[gentoo-user] bind zone.file won't load

[gentoo-user] bind zone.file won't load

[Harry Putnam]

Running an authoritative name server on a small home lan as training
exercise. And using DNS and Bind 4th ed as a guide.

A quick sketch of this network(There are more hosts on it
but for simplicity):

(All have prefix 192.168 and netmask 255.255.255.0)

                     INTERNET
                       | (Dynamic IP)
                       |
                    NETGEAR (consumer grade router)
reader                  | 0.20                  fwobsd
  --------------------------------------------------
  | 0.4            | 0.3          | 0.5            | 0.19
  |                |              |                |  
[ m1 ]           [ m2 ]         [ m3 ]           [ m4 ]
  | 1.2                                            | 1.1
  |________________________________________________|
rdmz                                              fwdmz

So I have two networks here.. 192.168.0/24 and 192.168.1/24
M1 and M4 both have 2 nics and addresses in 192.168.0 and 192.168.1
as shown... (if mail doesn't mangle my asci production too bad.)

My problem is how to integrate 192.168.1/24 into my zone.files

The reverse-pointer zone.file for 192.168.1 is where the rub is.
I'm very inexperienced with routing in general and nameservers in
particular .... setting up a home lan nameserver is a training
exercise for me.

Where I get confused is what is the origin `@' for this zone?
Can I use `@' or need to spell out 192.168.1?
What happens to my domain... `local.lan' does it still cover what are
now really two numeric domains 192.168.0 and 192.168.1?

I've tried various combinations in the reverse zone for 192.168.1, but
all I've tried have has one or another problem loading, or being
ignored. 

The reverse file for 192.168.1 is below and at the end .. after names
logs is the db.local.lan zone file.

(naming convention stolen from DNS and Bind (4th ed))

I'll post, at the end the named log output from this zone.file as
an example but as mentioned, I've tried quite a few combinations
unsuccessfully.   I can post them all but hopefully someone will see
the problem I've created.  This one causes the 2 address in 192.168.1
to simply be ignored... other versions have different reasons for not
loading properly.

db.192.168.1
============ 8< snip =================
  $TTL 1D 
  @       IN  SOA  reader.local.lan. reader.reader.local.lan. (
                200405190  ; serial
                28800      ; refresh (8 hours)
                14400      ; retry (4 hours)
                2419200    ; expire (4 weeks)
                86400      ; minimum (1 day)
                )
  ;
  ; Name servers (The name '@' is implied)
  ;
          IN  NS     reader
  ;
  ; Addresses point to canonical names
  ;
  
  192.168.1.2       IN  PTR    rdmz.local.lan.
  192.168.1.1       IN  PTR    fwdmz.local.lan.

====== 8< snip ===========================

[ -ed leaving `@' as is but spelling out canonical IP for the
two on 192.168.1 cause them to be ignored]

  Mar  4 09:59:39 reader named[8959]: pri/db.192.168.1:18: ignoring
    out-of-zone data (192.168.1.2)
  Mar  4 09:59:39 reader named[8959]: pri/db.192.168.1:19: ignoring
    out-of-zone data (192.168.1.1)
  Mar  4 09:59:39 reader named[8959]: zone 1.168.192.in-addr.arpa/IN:
    loaded serial 200405190

=========== [...] ==========

db.local.lan (I think this is close to right at least)
  ======== 8< snip ============================
  $TTL 1D
  @       IN SOA    reader.local.lan.  hostmaster (
                          200405191 ; serial
                          8H        ; refresh
                          4H        ; retry
                          4W        ; expire
                          1D )      ; minimum
  ;; Nameserver (The name '@' is implied)
             IN   NS  reader
  ;; smtp hub (The name '@' is implied)
             IN   MX    10 reader
  ;; addresses for the canonical names
  localhost  IN   A     127.0.0.1
  ansil      IN   A     192.168.0.21
  bjp        IN   A     192.168.0.16
  fw         IN   A     192.168.0.20
  fwobsd     IN   A     192.168.0.19
             IN   A     192.168.1.1	
  harvey     IN   A     192.168.0.22
  mob2       IN   A     192.168.0.3
  reader     IN   A     192.168.0.4
             IN   A     192.168.1.2
  wap        IN   A     192.168.0.50
  
  ;;   aliases
  smtp       IN   CNAME reader
  www        IN   CNAME reader
  tic        IN   CNAME reader
  
  ;;   interface   specific   addresses
  fwdmz      IN   A      192.168.1.1
  rdmz       IN   A      192.168.1.2
  
  ============ 8< snip ==================

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] bind zone.file won't load

[Alexander Kirillov]

> Running an authoritative name server on a small home lan as training
> exercise. And using DNS and Bind 4th ed as a guide.
> 
> A quick sketch of this network(There are more hosts on it
> but for simplicity):
> 
> (All have prefix 192.168 and netmask 255.255.255.0)
> 
>                      INTERNET
>                        | (Dynamic IP)
>                        |
>                     NETGEAR (consumer grade router)
> reader                  | 0.20                  fwobsd
>   --------------------------------------------------
>   | 0.4            | 0.3          | 0.5            | 0.19
>   |                |              |                |  
> [ m1 ]           [ m2 ]         [ m3 ]           [ m4 ]
>   | 1.2                                            | 1.1
>   |________________________________________________|
> rdmz                                              fwdmz
> 
> So I have two networks here.. 192.168.0/24 and 192.168.1/24
> M1 and M4 both have 2 nics and addresses in 192.168.0 and 192.168.1
> as shown... (if mail doesn't mangle my asci production too bad.)
> 
> My problem is how to integrate 192.168.1/24 into my zone.files
> 
> The reverse-pointer zone.file for 192.168.1 is where the rub is.
> I'm very inexperienced with routing in general and nameservers in
> particular .... setting up a home lan nameserver is a training
> exercise for me.
> 
> Where I get confused is what is the origin `@' for this zone?
> Can I use `@' or need to spell out 192.168.1?
> What happens to my domain... `local.lan' does it still cover what are
> now really two numeric domains 192.168.0 and 192.168.1?

