One of my zones is failing, don't know why.

[William D. Colburn]

One of my zones doesn't work anymore.  It is an external view for
aoc.nrao.edu.  The master, zia.aoc.nrao.edu can't server it, and the two
slaves are showing an old zone from September 20th.

I see this in the logs.  Is this a helpful clue?  I don't see anything else in 
the logs that looks helpful, but there are a lot of logs...

05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879 
(aoc.nrao.edu): view external: query: aoc.nrao.edu IN SOA +E(0)K (146.88.1.4)
05-Oct-2023 11:19:07.959 client @0x7ff3641e9460 45.91.101.41#55879 
(aoc.nrao.edu): view external: query failed (zone not loaded) for 
aoc.nrao.edu/IN/SOA at query.c:5565

The server is running bind 9.16.43.

The start of the zone looks correct to me.

$ORIGIN .
$TTL 86400
aoc.nrao.edu            IN SOA  zia.aoc.nrao.edu. tech.nrao.edu. (
                                2023100503 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                3600       ; minimum (1 hour)
                                )
                        NS      cv3.cv.nrao.edu.
                        NS      zia.aoc.nrao.edu.
                        NS      sadira.gb.nrao.edu.
                        A       146.88.1.4
                        MX      9 revere-vml.aoc.nrao.edu.
                        MX      30 cv3.cv.nrao.edu.
                        MX      30 io.gb.nrao.edu.
$TTL 300
                        TXT     "v=spf1 mx ~all"
$TTL 86400
$ORIGIN aoc.nrao.edu.
zia                     A       146.88.1.4
                        MX      10 dropbox
                        MX      15 revere-vml
dns                     CNAME   zia
info                    CNAME   zia
[...]

The .conf looks somewhat like this:

    # Domain aoc.nrao.edu INTERNAL
    zone "aoc.nrao.edu" {
        type master;
        file "internal/master/aoc.nrao.edu";
        allow-query {
            any;
        };
        allow-transfer {
            trusted;
            nrao-public-ns;
            nrao-stealth-ns;
        };
        also-notify {           # An ACL doesnt work here! GRRR!
          [various things]
        };
        allow-update {
            146.88.1.4;      # Making sure of nsupdate on zia
            127.0.0.1;
        };
    };


I did a restore from the backups a few weeks ago, and I didn't see anything 
weird there either.



--Schlake
  Sysadmin IV, NRAO
  Work: 575-835-7281 (BACK IN THE OFFICE!)
  Cell: 575-517-5668 (out of work hours)
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users