Re: Named-checkzone stops silently

On Sun, Jan 05, 2025 at 08:39:48AM +1100, Mark Andrews wrote: > Well it is waiting for the zone contents on stdin. Try specifying both the > zone name and the file that it should be reading. > -- > Mark Andrews For some reason I thought that would be found via named.conf > > > On 5 Jan 202

Re: Named-checkzone stops silently

On Sat, Jan 04, 2025 at 10:41:38PM +0100, Nico CARTRON wrote: > On 04-Jan-2025 21:21 CET, wrote: > > > nameserver using FreeBSD 12.2 and bind9.18.32. It works to the > > Not answering about the BIND part, but why are you running this on FreeBSD > 12.2, Sorry, typo. It's 14.2 Apologies for th

Re: Named-checkzone stops silently

On 04-Jan-2025 21:21 CET, wrote: > I'm setting up a new, non-recursive, authoritative secondary > nameserver using FreeBSD 12.2 and bind9.18.32. It works to the > extent that runs and answers queries correctly, but attempts to use > > bob@pelorus:/usr/local/etc/namedb/sla

Re: Named-checkzone stops silently

sing FreeBSD 12.2 and bind9.18.32. It works to the > extent that runs and answers queries correctly, but attempts to use > > bob@pelorus:/usr/local/etc/namedb/slave % named-checkzone -d hosts.zefox.org > loading "hosts.zefox.org" from "-" class "IN" > &

Named-checkzone stops silently

I'm setting up a new, non-recursive, authoritative secondary nameserver using FreeBSD 12.2 and bind9.18.32. It works to the extent that runs and answers queries correctly, but attempts to use bob@pelorus:/usr/local/etc/namedb/slave % named-checkzone -d hosts.zefox.org loading "hosts

Re: named-checkzone fail

, 2024 at 6:17 PM Mark Andrews wrote: > >>>> > >>>> Comma is legal in a domain name. It isn’t legal in a host name which > >>>> are a subset of domain names. Named-checkzone is working exactly as it > >>>> should. > >>> &g

Re: named-checkzone fail

in a domain name. It isn’t legal in a host name which are >>>> a subset of domain names. Named-checkzone is working exactly as it should. >>> >>> Except this isn't really a domain name - it's a whatever-it's-called >>> in a response policy

Re: named-checkzone fail

On Tue, Sep 10, 2024 at 10:52 PM Mark Andrews wrote: > > > On 11 Sep 2024, at 12:10, Lee wrote: > > > > On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote: > >> > >> Comma is legal in a domain name. It isn’t legal in a host name which are > >&g

Re: named-checkzone fail

> On 11 Sep 2024, at 12:10, Lee wrote: > > On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote: >> >> Comma is legal in a domain name. It isn’t legal in a host name which are a >> subset of domain names. Named-checkzone is working exactly as it should. > >

Re: named-checkzone fail

On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote: > > Comma is legal in a domain name. It isn’t legal in a host name which are a > subset of domain names. Named-checkzone is working exactly as it should. Except this isn't really a domain name - it's a whatever-it

Re: named-checkzone fail

Comma is legal in a domain name. It isn’t legal in a host name which are a subset of domain names. Named-checkzone is working exactly as it should. If the current origin is example.com. then comma expands to ,.example.com. as it is treaded as a relative name. -- Mark Andrews > On 11

named-checkzone fail

I had a few typos in an RPZ file where I had a comma instead of a dot. I tried using named-checkzone to find all the typos but it didn't complain about anything!? Is that expected behavior? And a related question.. can anyone recommend a vim syntax file checker for bind files? $ named-chec

Re: named-checkzone as library?

Felipe Gasper wrote: > > Is there any public code interface that exposes named-checkzone’s > functionality? > I’d specifically like to have numeric error codes rather than strings. It isn't easy to do that, I'm afraid. There are two places that don't do what you

named-checkzone as library?

