[SOLVED] bind9 config files: leading whitespace requirements?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
bind9 config files: leading whitespace requirements?
Hello
Is leading whitespace significant in bind9 config files?
This reverse lookup file (/var/chroot/bind9/etc/bind/zones/rev.168.168.192.in-addr.arpa) did not work; /var/log/messages had "zone 168.168.192.in-addr.arpa/IN: has no NS records".
Inserting 3 spaces before IN in the NS line fixed it:
Code:
; IP Address-to-Host DNS Pointers for the 192.168.168.0 subnet
@ IN SOA CW8vDS.localdomain. hostmaster.localdomain. (
2011041901 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
; Define the authoritative name server
IN NS CW8vDS.localdomain. <== leading spaces on this line
; Other hosts, in numeric order
1 IN PTR router.localdomain.
[snip]
Reading the man pages and netsearching, I did not find anything about indentation requirements except for "This is usually indented for readability, but the indents are required syntactically" here.
Although the above file works, named-checkconf reports an error in it:
Code:
root@CW8vDS:/var/chroot/bind9/etc/bind/zones# named-checkconf rev.168.168.192.in-addr.arpa
rev.168.168.192.in-addr.arpa:1: syntax error near ';'
but named initialisation does not log any errors or warnings in /var/log/messages when processing this file except "/etc/bind/zones/rev.168.168.192.in-addr.arpa:2: no TTL specified; using SOA MINTTL instead".
Best
Charles
Last edited by catkin; 04-19-2011 at 12:54 PM.
Reason: clarification
It's not so much leading white space as it is that there is a "field" before the IN that could be populated if your zone file had a different recordsfor the NS files. If you look at your other zones and "IN A" records it would be obvious there is a field before the "IN".
e.g.
Standard NS for the current zone:
IN NS CW8vDS.localdomain
-OR-
service.dns.localdomain. IN NS CW8vDS.localdomain
Although the above file works, named-checkconf reports an error in it:
Code:
root@CW8vDS:/var/chroot/bind9/etc/bind/zones# named-checkconf rev.168.168.192.in-addr.arpa
rev.168.168.192.in-addr.arpa:1: syntax error near ';'
If I now understand correctly the above error message is because named-checkconf cannot be used for checking zone files such as rev.168.168.192.in-addr.arpa in which the ";" comment introducer is allowed.
You're right. named-checkconf is used to check named.conf where ";" is used in the statements.
Btw, regarding the leading whitespace, quoting from here:
Quote:
@
; replace with the current value of $ORIGIN
; blank/space or tab in which case the last name used or the value of $ORIGIN (or its default value) is substituted
I finally found an explanation of leading whitespace in O'Reilly's "DNS and BIND 5th Edition" in section 4.4.3. "Repeat Last Name":
If a resource record name (that starts in the first column) is a space or tab, then the name from the last resource record is used. You use this if there are multiple resource records for a name. Here's an example in which there are two address records for one name:
Code:
wormhole IN A 192.249.249.1
IN A 192.253.253.1
In the second address record, the name wormhole is implied. You can use this shortcut even if the resource records are of different types.
In the case of the first resource record, leading whitespace is equivalent to @.
EDIT: @ is shorthand for $ORIGIN
EDIT 2: great link; bookmarked. It even has a section on file naming conventions (although I have chosen to follow the Debian and O'Reilly convention instead).
If I now understand correctly the above error message is because named-checkconf cannot be used for checking zone files such as rev.168.168.192.in-addr.arpa in which the ";" comment introducer is allowed.
named-checkconf is used for checking the named configuration file (typically named.conf). You can use named-checkzone for checking your zone files.
named-checkconf is used for checking the named configuration file (typically named.conf). You can use named-checkzone for checking your zone files.
Thanks MensaWater
It looks as if named-checkzone can be used to check zone files but not to check a reverse lookup zone file:
Code:
root@CW8vDS:/var/chroot/bind9/etc/bind# named-checkzone localdomain db.localdomain
zone localdomain/IN: loaded serial 2011042101
OK
root@CW8vDS:/var/chroot/bind9/etc/bind# named-checkzone localdomain db.192.168.168
db.192.168.168:16: ignoring out-of-zone data (168.168.192.in-addr.arpa)
db.192.168.168:25: ignoring out-of-zone data (168.168.192.in-addr.arpa)
zone localdomain/IN: has 0 SOA records
zone localdomain/IN: has no NS records
zone localdomain/IN: not loaded due to errors.
root@CW8vDS:/var/chroot/bind9/etc/bind# cat db.192.168.168
; Address-to-name pointers for the 192.168.168.0 subnet
; WHEN CHANGING THIS FILE change the serial string!
; The format of this file is explained in O'Reilly's "DNS and BIND" 5th Edition
; in section 4.2. The definitive reference is available from http://www.bind9.net/manuals
; but does not cover comments and blank lines (either in the 9.7.x pdf file or
; the online 9.3.2 HTML).
; Leading space implies an empty (defaulted) "owner name"; for clarity this is
; not used.
; Set the time-to-live of cached data from this zone
$TTL 30m
168.168.192.in-addr.arpa. IN SOA CW8vDS.localdomain. hostmaster.localdomain. (
2011042101 ; serial, format YYYYMMDDII where II is an index
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
; Set CW8vDS as the localdomain Internet name server
168.168.192.in-addr.arpa. IN NS CW8vDS.localdomain.
; Other hosts in numeric order
1 IN PTR router.localdomain.
[snip similar]
51 IN PTR CW8vDS.localdomain.
AFAIK the only way to check a reverse lookup zone file is to use named-checkconf with the -z option on the master configuration file:
Code:
root@CW8vDS:~# named-checkconf -z /var/chroot/bind9/etc/bind/named.conf
zone localdomain/IN: loaded serial 2011042101
zone 168.168.192.in-addr.arpa/IN: loaded serial 2011042101
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
Last edited by catkin; 04-22-2011 at 04:37 AM.
Reason: too many reds!
Note also that named-checkconf -z is used to check all the zone files present in named.conf
Regards
Nice to know that. By the way if your setup is chrooted (as mine is) you can can specify "-t <chrootdir>" along with the -z to make it work. (It didn't work without that.) e.g. if your chroot is the standard RHEL5 one /var/named/chroot (so that etc and var/named are subdirectories of /var/named/chroot) you'd run:
named-checkconf -z -t /var/named/chroot /etc/named.conf
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
