What is wrong with my second $ORIGIN

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

What is wrong with my second $ORIGIN

Harshith Mulky

Hello Experts,


Whats wrong with my second $ORIGIN here:


$ORIGIN lab.example.com.
$TTL 1d
@     IN      SOA     colombo root.lab.example.com.  (
                                      2003022720 ; Serial
                                      56800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      2h )    ; Min

;NS Records
@              IN      NS      ns1.lab.example.com.
@              IN      NS      ns2.lab.example.com.
mail           IN      NS      ns1.mail.lab.example.com

;A Records
ns1            IN      A       192.0.2.123
ns2            IN      A       192.0.2.124

$ORIGIN mail.lab.example.com.
ns1            IN      A       192.0.2.155





When I try this


named-checkzone lab.example.com lab.example.zone
zone lab.example.com/IN: mail.lab.example.com/NS 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or AAAA)
zone lab.example.com/IN: loaded serial 2003022720
OK



named-checkzone is saying it is fine


But why do I get error/warning like


zone lab.example.com/IN: mail.lab.example.com/NS 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or AAAA)



My Bind version is: bind-9.9.5P1-2.2.2.x86_64



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Joel Golliet
Le 14/09/2017 à 09:02, Harshith Mulky a écrit :
mail           IN      NS      ns1.mail.lab.example.com

I think you need a "." at the end of this record.

--
Signature email
 

Joël GOLLIET | Ingénieur Infrastructure et Système


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Mukund Sivaraman
In reply to this post by Harshith Mulky
On Thu, Sep 14, 2017 at 07:02:52AM +0000, Harshith Mulky wrote:

> Whats wrong with my second $ORIGIN here:
>
>
> $ORIGIN lab.example.com.
> $TTL 1d
> @     IN      SOA     colombo root.lab.example.com.  (
>                                       2003022720 ; Serial
>                                       56800      ; Refresh
>                                       14400      ; Retry
>                                       3600000    ; Expire
>                                       2h )    ; Min
>
> ;NS Records
> @              IN      NS      ns1.lab.example.com.
> @              IN      NS      ns2.lab.example.com.
> mail           IN      NS      ns1.mail.lab.example.com

Missing a trailing period(.)

"ns1.mail.lab.example.com" is not an absolute
name. "ns1.mail.lab.example.com." is absolute.

                Mukund
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Mark Andrews
In reply to this post by Harshith Mulky

Please read the error message *carefully*.

ns1.mail.lab.example.com.lab.example.com != ns1.mail.lab.example.com.

You are missing a terminating period on the MX record.

Mark

In message <[hidden email].
OUTLOOK.COM>, Harshith Mulky writes:

> Hello Experts,
>
>
> Whats wrong with my second $ORIGIN here:
>
>
> $ORIGIN lab.example.com.
> $TTL 1d
> @     IN      SOA     colombo root.lab.example.com.  (
>                                       2003022720 ; Serial
>                                       56800      ; Refresh
>                                       14400      ; Retry
>                                       3600000    ; Expire
>                                       2h )    ; Min
>
> ;NS Records
> @              IN      NS      ns1.lab.example.com.
> @              IN      NS      ns2.lab.example.com.
> mail           IN      NS      ns1.mail.lab.example.com
>
> ;A Records
> ns1            IN      A       192.0.2.123
> ns2            IN      A       192.0.2.124
>
> $ORIGIN mail.lab.example.com.
> ns1            IN      A       192.0.2.155
>
>
>
>
>
> When I try this
>
>
> named-checkzone lab.example.com lab.example.zone
> zone lab.example.com/IN: mail.lab.example.com/NS
> 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or
> AAAA)
> zone lab.example.com/IN: loaded serial 2003022720
> OK
>
>
>
> named-checkzone is saying it is fine
>
>
> But why do I get error/warning like
>
>
> zone lab.example.com/IN: mail.lab.example.com/NS
> 'ns1.mail.lab.example.com.lab.example.com' has no address records (A or
> AAAA)
>
>
>
> My Bind version is: bind-9.9.5P1-2.2.2.x86_64

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Tony Finch
In reply to this post by Mukund Sivaraman
Mukund Sivaraman <[hidden email]> wrote:
>
> Missing a trailing period(.)

Here's a fun trick to avoid making this mistake: use FQDNs everywhere in
the zone file, and use the directive

        $ORIGIN .

so that it doesn't matter whether you have the trailing . or not.