Hello, Is there any public code interface that exposes named-checkzone’s functionality? I’d specifically like to have numeric error codes rather than strings. Thank you! -FG ___ Please visit https://lists.isc.org/mailman/listi

What causes named-checkzone to provide ; resign strings?

sue a named-checkzone on any of the ones compiled straight from isc's source, after every RRSIG line, we see a ; resign line that contains the date/time of that resign. When we issue the same command on RedHat's default, we get all of the same information, minus that line. I was wondering

Re: named-checkzone with multiple $ORIGIN

Ok that was my misunderstanding of named-checkzone. I though I had to check for all $ORIGINs. I haven't played with IPv6 yet. I hope I'll have a chance to do it eventually. Thanks for your time guys! On Mon, Jun 5, 2017 at 9:49 AM, Mark Elkins wrote: > Most certainly - Yes. &

Re: named-checkzone with multiple $ORIGIN

Most certainly - Yes. You have a single zone here, thus only: named-checkzone example.com <http://example.com> example.com.zone ...should work. Wait till you play with a reverse IPv6 zone - where I personally use many $ORIGIN statements - saves hours of typing and makes reading the

Re: named-checkzone with multiple $ORIGIN

Bernard Fay wrote: > > should I understand while using named-checkzone I need to enter *only* > the top domain and named-checkzone will understand the subdomains > defined by the multiple $ORIGIN in the zone file? Yes, named-checkzone basically just loads the zone file (the whole thi

Re: named-checkzone with multiple $ORIGIN

I understand what $ORIGIN is doing by reducing the typing and making it easier to maintain the zone files. To Tony, should I understand while using named-checkzone I need to enter *only* the top domain and named-checkzone will understand the subdomains defined by the multiple $ORIGIN in the zone

Re: named-checkzone with multiple $ORIGIN

> ... > $ORIGIN sub3.example.com > ... > > > While checking the zone file with: > named-checkzone example.com example.com.zone > named-checkzone returns ok for the first $ORIGIN. > > But doing > named-checkzone sub1.example.com example.com.zone > nam

Re: named-checkzone with multiple $ORIGIN

mpty zones, for example, but it's usually not a good idea for normal zones.) The zone name is used to set the default $ORIGIN and for the zone sanity checks. So, this works... > While checking the zone file with: > named-checkzone example.com example.com.zone > named-checkzone returns

Re: named-checkzone with multiple $ORIGIN

ORIGIN sub3.example.com <http://sub3.example.com> ... While checking the zone file with: named-checkzone example.com <http://example.com> example.com.zone named-checkzone returns ok for the first $ORIGIN. But doing named-checkzone sub1.example.com <http://example.com> example.

Re: named-checkzone with multiple $ORIGIN

Sorry keyboard problem... I took control of a DNS based on Bind 9.9. One of the zone files have multiple $ORIGIN for example: $ORIGIN example.com ... $ORIGIN sub1.example.com ... $ORIGIN sub2.example.com ... $ORIGIN sub3.example.com ... While checking the zone file with: named-checkzone

named-checkzone with multiple $ORIGIN

Hi, I took control of a DNS based on Bind 9.9. One of the zone files have multiple $ORIGIN for example: $ORIGIN example.com ... $ORIGIN sub1.example.com ... $ORIGIN sub2.example.com ... $ORIGIN sub3.example.com ... While checking the zone file with: named-checkzone example.com

Re: DANE record rejected by named-checkzone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/04/2014 11:54 PM, Mark Andrews wrote: > In message <545954b0.8080...@offerman.com>, "Adrian (Aad) Offerman" > writes: > > named keeps refusing my zone file in which I included a DANE > record: > >

Re: DANE record rejected by named-checkzone

In message <545954b0.8080...@offerman.com>, "Adrian (Aad) Offerman" writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > named keeps refusing my zone file in which I included a DANE record: > > [root]# named-checkzone offerman.com db.of

DANE record rejected by named-checkzone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 named keeps refusing my zone file in which I included a DANE record: [root]# named-checkzone offerman.com db.offerman.com db.offerman.com:59: _443._tcp.offerman.com: bad owner name (check-names) db.offerman.com:60: _443._tcp.offerman.com: bad owner

bind9.9.0 named-checkzone usage message

root@ns0s:~ # named-checkzone usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore

Re: named-checkzone error "NSEC node already exists"

Hat-9.7.0-5.P2.el6 Upgrade. > New setup/install and attempting to setup DNSSEC and clean any dirty data. > Got the zone signed and ran named-checkzone against it and got the following > (11) times: > addnode: NSEC node already exists > The .signed loads but want to have clean befo

named-checkzone error "NSEC node already exists"

Hi, Running BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6 New setup/install and attempting to setup DNSSEC and clean any dirty data. Got the zone signed and ran named-checkzone against it and got the following (11) times: addnode: NSEC node already exists The .signed loads but want to have clean

