Zone file got updated via named process unexpected
Hi, I have a bind9 service running on the server, and some views configured, but I found a zone file got updated unexpected when I made some resolve changes. Here is parts of the original contents of the updated zone file. $TTL 86400 ; 1 day@ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. (2019091901; serial number10800 ; Refresh interval, every 3 hours3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day$INCLUDE /etc/named.data/db.ynu.edu.cn.common; RR of type A; lb-http-jz IN A 113.55.14.52; vpn110800 IN A 192.168.208.3ynucdn 600 IN A 202.203.208.4.. And this is the auto updated parts of that file. $ORIGIN .$TTL 86400 ; 1 dayynu.edu.cn IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2019091903 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) )$ORIGIN ynu.edu.cn.100 CNAME lb-http65031141 CNAME www.itc$ORIGIN 65031141.ynu.edu.cn.ip-watcher A 113.55.13.114kibana CNAME lb-http.ynu.edu.cn.portainerCNAME lb-http.ynu.edu.cn.$ORIGIN ynu.edu.cn._cdnauth TXT "2023060823081361d03c617f075ac05df69f6309bd9aa6"access A 113.55.0.80.. The update contents contain some $ORIGIN seems to produced via named process. The related pieces of named.conf configurations is: ..view "INTRANET"{match-clients { INTRANET_ACL;};recursion yes;include "/etc/named.common.zones.conf";zone "ynu.edu.cn" in {type master;file "db.ynu.edu.cn.intranet"; };};.. And I found some general logs maybe provide some clues. 14-Dec-2023 14:39:25.460 general: debug 1: zone_timer: zone ynu.edu.cn/IN/INTRANET: enter14-Dec-2023 14:39:25.460 general: debug 1: zone_maintenance: zone ynu.edu.cn/IN/INTRANET: enter14-Dec-2023 14:39:25.460 general: debug 1: zone_dump: zone ynu.edu.cn/IN/INTRANET: enter14-Dec-2023 14:39:25.460 general: debug 1: zone_settimer: zone ynu.edu.cn/IN/INTRANET: enter14-Dec-2023 14:39:25.460 general: debug 1: zone_gotwritehandle: zone ynu.edu.cn/IN/INTRANET: enter14-Dec-2023 14:39:25.460 general: debug 1: dumptostreaminc(0x7efe0d938010) new nodes -> 21214-Dec-2023 14:39:25.461 general: debug 1: dumptostreaminc(0x7efe0d938010) new nodes -> 31014-Dec-2023 14:39:25.464 general: debug 1: dump_done: zone ynu.edu.cn/IN/INTRANET: enter I can confirm that I did not use or configure master/slave mode of bind9. I found this zone file got updated in about 15 minutes when I made changes or restarted named, and this behavior seems match the docs bind9.readthedocs.io/en/latest/chapter6.html#dynamic-update, but I can confirm I DO NOT configure allow-update or update-policy. I even add "allow-update {none;}; // no DDNS by default" in the zone block of the problematic view. Is there any chances this configuration comes from other config file or named build options? I also have posted on stackoverflow, but without any response. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
zone not loaded in one of view
Hi, I have a bind9 authoritative name server running, but I found a strange problem. One of zone in a specific view not loaded when I view the cache_dump.db after I execute `rndc dumpdb -all`. The zone data file is almost the same for difference views execpted some few domain resolution. [root@pridns data]# head -n 20 /etc/named.data/db.ynu.edu.cn.cernet $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2023121601; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; vpn110800 IN A 113.55.110.251 ; lb-http-jz IN A 113.55.14.52 ynucdn 600 IN A 202.203.208.4 ; vpn2IN A 202.203.208.9 [root@pridns data]# head -n 20 /etc/named.data/db.ynu.edu.cn.intranet $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2023121601; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; lb-http-jz IN A 113.55.14.52 ; vpn110800 IN A 192.168.208.3 ynucdn 600 IN A 202.203.208.4 ; vpn2IN A 202.203.208.9 [root@pridns data]# [root@pridns data]# named-checkconf /etc/named.conf [root@pridns data]# echo $? 0 [root@pridns data]# [root@pridns data]# rndc zonestatus ynu.edu.cn in CERNET name: ynu.edu.cn type: primary files: db.ynu.edu.cn.cernet, /etc/named.data/db.ynu.edu.cn.common serial: 2023121601 nodes: 576 last loaded: Sat, 16 Dec 2023 08:00:49 GMT secure: no dynamic: no reconfigurable via modzone: no [root@pridns data]# [root@pridns data]# rndc zonestatus ynu.edu.cn in INTRANET rndc: 'zonestatus' failed: zone not loaded [root@pridns data]# [root@pridns data]# named-checkzone ynu.edu.cn /etc/named.data/db.ynu.edu.cn.intranet zone ynu.edu.cn/IN: loaded serial 2023121601 OK [root@pridns data]# [root@pridns data]# ll /etc/named.data/db.ynu.edu.cn.cernet /etc/named.data/db.ynu.edu.cn.intranet -rw-r--r-- 1 root root 1.3K Dec 16 16:00 /etc/named.data/db.ynu.edu.cn.cernet -rw-r--r-- 1 root root 1.3K Dec 16 16:00 /etc/named.data/db.ynu.edu.cn.intranet [root@pridns data]# And here is parts of content in /var/named/data/cache_dump.db ; Zone dump of 'ynu.edu.cn/IN/INTRANET' ; ; zone not loaded ; ; Zone dump of 'rpz/IN/INTRANET' -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone file got updated via named process unexpected