Here's a reverse zone file for my home network. It's 10.10.0/24
but you'll figure out how to tailor this to your needs.

# cat pri/0.10.10.zone

;BIND DUMP V8
$ORIGIN 10.10.IN-ADDR.ARPA.
0	3600	IN	SOA	baikal.iproducts.test. root.baikal.iproducts.test. (
		20050421 3600 900 3600000 3600 )	;Cl=5
	3600	IN	NS	baikal.iproducts.test.	;Cl=5
$ORIGIN 0.10.10.IN-ADDR.ARPA.
2	3600	IN	PTR	volga.iproducts.test.	;Cl=5
1	3600	IN	PTR	baikal.iproducts.test.	;Cl=5
3	3600	IN	PTR	g40.iproducts.test.	;Cl=5
;10	3600	IN	PTR	wisla.iproducts.test.	;Cl=5


#cat named.conf

...
zone "0.10.10.in-addr.arpa" IN {
	type master;
	file "pri/0.10.10.zone";
	allow-update	{
		10.10.0.1;
	};
};
...

HTH,
Sasha

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> Here's a reverse zone file for my home network. It's 10.10.0/24
> but you'll figure out how to tailor this to your needs.

I think this is not where I'm having the trouble.  Just one network
for home lan I'm ok with.

> # cat pri/0.10.10.zone
>
> ;BIND DUMP V8
> $ORIGIN 10.10.IN-ADDR.ARPA.
> 0	3600	IN	SOA	baikal.iproducts.test. root.baikal.iproducts.test. (
> 		20050421 3600 900 3600000 3600 )	;Cl=5
> 	3600	IN	NS	baikal.iproducts.test.	;Cl=5
> $ORIGIN 0.10.10.IN-ADDR.ARPA.
> 2	3600	IN	PTR	volga.iproducts.test.	;Cl=5
> 1	3600	IN	PTR	baikal.iproducts.test.	;Cl=5
> 3	3600	IN	PTR	g40.iproducts.test.	;Cl=5
> ;10	3600	IN	PTR	wisla.iproducts.test.	;Cl=5
>
>
> #cat named.conf
>
> ...
> zone "0.10.10.in-addr.arpa" IN {
> 	type master;
> 	file "pri/0.10.10.zone";
> 	allow-update	{
> 		10.10.0.1;
> 	};
> };

Thanks... That apears to be about what I've got for 192.168.0/24



Can you show how a zone file for adding 3 new addresses to your scheme
One new machine new.iproducts.test whos sole job is to be passed copies
of all connection attempts at the firewall to internet interface.

This is an imaginary exercise and is not suggesting that you would
want to do something like it.  However it is what I'm trying to do and
is the source of my bind problem.

`new' has two nics the one facing the firewall/router to internet is
only allowed to talk to that router on that nic (by pf blocking) at
10.10.0.5.  

The second nic is `newdmz' at 10.10.1.1 and it is hardwired to a
simple hub and from there to a second nic on g40.iproducts.test.
Which is `g40dmz' at 10.10.1.2

The second nic is so 1 other lan machine can ssh to newdmz for what
ever reason.
So we've added:
             new.iproducts.test.   at 10.10.0.5
call them:   newdmz.iproducts.test. at 10.10.1.1 
             g40dmz.iproducts.test. at 10.10.1.2

The two nics are hard wired thru a hub to each other but not to
anything else.  Neither machine with 2 nics is setup as a router.
That is, forwarding internally is not enabled.

Now integrating those two on 10.10.1/24 in zone file:
db.iproducts.test is pretty straight forward 

But the reverse zone file
db.10.10.1   is where my meager skills end. 


-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:


[...]

> ;BIND DUMP V8
> $ORIGIN 10.10.IN-ADDR.ARPA.
> 0	3600	IN	SOA	baikal.iproducts.test. root.baikal.iproducts.test. (

Alexander, I meant to ask in my reply what the 3600 is all about?  My
study of DNS and Bind hasn't discussed that field yet.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: bind zone.file won't load

[Alexander Kirillov]

>>;BIND DUMP V8
>>$ORIGIN 10.10.IN-ADDR.ARPA.
>>0	3600	IN	SOA	baikal.iproducts.test. root.baikal.iproducts.test. (
> 
> 
> Alexander, I meant to ask in my reply what the 3600 is all about?  My
> study of DNS and Bind hasn't discussed that field yet.

Each RR can have a TTL as the second field in the RR, which will control 
how long other servers can cache the it.

The file looks this way after being updated by dhcpd:)

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> Here's a reverse zone file for my home network. It's 10.10.0/24
> but you'll figure out how to tailor this to your needs.

