Good morning,
we try to use in our zone files for easy including of new sub domains.
While it worked on my test system, in production we get either NXDOMAIN or
SERVFAIL,
both use bind 9.11.2 from the distro. Level 10 debug with all possible logs
enabled did gave no answer.
Maybe someone on this list will find our problem, like in the past.
named.conf from test system, besides of the amount of zones the same as
production:
-----------------------
options {
allow-transfer { none;};
check-names master ignore;
check-names slave ignore;
check-names response ignore;
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { any; };
notify no;
forward only;
forwarders { 127.0.0.1; };
allow-recursion { 127.0.0.1; };
allow-query { 127.0.0.1; };
response-policy {
zone "testoverride" log no;
zone "logoverride" log yes;
};
disable-empty-zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};
acl AllowDDNS { 127.0.0.1/32; };
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
view public {
zone "." in {
type hint;
file "db.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "127.0.0.zone";
};
zone "test.local" IN {
type master;
file "db.test.local";
};
zone "testoverride" {
type master;
file "Multistuff";
allow-query { AllowDDNS; };
allow-update { AllowDDNS; };
};
zone "logoverride" {
type master;
file "LogStuff";
allow-query { AllowDDNS; };
allow-update { AllowDDNS; };
};
};
logging {
channel default_syslog {
# Send most of the named messages to syslog.
syslog local2;
severity debug;
};
channel audit_log {
#Send the security related messages to a separate file.
syslog local2;
severity debug;
print-time yes;
};
channel null {
null;
};
category default { default_syslog; };
category config { default_syslog; };
category dispatch { default_syslog; };
category network { default_syslog; };
category general { default_syslog; };
category resolver { default_syslog; };
category cname { default_syslog; };
category delegation-only { default_syslog; };
category lame-servers { default_syslog; };
category edns-disabled { default_syslog; };
category dnssec { default_syslog; };
category notify { default_syslog; };
category xfer-in { default_syslog; };
category xfer-out { default_syslog; };
category update{ default_syslog; };
category update-security { default_syslog; };
category client{ default_syslog; };
category security { default_syslog; };
category rate-limit { default_syslog; };
category spill { default_syslog; };
category database { default_syslog; };
category rpz { default_syslog; };
category dnstap { default_syslog; };
category queries { default_syslog; };
category query-errors { default_syslog; };
};
-----------------------
The zone file:
-----------------------
$ORIGIN .
$TTL 604800 ; 1 week
test.local IN SOA mytest.test.local. root.test.local. (
2020040123 ; serial
1800 ; refresh (30 minutes)
900 ; retry (15 minutes)
2592000 ; expire (4 weeks 2 days)
604800 ; minimum (1 week)
)
NS test.local.
NS test.local.
A 127.0.0.1
MX 10 test.local.
MX 20 test.local.
TXT "AD buc"
$ORIGIN test.local.
t1 A 127.0.0.3
sub NS test.local.
NS test.local.
MX 10 test.local.
MX 20 test.local.
$ORIGIN sub.test.local.
localhost A 127.0.0.1
t30 A 127.0.0.2
$ORIGIN test.local.
t31 CNAME t1
-----------------------
dig query on the main domain:
-----------------------
~ #dig t1.test.local. @127.0.0.1
; <<>> DiG 9.11.2 <<>> t1.test.local. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 54d8bba9ce2bbe1bd174692b5e86d27950eeeb14581a460e (good)
;; QUESTION SECTION:
;t1.test.local. IN A
;; ANSWER SECTION:
t1.test.local. 604800 IN A 127.0.0.3
;; AUTHORITY SECTION:
test.local. 604800 IN NS test.local.
;; ADDITIONAL SECTION:
test.local. 604800 IN A 127.0.0.1
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 03 08:06:49 CEST 2020
;; MSG SIZE rcvd: 116
-----------------------
dig query on the sub domain:
-----------------------
~# dig t30.sub.test.local. @127.0.0.1
; <<>> DiG 9.11.2 <<>> t30.sub.test.local. @127.0.0.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7026
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fcd89e91476a9221e102a5745e86d25c9a23d3df00015683 (good)
;; QUESTION SECTION:
;t30.sub.test.local. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 03 08:06:20 CEST 2020
;; MSG SIZE rcvd: 75
-----------------------
Sincerely
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
