Ok that was my misunderstanding of named-checkzone. I though I had to check for all $ORIGINs.
I haven't played with IPv6 yet. I hope I'll have a chance to do it eventually. Thanks for your time guys! On Mon, Jun 5, 2017 at 9:49 AM, Mark Elkins <m...@posix.co.za> wrote: > Most certainly - Yes. > > You have a single zone here, thus only: > > named-checkzone example.com example.com.zone > ...should work. > > Wait till you play with a reverse IPv6 zone - where I personally use many > $ORIGIN statements - saves hours of typing and makes reading the Zones so > much easier. > > > > On 05/06/2017 15:40, Bernard Fay wrote: > > I understand what $ORIGIN is doing by reducing the typing and making it > easier to maintain the zone files. > > To Tony, should I understand while using named-checkzone I need to enter > *only* the top domain and named-checkzone will understand the subdomains > defined by the multiple $ORIGIN in the zone file? > > Thanks, > Bernard > > > On Mon, Jun 5, 2017 at 9:18 AM, Tony Finch <d...@dotat.at> wrote: > >> Bernard Fay <bernard....@gmail.com> wrote: >> > >> > I took control of a DNS based on Bind 9.9. One of the zone files have >> > multiple $ORIGIN for example: >> >> The key thing to understand is that $ORIGIN just controls how unqualified >> domain names are expanded into fully-qualified domain names. In >> particular, $ORIGIN is completely independent of zone boundaries. >> >> So in the master file you sketched out, >> >> > $ORIGIN example.com >> > ... >> > $ORIGIN sub1.example.com >> > ... >> > $ORIGIN sub2.example.com >> > ... >> > $ORIGIN sub3.example.com >> > ... >> >> The person who wrote the file is using $ORIGIN in order to abbreviate >> unqualified names in subdomains, but the subdomains are all part of the >> same zone. >> >> The other thing to be aware of is that it is possible to write a zone file >> without any fuly-qualified names, which is why you have to specify the >> zone name when loading the file. (This feature is useful for empty zones, >> for example, but it's usually not a good idea for normal zones.) The zone >> name is used to set the default $ORIGIN and for the zone sanity checks. >> >> So, this works... >> >> > While checking the zone file with: >> > named-checkzone example.com example.com.zone >> > named-checkzone returns ok for the first $ORIGIN. >> >> ...because the zone name you specified on the command line matches the >> contents of the master file. >> >> However, >> >> > named-checkzone sub1.example.com example.com.zone >> > named-checkzone sub2.example.com example.com.zone >> > named-checkzone sub3.example.com example.com.zone >> > named-checkzone reports many "ignoring out-of-zone data (.... >> example.com)" >> >> this doesn't make sense. The master file is one single whole complete >> zone. The subdomains are not separate zones, and you can't load or check >> part of the file. >> >> So the error message is saying that the SOA record and the apex NS records >> at example.com and loads of other records are not subdomains of the zone >> name that you gave on the commamnd line. I usually encounter this error >> when I have accidentally got my zone name and master file name muddled >> up, and once you get used to the error message it's a useful consistency >> check. >> >> Tony. >> -- >> f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h >> punycode >> Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, decreasing 5 >> later >> in southwest. Moderate or rough. Rain at first. Moderate or good. >> > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing > listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > > > -- > Mark James ELKINS - Posix Systems - (South) africa...@posix.co.za > Tel: +27.128070590 <+27%2012%20807%200590> Cell: +27.826010496 > <+27%2082%20601%200496> > For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users