Downside, of course, is that you have to repeat your domain name about a
gazillion times.

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/  -  I xn--zr8h punycode
Malin, Hebrides: Northwest 5 to 7, occasionally gale 8 at first. Rough or very
rough in west, moderate or rough in east. Showers. Good, occasionally
moderate.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Reindl Harald


Am 14.09.2017 um 14:21 schrieb Tony Finch:

> Mukund Sivaraman <[hidden email]> wrote:
>>
>> Missing a trailing period(.)
>
> Here's a fun trick to avoid making this mistake: use FQDNs everywhere in
> the zone file, and use the directive
>
> $ORIGIN .
>
> so that it doesn't matter whether you have the trailing . or not.
>
> Downside, of course, is that you have to repeat your domain name about a
> gazillion times.

scripting is the better answer

our toolset just would have added to "ns1.mail.lab.example.com" at final
dot because it contains more than one dot like it would to with
"mail.exmaple.com" while "mail.example" would not get touched sicne it's
clearly a subdmain

how often do you have "sub.sub.sub" within a zone and how often it's a
external server - if you really need "sub.sub.sub" then you are require
to type it full-qualified including the domain name, well and then the
final dot is added again automatically - that don't happen that often
and if you have a larger subdomain that deep just maintain it in a own
zone file

that is catching real life for many years now and generates complete
zone files out of a simple database with a small webinterface
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Alan Clegg
On 9/14/17 8:35 AM, Reindl Harald wrote:
<other quote attributions lost in the thread>

>> so that it doesn't matter whether you have the trailing . or not.
>>
>> Downside, of course, is that you have to repeat your domain name about a
>> gazillion times.
>
> scripting is the better answer

Dynamic zones is the better, better answer.  8-)

Have a great day!
AlanC


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Reindl Harald


Am 14.09.2017 um 14:40 schrieb Alan Clegg:

> On 9/14/17 8:35 AM, Reindl Harald wrote:
> <other quote attributions lost in the thread>
>
>>> so that it doesn't matter whether you have the trailing . or not.
>>>
>>> Downside, of course, is that you have to repeat your domain name about a
>>> gazillion times.
>>
>> scripting is the better answer
>
> Dynamic zones is the better, better answer.  8-)

not if you maintain a internal and a external view of some hundret zones
because you have to replace public against private IP's and feed tw
namserver pairs :-)

with a cisco router you have two options:

* no connection to public IPs answered by your nameserver
* enable DNS-ALG which would translate

problem is that DNS-ALG fucks up DNS heavily - one example is that the
zone-transfer between master/slave get rewritten and frankly in front of
every CNAME a line placed setting TTL to 0

it took hours to find out why the secondary nameserver responds to the
hwole world with other TTL and how it can be that the zonefiles between
slave and master are completly different :-)

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: What is wrong with my second $ORIGIN

Harshith Mulky
Than you All.

Did not notice I had missed a trailing '.'

Will make sure I do not miss these things the next time I test



--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

RE: What is wrong with my second $ORIGIN

Darcy Kevin (FCA)
Just as a general piece of advice, if you're trying to troubleshoot a zonefile parsing issue, sometimes it's useful to just do a zone transfer of the loaded zone and eyeball it. This is obviously more practical with a smaller zone (such as the one you showed) than a huge one, but even if the zone is large, you can focus on only the specific names/RRsets that you consider problematic.

In this case, a zone transfer would have shown the $ORIGIN being appended to the name in the input file which was missing the trailing period. It should have stuck out like a sore thumb, as they say, because the name would have been long and strange-looking. Sometimes that's a really quick way to home in on the problem than to stare at the input zone file and mimic the zonefile-parsing algorithm in one's head.

Of course, this assumes the zone loaded at all. It's possible to mess up a zonefile so much that it doesn't even load, but, in such cases, BIND usually gives a very specific error message about what's wrong. So those don't tend to lead to "mysteries" like the more subtle errors do (e.g. trailing-period omissions).

                                                                                                                - Kevin



-----Original Message-----
From: bind-users [mailto:[hidden email]] On Behalf Of Harshith Mulky
Sent: Friday, September 15, 2017 4:16 AM
To: [hidden email]
Subject: Re: What is wrong with my second $ORIGIN

Than you All.

Did not notice I had missed a trailing '.'

Will make sure I do not miss these things the next time I test



--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users