Hi ?
You have delegated the domain "sub.test.local" but you have no zone
statement for this zone.
Suggest you create a db.sub.test.local zone file and update your
configuration with
zone "sub.test.local" IN {
type master;
file "db.sub.test.local";
};
And remove the following from the db.test.local zone file:
$ORIGIN sub.test.local.
localhost A 127.0.0.1
t30 A 127.0.0.2
Br Peter
On 03/04/2020 08:19, mail-list-us...@materna.de wrote:
> Good morning,
>
> we try to use in our zone files for easy including of new sub domains.
> While it worked on my test system, in production we get either NXDOMAIN or
> SERVFAIL,
> both use bind 9.11.2 from the distro. Level 10 debug with all possible logs
> enabled did gave no answer.
> Maybe someone on this list will find our problem, like in the past.
> named.conf from test system, besides of the amount of zones the same as
> production:
> -----------------------
>
> options {
> allow-transfer { none;};
> check-names master ignore;
> check-names slave ignore;
> check-names response ignore;
> directory "/var/lib/named";
> managed-keys-directory "/var/lib/named/dyn/";
> dump-file "/var/log/named_dump.db";
> statistics-file "/var/log/named.stats";
> listen-on-v6 { any; };
> notify no;
> forward only;
> forwarders { 127.0.0.1; };
> allow-recursion { 127.0.0.1; };
> allow-query { 127.0.0.1; };
> response-policy {
> zone "testoverride" log no;
> zone "logoverride" log yes;
> };
>
> disable-empty-zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
> };
>
> acl AllowDDNS { 127.0.0.1/32; };
>
> include "/etc/rndc.key";
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
>
> view public {
> zone "." in {
> type hint;
> file "db.hint";
> };
>
> zone "localhost" in {
> type master;
> file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
> };
>
> zone
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
> type master;
> file "127.0.0.zone";
> };
>
> zone "test.local" IN {
> type master;
> file "db.test.local";
> };
>
> zone "testoverride" {
> type master;
> file "Multistuff";
> allow-query { AllowDDNS; };
> allow-update { AllowDDNS; };
> };
>
> zone "logoverride" {
> type master;
> file "LogStuff";
> allow-query { AllowDDNS; };
> allow-update { AllowDDNS; };
> };
>
> };
>
> logging {
>
> channel default_syslog {
> # Send most of the named messages to syslog.
> syslog local2;
> severity debug;
> };
>
> channel audit_log {
> #Send the security related messages to a separate file.
> syslog local2;
> severity debug;
> print-time yes;
> };
>
> channel null {
> null;
> };
>
>
> category default { default_syslog; };
> category config { default_syslog; };
> category dispatch { default_syslog; };
> category network { default_syslog; };
> category general { default_syslog; };
> category resolver { default_syslog; };
> category cname { default_syslog; };
> category delegation-only { default_syslog; };
> category lame-servers { default_syslog; };
> category edns-disabled { default_syslog; };
> category dnssec { default_syslog; };
> category notify { default_syslog; };
> category xfer-in { default_syslog; };
> category xfer-out { default_syslog; };
> category update{ default_syslog; };
> category update-security { default_syslog; };
> category client{ default_syslog; };
> category security { default_syslog; };
> category rate-limit { default_syslog; };
> category spill { default_syslog; };
> category database { default_syslog; };
> category rpz { default_syslog; };
> category dnstap { default_syslog; };
> category queries { default_syslog; };
> category query-errors { default_syslog; };
>
>
> };
> -----------------------
>
> The zone file:
> -----------------------
> $ORIGIN .
> $TTL 604800 ; 1 week
> test.local IN SOA mytest.test.local. root.test.local. (
> 2020040123 ; serial
> 1800 ; refresh (30 minutes)
> 900 ; retry (15 minutes)
> 2592000 ; expire (4 weeks 2 days)
> 604800 ; minimum (1 week)
> )
> NS test.local.
> NS test.local.
> A 127.0.0.1
> MX 10 test.local.
> MX 20 test.local.
> TXT "AD buc"
> $ORIGIN test.local.
> t1 A 127.0.0.3
> sub NS test.local.
> NS test.local.
> MX 10 test.local.
> MX 20 test.local.
> $ORIGIN sub.test.local.
> localhost A 127.0.0.1
> t30 A 127.0.0.2
> $ORIGIN test.local.
> t31 CNAME t1
>
> -----------------------
>
> dig query on the main domain:
> -----------------------
> ~ #dig t1.test.local. @127.0.0.1
>
> ; <<>> DiG 9.11.2 <<>> t1.test.local. @127.0.0.1
> ;; global options: +cmd
> ;; Got answer:
> ;; WARNING: .local is reserved for Multicast DNS
> ;; You are currently testing what happens when an mDNS query is leaked to DNS
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32410
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 54d8bba9ce2bbe1bd174692b5e86d27950eeeb14581a460e (good)
> ;; QUESTION SECTION:
> ;t1.test.local. IN A
>
> ;; ANSWER SECTION:
> t1.test.local. 604800 IN A 127.0.0.3
>
> ;; AUTHORITY SECTION:
> test.local. 604800 IN NS test.local.
>
> ;; ADDITIONAL SECTION:
> test.local. 604800 IN A 127.0.0.1
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Apr 03 08:06:49 CEST 2020
> ;; MSG SIZE rcvd: 116
> -----------------------
>
> dig query on the sub domain:
> -----------------------
> ~# dig t30.sub.test.local. @127.0.0.1
>
> ; <<>> DiG 9.11.2 <<>> t30.sub.test.local. @127.0.0.1
> ;; global options: +cmd
> ;; Got answer:
> ;; WARNING: .local is reserved for Multicast DNS
> ;; You are currently testing what happens when an mDNS query is leaked to DNS
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7026
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: fcd89e91476a9221e102a5745e86d25c9a23d3df00015683 (good)
> ;; QUESTION SECTION:
> ;t30.sub.test.local. IN A
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Apr 03 08:06:20 CEST 2020
> ;; MSG SIZE rcvd: 75
> -----------------------
>
>
> Sincerely
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
