the closing bracket for the SOA in the proper place, and fixing up the spacing.
// Changed by /local/bin/named_03_named_conf_changes Sun 11 Dec 00:16 202212c13
// listen-on-v6 port 53 { ::1; };33c34
dnssec-validation no;59a61,124
/* Created by /local/bin/named_02_rndc_key_changes Sun 11 Dec 00:16 2022 */
key "rndc-key" {
algorithm hmac-sha256;
secret "QHTvaZzPs7T snipped";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
/* ******* end of /etc/named_rncd_key.txt ********* */
#* ************************************************ *#
#* Created by /local/bin/set_home_zones Sun 11 Dec 00:16 2022 *#
#* ************************************************ *#
/* build_zones home 192.168 */
zone "home" IN {
type master;
file "home.zone";
allow-update { none; };
};
And after converting base64 to david.txt, it passes test. ;)
I modified my set_named_zones script to conform to your copy,
ran my named_changes script to do all my changes.
No change. Tried editing home.zone verbiage and still no change.
Tried editing out tabs and modified spacing to match yours, and still no change.
What the hell. Copied your text file to /var/named.zone, and still no change.
Reran david.txt test and now it fails. I am sooo lucky. :(
I have no idea what causes the failure.
You mentioned only change to /etc/named.conf was append zones.
Running cauldron release 9 and "systemctl restart named" complained about no rndc_key so I modified my named_changes script to fold in rndc changes.
Copy of my /etc/named.conf changes:
Basic change is disable ipv6 and dnssec-validation and append rndc_key_changes
and zone definitions.
$ dif /var/local/vorig/etc/named.conf_vinstall /etc/named.conf
0a1
// Changed by /local/bin/named_03_named_conf_changes Sun 11 Dec 00:16 202212c13
< listen-on-v6 port 53 { ::1; };
---
// listen-on-v6 port 53 { ::1; };33c34
< dnssec-validation yes;
---
dnssec-validation no;59a61,124
/* Created by /local/bin/named_02_rndc_key_changes Sun 11 Dec 00:16 2022 */
key "rndc-key" {
algorithm hmac-sha256;
secret "QHTvaZzPs7T snipped";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
/* ******* end of /etc/named_rncd_key.txt ********* */
#* ************************************************ *#
#* Created by /local/bin/set_home_zones Sun 11 Dec 00:16 2022 *#
#* ************************************************ *#
/* build_zones home 192.168 */
zone "home" IN {
type master;
file "home.zone";
allow-update { none; };
};
snipped several other zone definitions.
No idea where to look next.
Thank you for your time and efforts.
zone "home" IN {
type master;
file "home.zone";
allow-update { none; };
};
* Bit Twister <[email protected]>
zone "home" IN {
type master;
file "home.zone";
allow-update { none; };
};
Here you're telling BIND that the name of the zone is "home", and the data for the zone "home" is in the "home.zone" file. However, in the actual file there's only data for a zone called "home.test". This is a mismatch, and
this is what the check commands tell you.
Either change the zone data in home.zone to "home" (without the ".test" appended, ie. "$ORIGIN home."), or change the named.conf line to read
'zone "home.test" IN {'.
We need to backup a bit. I have no ideal what zone names is to be used. Some background follows: I have a script to read /etc/hosts and create the zone files.
Snippets from /etc/hosts follow:
[...]
I assumed a new zone and reverse file is required for each of the above sections.
If so what would/should SOA lines look like. Currently I have:
[...]
[...]
For example I get
# named-checkzone tuner tuner.zone
zone tuner/IN: NS 'wb.tuner' has no address records (A or AAAA)
zone tuner/IN: not loaded due to errors.
* Bit Twister <[email protected]>
We need to backup a bit. I have no ideal what zone names is to be used. Some >> background follows: I have a script to read /etc/hosts and create the zone files.
Snippets from /etc/hosts follow:
[...]
I assumed a new zone and reverse file is required for each of the above sections.
This is something you can decide on your own. You could have one single zone "test",
and then have entries like ...