Taking your example I come up with the zone file posted at the end.
It loads with no comment from named.  But I still see the same
problem.

nslookup knows all the alphabetical host names and all there IP
numbers except the two on 192.168.1/24

Using nslookup to test.... first one of the machines with two nics
testing the nic in 192.168.0/24

  nslookup reader
=======================
  Server:         127.0.0.1
  Address:        127.0.0.1#53

  Name:   reader.local.lan
  Address: 192.168.1.2
  Name:   reader.local.lan
  Address: 192.168.0.4

It knows reader has two nics and where they are network wise.

Now testing the numeric IP
  nslookup  192.168.0.4
=======================
   Server:         127.0.0.1
   Address:        127.0.0.1#53

   4.0.168.192.in-addr.arpa        name = reader.local.lan.

As expected.... it works

Now try it on 192.168.1/24 ... the 2nd nic on reader.

 nslookup  rdmz      
=======================
  Server:         127.0.0.1
  Address:        127.0.0.1#53

  Name:   rdmz.local.lan
  Address: 192.168.1.2

Good, just what we expected, but now try the numeric IP.

  nslookup  192.168.1.2
=========================
   Server:         127.0.0.1
   Address:        127.0.0.1#53

   ** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN

Gack... what happened?

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> Here's a reverse zone file for my home network. It's 10.10.0/24
> but you'll figure out how to tailor this to your needs.

Yikes I promised to post my reverse file based on your example and
then mailed my response without including it.  You saw the failure:

 nslookup  192.168.1.2
  Server:         127.0.0.1
  Address:        127.0.0.1#53

  ** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN

Here is the zone file:

db.192.168.1
$TTL 1D
$ORIGIN 0.168.192.IN-ADDR.ARPA.
4		IN SOA  reader.local.lan. reader.reader.local.lan. (
		
              200405190  ; serial
              28800      ; refresh (8 hours)
              14400      ; retry (4 hours)
              2419200    ; expire (4 weeks)
              86400      ; minimum (1 day)
              )
;
; Name servers (The name '@' is implied)
;
		IN		NS		reader
$ORIGIN 1.168.192.IN-ADDR.ARPA.
;
; Addresses point to canonical names
;

2		IN 	PTR	rdmz.local.lan.
1		IN    PTR   fwdmz.local.lan.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: bind zone.file won't load

[Alexander Kirillov]

>>Here's a reverse zone file for my home network. It's 10.10.0/24
>>but you'll figure out how to tailor this to your needs.
> 
> 
> Yikes I promised to post my reverse file based on your example and
> then mailed my response without including it.  You saw the failure:
> 
>  nslookup  192.168.1.2
>   Server:         127.0.0.1
>   Address:        127.0.0.1#53
> 
>   ** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN
> 
> Here is the zone file:
> 
> db.192.168.1
> $TTL 1D
> $ORIGIN 0.168.192.IN-ADDR.ARPA.
> 4		IN SOA  reader.local.lan. reader.reader.local.lan. (
> 		
>               200405190  ; serial
>               28800      ; refresh (8 hours)
>               14400      ; retry (4 hours)
>               2419200    ; expire (4 weeks)
>               86400      ; minimum (1 day)
>               )
> ;
> ; Name servers (The name '@' is implied)
> ;
> 		IN		NS		reader
> $ORIGIN 1.168.192.IN-ADDR.ARPA.
> ;
> ; Addresses point to canonical names
> ;
> 
> 2		IN 	PTR	rdmz.local.lan.
> 1		IN    PTR   fwdmz.local.lan.

What's in your named.conf?
Should be something like this:

zone "local.lan" IN {
	...
};

zone "0.168.192.in-addr.arpa" IN {
	...
};

zone "1.168.192.in-addr.arpa" IN {
	...
};

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> What's in your named.conf?
> Should be something like this:
>
> zone "local.lan" IN {
> 	...
> };
>
> zone "0.168.192.in-addr.arpa" IN {
> 	...
> };
>
> zone "1.168.192.in-addr.arpa" IN {
> 	...
> };

  options {
  	directory "/var/bind";
  	   listen-on-v6 { none; };
          listen-on { LOCALHOST; };
          listen-on { LOCALNETS; };
  	pid-file "/var/run/named/named.pid";
  };
  zone "." IN {
  	type hint;
  	file "named.ca";
  };
  zone "0.0.127.in-addr.arpa" IN {
  	type master;
  	file "pri/db.127.0.0";
  	allow-update { none; };
  	notify no;
  };
  zone "local.lan" IN {
    type master;
    file "pri/db.local.lan";
  };
  zone "0.168.192.in-addr.arpa" IN {
    type master;
    file "pri/db.192.168.0";
  };
  zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "pri/db.192.168.1";
  };

This looks right to me... is it?

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> What's in your named.conf?
> Should be something like this:

Just posted a few minutes ago... but I noticed I wasn't really
following your example thoroughly.  Now trying this db.192.168.1 

Still fails miserably:

$TTL 1D
$ORIGIN 168.192.IN-ADDR.ARPA.
0		IN SOA  reader.local.lan. reader.reader.local.lan. (
              200405190  ; serial
              28800      ; refresh (8 hours)
              14400      ; retry (4 hours)
              2419200    ; expire (4 weeks)
              86400      ; minimum (1 day)
              )
;
; Name servers (The name '@' is implied)
$ORIGIN 0.168.192.IN-ADDR.ARPA.
;
4		IN		NS		reader.local.lan.
$ORIGIN 1.168.192.IN-ADDR.ARPA.
;
; Addresses point to canonical names
;