Re: named-checkzone Test Runs

For the sake of thoroughness, the -j flag causes named-compilezone to also look at the .jnl files so that the zone you getis as up to date as possible. Martin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bin

Re: named-checkzone Test Runs

A list member wrote: > named-checkzone doesn't need to read the named.conf file - it just makes > sure that the zone is correct. if you want to check named.conf, you will > need to use named-checkconf > > For checking config, try > > named-checkconf -t [chroot di

RE: named-checkzone Test Runs

Wednesday, October 13, 2010 4:54 PM To: bind-us...@isc.org Subject: Re: named-checkzone Test Runs I wrote: > I am testing bind9.7 and seem to not be correctly defining the > path to the localhost forward and reverse zones which are in > /var/named/etc/namedb/master. After the chr

Re: named-checkzone Test Runs

ms to work. My thanks to a member of this list for helping me better use the available tools. I had been using named-checkzone and named-checkconf for years to check syntax but these do so much more. Many thanks to the ISC community for designing such good applications. M

named-checkzone Test Runs

man page for named-checkzone and it looks like one might be able to cause it to test load the zone as if one was starting bind which means it has to read the named.conf file. If I could see what path it thinks it is loading from, the fix would be easy. Can it do that? I am not quite sure

RE: named-checkzone

kzone. Hope this helps someone in the future. paul From: bind-users-bounces+gord.taylor=rbc@lists.isc.org [mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A Sent: 2010, June, 24 3:47 PM To: bind-us...@isc.org Subject: named-chec

Re: named-checkzone

On Thu, Jun 24, 2010 at 04:37:45PM -0400, Paul Amaral wrote: > I was thinking more instantaneous without moving things around. I looked at > vim vimrc autocmd but I couldn't get named-checkzone to execute and I would > still have to somehow have named-checkzone look at the last

Re: named-checkzone

On Thu, Jun 24, 2010 at 03:46:37PM -0400, P.A wrote: > Hi, im trying to get some ideas how I can exec named-checkzone on a zone > file that has just been executed. We have com users who edit zone files but > forget to run the command when they are do editing the file. Trying to > f

RE: named-checkzone

If you wanted to throw CVS into the mix, it would make all this pretty easy. You can have it run scripts on checkin, and you know all the files changed from a cvs diff, so it’s easy to run that through the named-checkzone. CVS doesn’t have to make things much more complicated. You could

RE: named-checkzone

I was thinking more instantaneous without moving things around. I looked at vim vimrc autocmd but I couldn’t get named-checkzone to execute and I would still have to somehow have named-checkzone look at the last zone that was edited. Good suggestion though. From: Taylor, Gord

named-checkzone

I was thinking more instantaneous without moving things around. I looked at vim vimrc autocmd but I couldn’t get named-checkzone to execute and I would still have to somehow have named-checkzone look at the last zone that was edited. Good suggestion though. From: Taylor, Gord

RE: named-checkzone

My suggestion is to create a backup copy of the (current) zone files in another directory. Only allow the users to edit those files, then execute a shell script that checks them, and only moves them to the production directory once the named-checkzone (and named-checkconf) works correctly

named-checkzone

Hi, im trying to get some ideas how I can exec named-checkzone on a zone file that has just been executed. We have com users who edit zone files but forget to run the command when they are do editing the file. Trying to figure out if anyone has a good way of enforcing that the zone gets checked

RE: named-checkzone behavior change?

which would cause the zone to fail the above checks if committed. [RT #20678] From: Jack Tavares Sent: Monday, May 10, 2010 12:54 PM To: Jack Tavares; bind-users@lists.isc.org Subject: RE: named-checkzone behavior change? Correction: I am calling

RE: named-checkzone behavior change?

Correction: I am calling named-checkzone not checkconf. this: named-checkconf -k ignore -n ignore -i none test.net. should read named-checkzone -k ignore -n ignore -i none test.net. the rest of the email is correct From: Jack Tavares Sent: Monday, May 10, 2010 12:49 PM To: bind-users

named-checkzone behavior change?

I have downloaded 9.7.0-P1 and I am running into something odd with named-checkzone I have a simple zone with an NS record that has no A or record. named-checkzone has flags to ignore this. and this same command (see below) worked in 9.6 but given this zone file test.net. 500 IN SOA d88