$ORIGIN test.
tunermtv.tuner IN A 169.254.1.1
HDHR-103D35E3.tuner IN A 169.254.1.26
voipwp.voip IN A 192.168.15.1
voip.voip IN A 192.168.15.135
tb.home IN A 192.168.50.100
wb.home IN A 192.168.50.132
... in it, or you can split it into different zones and zone files, which would
then only contain their respective entries, like zone "tuner.test" containing ...
$ORIGIN tuner.test.
tunermtv IN A 169.254.1.1
HDHR-103D35E3 IN A 169.254.1.26
..., zone "voip.test" containing ...
$ORIGIN voip.test.
voipw IN A 192.168.15.1
voip IN A 192.168.15.135
..., zone "home.test" containing ...
$ORIGIN home.test.
tb IN A 192.168.50.100
wb IN A 192.168.50.132
... and so on. The important thing is that the zone names in named.conf
have to match/correspond to the hostnames or hostname parts that are
listed in the zone file. Basically, the 'zone "whatever"' statement
in named.conf has to match the "$ORIGIN whatever." statement in the
actual zone file. (Okay, so this is not 100% true. You can also
switch back and forth between different "$ORIGIN" values in a single
zone file to save you some repetitive typing work, but this would
only complicate matters for the simple example at hand ;-)).
If so what would/should SOA lines look like. Currently I have:
[...]
What does SOA have to do with the contents of the zone file? The SOA
only tells you who the authoritative name server for that zone is, but
that does not necessarily have to be a name server in that same zone (although it usually is). You could also have, for example, ...
this.zone. IN SOA ns.other.zone. hostmaster.third.zone.
... and all would be well, provided that "ns.other.zone" and "third.zone"
can be resolved properly, and DNS clients would know that they have to
ask "ns.other.zone" for authoritative DNS data on "this.zone".
[...]
For example I get
# named-checkzone tuner tuner.zone
zone tuner/IN: NS 'wb.tuner' has no address records (A or AAAA)
zone tuner/IN: not loaded due to errors.
This error message is totally meaningless without knowing the actual
full contents of the zone file, I'm afraid.
# named-checkzone voip.test. /var/named/local/voip.zone
zone voip.test/IN: has no NS records
On Fri, 16 Dec 2022 23:36:03 -0500, Bit Twister <[email protected]> wrote:
# named-checkzone voip.test. /var/named/local/voip.zone
zone voip.test/IN: has no NS records
My working zone, just showing one of the A records.
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
Note the NS and MX records showing which machine is running named, and
where mail is sent.
What is the 10 on the MX entry?
On Fri, 16 Dec 2022 23:36:03 -0500, Bit Twister <[email protected]> wrote:
# named-checkzone voip.test. /var/named/local/voip.zone
zone voip.test/IN: has no NS records
My working zone, just showing one of the A records.
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
Note the NS and MX records showing which machine is running named, and
where mail is sent.
On Fri, 16 Dec 2022 23:49:51 -0500, David W. Hodgins wrote:
On Fri, 16 Dec 2022 23:36:03 -0500, Bit Twister <[email protected]> wrote:
# named-checkzone voip.test. /var/named/local/voip.zone
zone voip.test/IN: has no NS records
My working zone, just showing one of the A records.
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
Note the NS and MX records showing which machine is running named, and
where mail is sent.
Well frap, I can not see the forest for the trees in the way. :(
The systemctl status named seems to indicate line 36 and 37 is at fault. Why not
any of the previous lines? The reverse lines are from the same printf statement
reading /etc/hosts.
# systemctl status named
Dec 17 06:05:55 bash[1128670]: /var/named/local/home.reversed:36: ignoring out-of-zone data (198.254.168.192.in-addr.arpa)
Dec 17 06:05:55 bash[1128670]: /var/named/local/home.reversed:37: ignoring out-of-zone data (200.254.168.192.in-addr.arpa)
Dec 17 06:05:55 wb.home.test bash[1128670]: zone 50.168.192.in-addr.arpa/IN: has 0 SOA records
Dec 17 06:05:55 wb.home.test bash[1128670]: zone 50.168.192.in-addr.arpa/IN: has no NS records
Dec 17 06:05:55 wb.home.test bash[1128670]: zone 50.168.192.in-addr.arpa/IN: not loaded due to errors.