2		IN 	PTR	rdmz.local.lan.
1		IN    PTR   fwdmz.local.lan.
======= 8< snip ===================

Produces theses log lines:

  Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:3: ignoring
    out-of-zone data (0.168.192.IN-ADDR.ARPA)

  Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:14: ignoring
    out-of-zone data (4.0.168.192.IN-ADDR.ARPA)

  Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN:
    has 0 SOA records

  Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN:
    has no NS records

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: bind zone.file won't load

[Alexander Kirillov]

>>What's in your named.conf?
>>Should be something like this:
> 
> 
> Just posted a few minutes ago... but I noticed I wasn't really
> following your example thoroughly.  Now trying this db.192.168.1 
> 
> Still fails miserably:
> 
> $TTL 1D
> $ORIGIN 168.192.IN-ADDR.ARPA.
> 0		IN SOA  reader.local.lan. reader.reader.local.lan. (
>               200405190  ; serial
>               28800      ; refresh (8 hours)
>               14400      ; retry (4 hours)
>               2419200    ; expire (4 weeks)
>               86400      ; minimum (1 day)
>               )
> ;
> ; Name servers (The name '@' is implied)
> $ORIGIN 0.168.192.IN-ADDR.ARPA.
> ;
> 4		IN		NS		reader.local.lan.

You don't need 4 at the start of the line

> $ORIGIN 1.168.192.IN-ADDR.ARPA.
> ;
> ; Addresses point to canonical names
> ;
> 
> 2		IN 	PTR	rdmz.local.lan.
> 1		IN    PTR   fwdmz.local.lan.
> ======= 8< snip ===================
> 
> Produces theses log lines:
> 
>   Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:3: ignoring
>     out-of-zone data (0.168.192.IN-ADDR.ARPA)
> 
>   Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:14: ignoring
>     out-of-zone data (4.0.168.192.IN-ADDR.ARPA)
> 
>   Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN:
>     has 0 SOA records
> 
>   Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN:
>     has no NS records

Make it 2 separate files for each of the reverse zones.
Each with its own SOA record.
Emerge bind with doc flag and read into Adminstrators Reference Manual

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

>>>What's in your named.conf?
>>>Should be something like this:
>> Just posted a few minutes ago... but I noticed I wasn't really
>> following your example thoroughly.  Now trying this db.192.168.1
>> Still fails miserably:
>> $TTL 1D
>> $ORIGIN 168.192.IN-ADDR.ARPA.
>> 0		IN SOA  reader.local.lan. reader.reader.local.lan. (
>>               200405190  ; serial
>>               28800      ; refresh (8 hours)
>>               14400      ; retry (4 hours)
>>               2419200    ; expire (4 weeks)
>>               86400      ; minimum (1 day)
>>               )
>> ;
>> ; Name servers (The name '@' is implied)
>> $ORIGIN 0.168.192.IN-ADDR.ARPA.
>> ;
>> 4		IN		NS		reader.local.lan.
>
> You don't need 4 at the start of the line
>
>> $ORIGIN 1.168.192.IN-ADDR.ARPA.
>> ;
>> ; Addresses point to canonical names
>> ;
>> 2		IN 	PTR	rdmz.local.lan.
>> 1		IN    PTR   fwdmz.local.lan.
>> ======= 8< snip ===================
>> Produces theses log lines:
>>   Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:3: ignoring
>>     out-of-zone data (0.168.192.IN-ADDR.ARPA)
>>   Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:14: ignoring
>>     out-of-zone data (4.0.168.192.IN-ADDR.ARPA)
>>   Mar 5 07:35:06 reader named[10615]: zone
>> 1.168.192.in-addr.arpa/IN:
>>     has 0 SOA records
>>   Mar 5 07:35:06 reader named[10615]: zone
>> 1.168.192.in-addr.arpa/IN:
>>     has no NS records
>
> Make it 2 separate files for each of the reverse zones.
> Each with its own SOA record.
> Emerge bind with doc flag and read into Adminstrators Reference Manual

What is the significance of the zero here:

>> $ORIGIN 168.192.IN-ADDR.ARPA.
>> 0	IN SOA  reader.local.lan. reader.reader.local.lan. (
  ^^^

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: bind zone.file won't load

[Alexander Kirillov]

> What is the significance of the zero here:
> 
> 
>>>$ORIGIN 168.192.IN-ADDR.ARPA.
>>>0	IN SOA  reader.local.lan. reader.reader.local.lan. (

You need to define 2 zones of authority:

0.168.192.IN-ADDR.ARPA. IN SOA ...
1.168.192.IN-ADDR.ARPA. IN SOA ...

You may use either of 2 shortcuts:

either use

@ IN SOA ...

at the beginning of each zone file where @ stands for the current origin
in this case defined in the zone statement in your named.conf

or

use the example I've sent you in my first reply:

$ORIGIN 168.192.IN-ADDR.ARPA.
0 IN SOA ...	; for 0.168.192.IN-ADDR.ARPA. zone
1 IN SOA ...	; for 1.168.192.IN-ADDR.ARPA. zone

And please be more careful reading the examples
and take time to learn the exact meaning of the statements.
You need just a few to make it all work
and some reading will save you time in the long run.

And the manual is:

# equery files net-dns/bind|grep html
/usr/share/doc/bind-9.3.2/html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch01.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch02.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch03.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch04.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch05.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch06.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch07.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch08.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.ch09.html
/usr/share/doc/bind-9.3.2/html/Bv9ARM.html

HTH

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:


> And please be more careful reading the examples
> and take time to learn the exact meaning of the statements.
> You need just a few to make it all work
> and some reading will save you time in the long run.

