What is wrong with my second $ORIGIN
Hello Experts, Whats wrong with my second $ORIGIN here: $ORIGIN lab.example.com. $TTL 1d @ IN SOA colombo root.lab.example.com. ( 2003022720 ; Serial 56800 ; Refresh 14400 ; Retry 360; Expire 2h ); Min ;NS Records @ IN NS ns1.lab.example.com. @ IN NS ns2.lab.example.com. mail IN NS ns1.mail.lab.example.com ;A Records ns1IN A 192.0.2.123 ns2IN A 192.0.2.124 $ORIGIN mail.lab.example.com. ns1IN A 192.0.2.155 When I try this named-checkzone lab.example.com lab.example.zone zone lab.example.com/IN: mail.lab.example.com/NS 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or ) zone lab.example.com/IN: loaded serial 2003022720 OK named-checkzone is saying it is fine But why do I get error/warning like zone lab.example.com/IN: mail.lab.example.com/NS 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or ) My Bind version is: bind-9.9.5P1-2.2.2.x86_64 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is wrong with my second $ORIGIN
On Thu, Sep 14, 2017 at 07:02:52AM +, Harshith Mulky wrote: > Whats wrong with my second $ORIGIN here: > > > $ORIGIN lab.example.com. > $TTL 1d > @ IN SOA colombo root.lab.example.com. ( > 2003022720 ; Serial > 56800 ; Refresh > 14400 ; Retry > 360; Expire > 2h ); Min > > ;NS Records > @ IN NS ns1.lab.example.com. > @ IN NS ns2.lab.example.com. > mail IN NS ns1.mail.lab.example.com Missing a trailing period(.) "ns1.mail.lab.example.com" is not an absolute name. "ns1.mail.lab.example.com." is absolute. Mukund ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is wrong with my second $ORIGIN
Please read the error message *carefully*. ns1.mail.lab.example.com.lab.example.com != ns1.mail.lab.example.com. You are missing a terminating period on the MX record. Mark In message , Harshith Mulky writes: > Hello Experts, > > > Whats wrong with my second $ORIGIN here: > > > $ORIGIN lab.example.com. > $TTL 1d > @ IN SOA colombo root.lab.example.com. ( > 2003022720 ; Serial > 56800 ; Refresh > 14400 ; Retry > 360; Expire > 2h ); Min > > ;NS Records > @ IN NS ns1.lab.example.com. > @ IN NS ns2.lab.example.com. > mail IN NS ns1.mail.lab.example.com > > ;A Records > ns1IN A 192.0.2.123 > ns2IN A 192.0.2.124 > > $ORIGIN mail.lab.example.com. > ns1IN A 192.0.2.155 > > > > > > When I try this > > > named-checkzone lab.example.com lab.example.zone > zone lab.example.com/IN: mail.lab.example.com/NS > 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or > ) > zone lab.example.com/IN: loaded serial 2003022720 > OK > > > > named-checkzone is saying it is fine > > > But why do I get error/warning like > > > zone lab.example.com/IN: mail.lab.example.com/NS > 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or > ) > > > > My Bind version is: bind-9.9.5P1-2.2.2.x86_64 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is wrong with my second $ORIGIN
Mukund Sivaraman wrote: > > Missing a trailing period(.) Here's a fun trick to avoid making this mistake: use FQDNs everywhere in the zone file, and use the directive $ORIGIN . so that it doesn't matter whether you have the trailing . or not. Downside, of course, is that you have to repeat your domain name about a gazillion times. Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Malin, Hebrides: Northwest 5 to 7, occasionally gale 8 at first. Rough or very rough in west, moderate or rough in east. Showers. Good, occasionally moderate. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is wrong with my second $ORIGIN
Am 14.09.2017 um 14:21 schrieb Tony Finch: Mukund Sivaraman wrote: Missing a trailing period(.) Here's a fun trick to avoid making this mistake: use FQDNs everywhere in the zone file, and use the directive $ORIGIN . so that it doesn't matter whether you have the trailing . or not. Downside, of course, is that you have to repeat your domain name about a gazillion times. scripting is the better answer our toolset just would have added to "ns1.mail.lab.example.com" at final dot because it contains more than one dot like it would to with "mail.exmaple.com" while "mail.example" would not get touched sicne it's clearly a subdmain how often do you have "sub.sub.sub" within a zone and how often it's a external server - if you really need "sub.sub.sub" then you are require to type it full-qualified including the domain name, well and then the final dot is added again automatically - that don't happen that often and if you have a larger subdomain that deep just maintain it in a own zone file that is catching real life for many years now and generates complete zone files out of a simple database with a small webinterface ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is wrong with my second $ORIGIN
On 9/14/17 8:35 AM, Reindl Harald wrote: >> so that it doesn't matter whether you have the trailing . or not. >> >> Downside, of course, is that you have to repeat your domain name about a >> gazillion times. > > scripting is the better answer Dynamic zones is the better, better answer. 8-) Have a great day! AlanC signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: What is wrong with my second $ORIGIN
Am 14.09.2017 um 14:40 schrieb Alan Clegg: On 9/14/17 8:35 AM, Reindl Harald wrote: so that it doesn't matter whether you have the trailing . or not. Downside, of course, is that you have to repeat your domain name about a gazillion times. scripting is the better answer Dynamic zones is the better, better answer. 8-) not if you maintain a internal and a external view of some hundret zones because you have to replace public against private IP's and feed tw namserver pairs :-) with a cisco router you have two options: * no connection to public IPs answered by your nameserver * enable DNS-ALG which would translate problem is that DNS-ALG fucks up DNS heavily - one example is that the zone-transfer between master/slave get rewritten and frankly in front of every CNAME a line placed setting TTL to 0 it took hours to find out why the secondary nameserver responds to the hwole world with other TTL and how it can be that the zonefiles between slave and master are completly different :-) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Automatic Key Management
With BIND version 9.12 coming out - I'm wondering if I've missed any announcements on some form of Automatic (DNS)Key Management? Something that will create and retire keys according to some sort of policy. Does anyone have nice and up-to-date cheat sheets of the easiest way to do DNSSEC with BIND? That is, using the latest features of BIND. I'd assume that to be something along the lines of https://kb.isc.org/article/AA-00711/205/In-line-Signing-With-NSEC3-in-BIND-9.9-A-Walk-through.html but newer. -- Mark James ELKINS - Posix Systems - (South) Africa m...@posix.co.za Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Automatic Key Management
Mark Elkins wrote: > With BIND version 9.12 coming out - I'm wondering if I've missed any > announcements on some form of Automatic (DNS)Key Management? > Something that will create and retire keys according to some sort of policy. See dnssec-keymgr (new in 9.11) which will automate ZSK management. KSKs are still difficult. I don't know of any nice software for pushing delegation updates through registrars. It's a fairly tedious business because in many cases you'll need to talk to several different parents so you have to write the same code in several different ways. Even the good APIs (Gandi, RIPE) have murky corners (EPP itself is a movable feast), and sometimes you may be stuck without an API and reduced to scripting PhantomJS or something similarly horrible. Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Portland, Plymouth: Northwest 5 or 6, occasionally 7 at first, then decreasing 4 at times. Very rough at first in southwest Plymouth, otherwise moderate or rough becoming slight or moderate. Thundery showers. Good.___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