Tried with and without the IN keyword for lines 20 through 37.
# cat -n home.reversed
1 ;* ************************************************ */
2 ;* /var/named/local/home.reversed */
3 ;* Created by /local/bin/set_home_zones Sat 17 Dec 06:05 2022 */
4 ;* REF: https://www.isc.org/bind/ */
5 ;* REF: https://www.apnic.net/about-apnic/corporate-documents/documents/resource-guidelines/reverse-zones/ */
6 ;* REF: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
7 ;* REF: https://arstechnica.com/gadgets/2020/08/understanding-dns-anatomy-of-a-bind-zone-file/*/
8 ;* ************************************************ */
9 $ORIGIN 254.168.192.in-addr.arpa.
10 $TTL 86400
11 @ IN SOA wb.home.test. (
12 hostmaster.wb.home.test. ; address of responsible party
13 2022121701 ; Serial num yyymmddnn
14 8H ; Refresh
15 4H ; Retry
16 1W ; Expire
17 1D ) ; Minimum TTL
18 ;
19 ; wb.home.test serves this domain as both the
20 ; name server (NS) and mail exchange (MX)
21 ; define the authoritative name server
22 IN NS wb.home.test.
23 ; our hosts, in numeric order
24 132 IN PTR wb.home.test.
25 ; Machine Ip addresses
26 1 IN PTR myrtr.home.test.
27 100 IN PTR tb.home.test.
28 132 IN PTR wb.home.test.
29 133 IN PTR wb1.home.test.
30 140 IN PTR wb4.home.test.
31 190 IN PTR ptr.home.test.
32 190 IN PTR scr.home.test.
33 195 IN PTR webcam4.wcams.test.
34 196 IN PTR webcam3.wcams.test.
35 197 IN PTR webcam2.wcams.test.
36 198 IN PTR webcam.wcams.test.
37 200 IN PTR mtv.home.test.
38 ; end of /var/named/local/home.reversed
On Fri, 16 Dec 2022 23:36:03 -0500, Bit Twister <[email protected]> wrote:
# named-checkzone voip.test. /var/named/local/voip.zone
zone voip.test/IN: has no NS records
My working zone, just showing one of the A records.
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
Note the NS and MX records showing which machine is running named, and
where mail is sent.
: /var/named/local/voip.zone:34: ignoring out-of-zone data (voip-wb1-gateway.voip.arpa)
: /var/named/local/voip.zone:35: ignoring out-of-zone data (voip-wb-gateway.voip.arpa)
: zone voip/IN: has 0 SOA records
: zone voip/IN: has no NS records
: zone voip/IN: not loaded due to errors.
: _default/voip/IN: bad zone
9 @ IN SOA wb1.home.arpa (
10 hostmaster.wb1.home.arpa ; address of responsible party
11 2022122001 ; Serial num yyymmddnn
12 1D ; Refresh
13 6H ; Retry
14 1W ; Expire
15 1H ) ; Minimum TTL
9 @ IN SOA wb1.home.arpa hostmaster.wb1.home.arpa (
11 2022122001 ; Serial num yyymmddnn
12 1D ; Refresh
13 6H ; Retry
14 1W ; Expire
15 1H ) ; Minimum TTL
* Bit Twister <[email protected]>
: /var/named/local/voip.zone:34: ignoring out-of-zone data (voip-wb1-gateway.voip.arpa)
: /var/named/local/voip.zone:35: ignoring out-of-zone data (voip-wb-gateway.voip.arpa)
: zone voip/IN: has 0 SOA records
: zone voip/IN: has no NS records
: zone voip/IN: not loaded due to errors.
: _default/voip/IN: bad zone
You have a syntax error in your SOA record in all of your zones,
AFAICT. The hostmaster address is supposed to come *before* the
opening "(" bracket, not after/within.
The "has 0 SOA records" and "has no NS records" tells you that
there is something wrong with it (though I wonder why BIND does
not complain and refuse to load the zone at all, TBH).
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 715 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 41:40:16 |
| Calls: | 12,109 |
| Files: | 15,006 |
| Messages: | 6,518,410 |