Point taken and thanks for the manual headsup.  It could be named a
little more effectively...


> use the example I've sent you in my first reply:
>
> $ORIGIN 168.192.IN-ADDR.ARPA.
> 0 IN SOA ...	; for 0.168.192.IN-ADDR.ARPA. zone
> 1 IN SOA ...	; for 1.168.192.IN-ADDR.ARPA. zone

I guess I'm pretty blind but this (not the actual addresses) doesn't
look at all like the example to me.

Thanks for hanging in there.

Oh and do you see problems with the other solution proposed by Jo Are
in this thread?



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: bind zone.file won't load

[Alexander Kirillov]

> Oh and do you see problems with the other solution proposed by Jo Are
> in this thread?

192.168/16? Not at all.
But this is a training exercise, right?
I don't need dhcp for 3 hosts on my network either:)

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> Make it 2 separate files for each of the reverse zones.
> Each with its own SOA record.
> Emerge bind with doc flag and read into Adminstrators Reference Manual

Do you have any idea where it can be found following:
USE=doc emerge -v bind?

equery files bind 

Doesn't show anything like that.  Further downloading and building the
tar.gz doesn't turn up such a reference manual either.

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Alexander Kirillov <nevis2us@infoline.su> writes:

> ;BIND DUMP V8
> $ORIGIN 10.10.IN-ADDR.ARPA.
> 0	3600	IN	SOA	baikal.iproducts.test. root.baikal.iproducts.test. (
> 		20050421 3600 900 3600000 3600 )	;Cl=5
> 	3600	IN	NS	baikal.iproducts.test.	;Cl=5
> $ORIGIN 0.10.10.IN-ADDR.ARPA.
> 2	3600	IN	PTR	volga.iproducts.test.	;Cl=5
> 1	3600	IN	PTR	baikal.iproducts.test.	;Cl=5
> 3	3600	IN	PTR	g40.iproducts.test.	;Cl=5
> ;10	3600	IN	PTR	wisla.iproducts.test.	;Cl=5

[...]

Jo Are Rosland <joare@pogostick.net>:writes:

> Hmm.  I guess you could try to define the zone 168.192.in-addr.arpa
> instead.  Then you'd have this in named.conf:

>    zone "168.192.in-addr.arpa" IN \
>  { type master; file "pri/168.192.zone"; notify no; };

While both of these suggestions work and both were very helpfull in
helping me gain some more detailed knowledge of the working of bind I
got a suggestion on the bind newsgroup where I also had a thread on
this subject that is much simpler than either way discussed in this
thread. 

Both of you spotted this error in db.192.168.1

          IN  NS     reader
needed to say 
          IN  NS     reader.local.lan.

Then with this further change:

From:
  192.168.1.2       IN  PTR    rdmz.local.lan.
  192.168.1.1       IN  PTR    fwdmz.local.lan.
to
  2       IN  PTR    rdmz.local.lan.
  1       IN  PTR    fwdmz.local.lan.

The whole file:

>From this db.192.168.1
==================== 8< ===============
  $TTL 1D 
  @       IN  SOA  reader.local.lan. reader.reader.local.lan. (
                200405190  ; serial
                28800      ; refresh (8 hours)
                14400      ; retry (4 hours)
                2419200    ; expire (4 weeks)
                86400      ; minimum (1 day)
                )
  ;
  ; Name servers (The name '@' is implied)
  ;
          IN  NS     reader
  ;
  ; Addresses point to canonical names
  ;
  
  192.168.1.2       IN  PTR    rdmz.local.lan.
  192.168.1.1       IN  PTR    fwdmz.local.lan.

To this db.192.168.1
==================== 8< ===============
  $TTL 1D 
  @       IN  SOA  reader.local.lan. reader.reader.local.lan. (
                200405190  ; serial
                28800      ; refresh (8 hours)
                14400      ; retry (4 hours)
                2419200    ; expire (4 weeks)
                86400      ; minimum (1 day)
                )
  ;
  ; Name servers (The name '@' is implied)
  ;
          IN  NS     reader.local.lan.
  ;
  ; Addresses point to canonical names
  ;
  
  2       IN  PTR    rdmz.local.lan.
  1       IN  PTR    fwdmz.local.lan.

Just those small changes is all that was needed for the setup to work
with no errors and nslookup knows about all hostnames both alpha and
numeric. The more far reaching changes discussed in this thread were
not necessary.

 dig -x 192.168.1 any

(Without implimenting Jo Are suggestions about hostnaming in 
db.local.lan (which are now implemented ... thanks Jo)

Now shows the expected results.

; <<>> DiG 9.3.2 <<>> -x 192.168.1 any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59543
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;1.168.192.in-addr.arpa.                IN      ANY

;; ANSWER SECTION:
1.168.192.in-addr.arpa. 86400   IN      SOA     reader.local.lan. reader.reader.local.lan. 200405190 28800 14400 2419200 86400
1.168.192.in-addr.arpa. 86400   IN      NS      reader.local.lan.

;; ADDITIONAL SECTION:
reader.local.lan.       86400   IN      A       192.168.1.2
reader.local.lan.       86400   IN      A       192.168.0.4

;; Query time: 11 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar  6 08:45:20 2006
;; MSG SIZE  rcvd: 145

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] bind zone.file won't load

[Jo Are Rosland]

[-- Attachment #1: Type: text/plain, Size: 2803 bytes --]

On 04.03, Harry Putnam wrote:
> 
> db.192.168.1
> ============ 8< snip =================
>   $TTL 1D 
>   @       IN  SOA  reader.local.lan. reader.reader.local.lan. (
>                 200405190  ; serial
>                 28800      ; refresh (8 hours)
>                 14400      ; retry (4 hours)
>                 2419200    ; expire (4 weeks)
>                 86400      ; minimum (1 day)
>                 )
>   ;
>   ; Name servers (The name '@' is implied)
>   ;
>           IN  NS     reader
>   ;
>   ; Addresses point to canonical names
>   ;
>   
>   192.168.1.2       IN  PTR    rdmz.local.lan.
>   192.168.1.1       IN  PTR    fwdmz.local.lan.
> 
> ====== 8< snip ===========================

I just went through this myself, having a few false tries before getting
it right.  From this experience, here's my understanding of how zone
files work:

- The general syntax for lines in the zone files:

  <key> <ttl> <class> <type> <value>

- You may leave out one or more of these fields, which means they inherit
  the value that field had in the previous line.

- You may use parenthesis to break long entries into several lines.  This
  is mostly done for the SOA line, but should worlk for other lines as well.

- The ';' character means the rest of the line is a comment.

- You may use the special value '@' to mean the origin, which initially is
  the value from the 'zone' entry in the named.conf file, with a '.' appended.
  An $ORIGIN entry redefines the origin for subsequent entries in the file.
  You may put in several $ORIGIN entries.

- A $TTL entry sets the default value of the 'ttl' field from that line on.

- Where names are used -- eg. the 'key' field of an 'IN A' entry, or the
  'value' field of an 'IN PTR' entry -- you may specify the full name by
  ending it with a '.'.  Names with no '.' at the end have the origin
  appended.

Now, if you look at your 'IN NS' line (which specifies the authorative name
server for your reverse domain), it translates into:

  <key>                   <ttl> <class> <type> <value>
  1.168.192.in-addr.arpa. 1D    IN      NS     reader.1.168.192.in-addr.arpa.

Which is not what you want.

Instead, try the following line:

  IN NS reader.local.lan.

In addition, 'reader' should have an 'IN A' entry in the 'local.lan' zone file.

The 'dig' command from 'bind-tools' comes in handy when debugging bind setups.
Some handy commands:

  dig reader.local.lan
  dig local.lan any
  dig local.lan axfr
  dig -x 192.168.1 axfr
  dig -x 192.168.1 any

Given like this, 'dig' contacts the name servers from '/etc/resolv.conf'.  You
may also append '@name-server-name' to a 'dig' command in order to specify
directly which name server to contact.

-- 
Jo.

[-- Attachment #2: Type: application/pgp-signature, Size: 185 bytes --]

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Jo Are Rosland <joare@pogostick.net> writes:

> - Where names are used -- eg. the 'key' field of an 'IN A' entry, or the
>   'value' field of an 'IN PTR' entry -- you may specify the full name by
>   ending it with a '.'.  Names with no '.' at the end have the origin
>   appended.
>
> Now, if you look at your 'IN NS' line (which specifies the authorative name
> server for your reverse domain), it translates into:
>
>   <key>                   <ttl> <class> <type> <value>
>   1.168.192.in-addr.arpa. 1D    IN      NS     reader.1.168.192.in-addr.arpa.
>
> Which is not what you want.
>
> Instead, try the following line:
>
>   IN NS reader.local.lan.

I see what you mean.  However, I think your response was to the first
example reverse zone posted and not the one that tries to follow
AlexanderK's example.  I made the same mistake in the next posted
example and have now corrected that.

> In addition, 'reader' should have an 'IN A' entry in the 'local.lan' zone file.

Yes,  I've now posted that file too.

But apparently my db.192.168.1 as it now stands still has serious
errors.

Following Alexanders example I tried to redefine $ORIGIN near the top
since as you point out  `@' contains whatever is in named.conf to start.

$TTL 1D
$ORIGIN 0.168.192.IN-ADDR.ARPA. ;; RESET ORIGIN HERE SO THAT
;;THE SOA line won't be rejected for being `out of zone'
@     IN SOA  reader.local.lan. reader.reader.local.lan. (
              200405190  ; serial
              28800      ; refresh (8 hours)
              14400      ; retry (4 hours)
              2419200    ; expire (4 weeks)
              86400      ; minimum (1 day)
              )
;
; Name servers (The name '@' is implied)
;;; $ORIGIN shoud still hold here RIGHT?
      IN    NS    reader.local.lan. ;; CORRECTED no uses Canonical form
$ORIGIN 1.168.192.IN-ADDR.ARPA.  ;; RESET to handle 192.168.1
;
; Addresses point to canonical names
;

2     IN    PTR   rdmz.local.lan.
1     IN    PTR   fwdmz.local.lan.

=============================================

The above db.192.168.1 is largely rejected (ignored)

Mar 5 07:12:12 reader named[9429]: pri/db.192.168.1:3: ignoring
out-of-zone data (0.168.192.IN-ADDR.ARPA)

Mar 5 07:12:12 reader named[9429]: zone 1.168.192.in-addr.arpa/IN: has
0 SOA records

Mar 5 07:12:12 reader named[9429]: zone 1.168.192.in-addr.arpa/IN: has
no NS records

================================

Changing it to:

$ORIGIN 0.168.192.IN-ADDR.ARPA. ;; RESET ORIGIN HERE SO THAT
;;THE SOA line won't be rejected for being `out of zone'
     IN SOA  reader.local.lan. reader.reader.local.lan. (
              200405190  ; serial

Removing the preceeding `@' completely ... it seem then the defined
$ORIGIN would be used.

Gets rejected too:
=====================
 Mar 5 07:26:41 reader named[10186]: pri/db.192.168.1:3: no current
   owner name

 Mar 5 07:26:41 reader named[10186]: zone 1.168.192.in-addr.arpa/IN:
   loading master file pri/db.192.168.1: no owner
====================

Trying the full notation then:

$TTL 1D
$ORIGIN 0.168.192.IN-ADDR.ARPA.
lan.local.IN-ADDR.ARPA.    IN SOA  reader.local.lan. reader.reader.local.lan. (

============================

  Mar 5 07:28:41 reader named[10308]: pri/db.192.168.1:3: ignoring
    out-of-zone data (lan.local.IN-ADDR.ARPA)

  Mar 5 07:28:41 reader named[10308]: zone 1.168.192.in-addr.arpa/IN:
    has 0 SOA records

  Mar 5 07:28:41 reader named[10308]: zone 1.168.192.in-addr.arpa/IN:
   has no NS records
===========================

clearly I'm missing something important here..

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: bind zone.file won't load

[Jo Are Rosland]

On 05.03, Harry Putnam wrote:
> 
> Following Alexanders example I tried to redefine $ORIGIN near the top
> since as you point out  `@' contains whatever is in named.conf to start.
> 
> $TTL 1D
> $ORIGIN 0.168.192.IN-ADDR.ARPA. ;; RESET ORIGIN HERE SO THAT
> ;;THE SOA line won't be rejected for being `out of zone'
> @     IN SOA  reader.local.lan. reader.reader.local.lan. (
>               200405190  ; serial
>               28800      ; refresh (8 hours)
>               14400      ; retry (4 hours)
>               2419200    ; expire (4 weeks)
>               86400      ; minimum (1 day)
>               )
> ;
> ; Name servers (The name '@' is implied)
> ;;; $ORIGIN shoud still hold here RIGHT?
>       IN    NS    reader.local.lan. ;; CORRECTED no uses Canonical form
> $ORIGIN 1.168.192.IN-ADDR.ARPA.  ;; RESET to handle 192.168.1
> ;
> ; Addresses point to canonical names
> ;
> 
> 2     IN    PTR   rdmz.local.lan.
> 1     IN    PTR   fwdmz.local.lan.

Hmm.  I guess you could try to define the zone 168.192.in-addr.arpa instead.
Then you'd have this in named.conf:

    zone "168.192.in-addr.arpa" IN { type master; file "pri/168.192.zone"; notify no; };

And in pri/168.192.zone:

    @   IN SOA  reader.local.lan. reader.reader.local.lan. (
                200405190  ; serial
                28800      ; refresh (8 hours)
                14400      ; retry (4 hours)
                2419200    ; expire (4 weeks)
                86400      ; minimum (1 day)
                )
        IN NS   reader.local.lan.
    1.0 IN PTR  fwdmz.local.lan.
    2.0 IN PTR  rdmz.local.lan.
    1.1 IN PTR  a.local.lan. ; whatever: some host name in 192.168.1.0/24
    2.1 IN PTR  b.local.lan. ; whatever: some host name in 192.168.1.0/24

> $TTL 1D
> $ORIGIN 0.168.192.IN-ADDR.ARPA.
> lan.local.IN-ADDR.ARPA.    IN SOA  reader.local.lan. reader.reader.local.lan. (

This is definitely wrong:

- the 'IN SOA' entry should have the origin as key
- it doesn't make any sense to use anything but reverse IP network addresses off
  the in-addr.arpa domain

It should not be necessary to set the $ORIGIN to the same value you defined in
the named.conf file.

If you try to put two zones inside one file, as you do in your reverse zone,
in addition to redefining $ORIGIN, you need to put in an additional 'IN SOA'
entry.  I believe the missing 'IN SOA' for your second reverse zone is the
reason bind complains about 'no owner'.

And again: it's really no reason why you can't put all of this into one zone
instead.

-- 
Jo.
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Jo Are Rosland <joare@pogostick.net> writes:

> And again: it's really no reason why you can't put all of this into one zone
> instead.

Haaaa... that was what I needed.  Many thanks for hanging in there.

I managed to confuse myself quite a lot on this.  I thought to do that
(go up one level and use 1 reverse file. db.192.168) it meant I needed
to set up the domain that way to.

That is, use 192.168/16 addressing for my domain local.lan.
So all lan netmasks become 255.255.0.0.  And I had found that is a
very complicated way to set things up.  Also leads to prolems with
each machine (the ones with 2 nics) not knowing who is supposed to do
what.

Then requiring speciallized routes to be set so 192.168.1.1 knows to
call 192.168.1.2 without going thru default gw of 192.168.0.20.

Down that path, just about all of it is a few jumps above my head.

So I had scrapped that notion thinking both bind setup and network
setup would need all that complication to go that way.

After setting up bind as you suggested with one main Pointer
file. (not counting db.127.0.0)

Scrapping db.192.168.0 and db.192.168.1 in favor of:
  db.192.168

Right away nslookup knows who 192.169.1.2 is and dig shows the
glorious output...


; <<>> DiG 9.3.2 <<>> -x 192.168 axfr
;; global options:  printcmd
168.192.in-addr.arpa.	86400	IN	SOA	reader.local.lan. reader.reader.local.lan. 200405190 28800 14400 2419200 86400
168.192.in-addr.arpa.	86400	IN	NS	reader.local.lan.
16.0.168.192.in-addr.arpa. 86400 IN	PTR	bjp.local.lan.
19.0.168.192.in-addr.arpa. 86400 IN	PTR	fwobsd.local.lan.
20.0.168.192.in-addr.arpa. 86400 IN	PTR	fw.local.lan.
21.0.168.192.in-addr.arpa. 86400 IN	PTR	ansil.local.lan.
22.0.168.192.in-addr.arpa. 86400 IN	PTR	harvey.local.lan.
3.0.168.192.in-addr.arpa. 86400	IN	PTR	mob2.local.lan.
4.0.168.192.in-addr.arpa. 86400	IN	PTR	reader.local.lan.
50.0.168.192.in-addr.arpa. 86400 IN	PTR	wap.local.lan.
1.1.168.192.in-addr.arpa. 86400	IN	PTR	fwodmz.local.lan.
2.1.168.192.in-addr.arpa. 86400	IN	PTR	rdmz.local.lan.
168.192.in-addr.arpa.	86400	IN	SOA	reader.local.lan. reader.reader.local.lan. 200405190 28800 14400 2419200 86400
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  5 09:50:15 2006
;; XFR size: 13 records (messages 1)


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] bind zone.file won't load

[Jo Are Rosland]

[-- Attachment #1: Type: text/plain, Size: 2579 bytes --]

On 04.03, Harry Putnam wrote:
> 
>   $TTL 1D
>   @       IN SOA    reader.local.lan.  hostmaster (
>                           200405191 ; serial
>                           8H        ; refresh
>                           4H        ; retry
>                           4W        ; expire
>                           1D )      ; minimum
>   ;; Nameserver (The name '@' is implied)
>              IN   NS  reader
>   ;; smtp hub (The name '@' is implied)
>              IN   MX    10 reader
>   ;; addresses for the canonical names
>   localhost  IN   A     127.0.0.1
>   ansil      IN   A     192.168.0.21
>   bjp        IN   A     192.168.0.16
>   fw         IN   A     192.168.0.20
>   fwobsd     IN   A     192.168.0.19
>              IN   A     192.168.1.1	
>   harvey     IN   A     192.168.0.22
>   mob2       IN   A     192.168.0.3
>   reader     IN   A     192.168.0.4
>              IN   A     192.168.1.2
>   wap        IN   A     192.168.0.50
>   
>   ;;   aliases
>   smtp       IN   CNAME reader
>   www        IN   CNAME reader
>   tic        IN   CNAME reader
>   
>   ;;   interface   specific   addresses
>   fwdmz      IN   A      192.168.1.1
>   rdmz       IN   A      192.168.1.2

Just a few additional comments on this:

Your entries for 'reader' and 'fwobsd' are probably not
what you really want.  By defining several 'IN A' entries
for the same host name, you effectively get bind to serve
these addresses in 'round robin' fashion whenever a client
looks up that name.

Another way to look at this is that you don't name hosts
in DNS, you name IP addresses.  If a host has several IP
addresses, eg. because it has several NIC's, you should
give a separate name to each IP address.  In your case,
you could do something like this:

  reader  IN A     192.168.0.4
  reader0 IN A     192.168.0.4
  reader1 IN A     192.168.1.2

or

  reader0 IN A     192.168.0.4
  reader1 IN A     192.168.1.2
  reader  IN CNAME reader0

Note that you may define as many names for an IP address
as you like.  A case where you'd definitely want to do
this, is with the name for the name server host itself.
Put in something like this:

  ns      IN A     192.168.0.4

Then you may use 'ns.local.lan.' in all your 'IN SOA' entries
instead of the name for the actual host.  Then you only need
to change one entry in case you want to change to another
name server host.

Also, note that this has to be an 'IN A' entrym not an
'IN CNAME' entry, as the name in the SOA has to be an 'IN A'
entry.

-- 
Jo.

[-- Attachment #2: Type: application/pgp-signature, Size: 185 bytes --]

[gentoo-user] Re: bind zone.file won't load

[Harry Putnam]

Jo Are Rosland <joare@pogostick.net> writes:

> Your entries for 'reader' and 'fwobsd' are probably not
> what you really want.  By defining several 'IN A' entries
> for the same host name, you effectively get bind to serve
> these addresses in 'round robin' fashion whenever a client
> looks up that name.

Ahaa, I wondered why I keep seeing 192.168.1.2 cropping up in squid
output when it didn't belong there.  It's turn had come up in the
round robin I guess.

I guess I tried to follow the examples in DNS and Bind (4th ed), the
section on creating zone files. (4.2 Setting up Zone Data) without
really understanding them very well..  Still true but I've gotten a
lot out of this thread.

Without a close examination it appears the online DNS an Bind 
(Which is the 3rd edition and I used the 4th edition) the example
network is very similar if not identicle to each other.

Here if you wanted to look at it:

  http://www.unix.org.ua/orelly/networking/dnsbind/ch04_02.htm

That is what I was working from but with a very spotty knowledge of
general networking and tiny knowledge of DNS.

-- 
gentoo-user@gentoo.org mailing list