Sorry for the mixed format. I updated the post here. Hi, I have a bind9 service running on the server, and some views configured, but I found a zone file got updated unexpected when I made some resolve changes. Here is parts of the original contents of the updated zone file. $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2019091901; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; lb-http-jz IN A 113.55.14.52 ; vpn110800 IN A 192.168.208.3 ynucdn 600 IN A 202.203.208.4 .. And this is the auto updated parts of that file. $ORIGIN . $TTL 86400 ; 1 day ynu.edu.cn IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2019091903 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) $ORIGIN ynu.edu.cn. 100 CNAME lb-http 65031141CNAME www.itc $ORIGIN 65031141.ynu.edu.cn. ip-watcher A 113.55.13.114 kibana CNAME lb-http.ynu.edu.cn. portainer CNAME lb-http.ynu.edu.cn. $ORIGIN ynu.edu.cn. _cdnauthTXT "2023060823081361d03c617f075ac05df69f6309bd9aa6" access A 113.55.0.80 .. The update contents contain some $ORIGIN seems to produced via named process. The related pieces of named.conf configurations is: .. view "INTRANET"{ match-clients { INTRANET_ACL;}; recursion yes; include "/etc/named.common.zones.conf"; zone "ynu.edu.cn" in { type master; file "db.ynu.edu.cn.intranet"; }; }; .. And I found some general logs maybe provide some clues. 14-Dec-2023 14:39:25.460 general: debug 1: zone_timer: zone ynu.edu.cn/IN/INTRANET: enter 14-Dec-2023 14:39:25.460 general: debug 1: zone_maintenance: zone ynu.edu.cn/IN/INTRANET: enter 14-Dec-2023 14:39:25.460 general: debug 1: zone_dump: zone ynu.edu.cn/IN/INTRANET: enter 14-Dec-2023 14:39:25.460 general: debug 1: zone_settimer: zone ynu.edu.cn/IN/INTRANET: enter 14-Dec-2023 14:39:25.460 general: debug 1: zone_gotwritehandle: zone ynu.edu.cn/IN/INTRANET: enter 14-Dec-2023 14:39:25.460 general: debug 1: dumptostreaminc(0x7efe0d938010) new nodes -> 212 14-Dec-2023 14:39:25.461 general: debug 1: dumptostreaminc(0x7efe0d938010) new nodes -> 310 14-Dec-2023 14:39:25.464 general: debug 1: dump_done: zone ynu.edu.cn/IN/INTRANET: enter I did not configure master/slave mode of bind9. And I serached the sources of bind9, but failed to find some keywords like zone_timer or zone_gotwritehandle. I have stucked on this strange problem for a few days. I found this zone file got updated in about 15 minutes when I made changes or restarted named, and this behavior seems match the docs bind9.readthedocs.io/en/latest/chapter6.html#dynamic-update, but I can confirm I DO NOT configure allow-update or update-policy. I even add "allow-update {none;}; // no DDNS by default" in the zone block of the problematic view. Is there any chances this configuration comes from other config file or named build options? I have also posted on stackoverflow, but without any response. 2023-12-17 12:04:18 "刘东华" 写道: Hi, I have a bind9 service running on the server, and some views configured, but I found a zone file got updated unexpected when I made some resolve changes. Here is parts of the original contents of the updated zone file. $TTL 86400 ; 1 day@ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. (2019091901; serial number10800 ; Refresh interval, every 3 hours3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day$INCLUDE /etc/named.data/db.ynu.edu.cn.common; RR of type A; lb-http-jz IN A 113.55.14.52; vpn110800 IN A 192.168.208.3ynucdn 600 IN A 202.203.208.4.. And this is the auto updated parts of that file. $ORIGIN .$TTL 86400 ; 1 dayynu.edu.cn IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2019091903 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) )$ORIGIN ynu.edu.cn.100 CNAME lb-http65031141 CNA
Re: Re: Zone file got updated via named process unexpected
hi, I did not use or configure DNSSEC or Dynamic DNS, I have also disabled DNSSEC via `dnssec-validation no;`, I also tried to use `dnssec-enable no;` and `dnssec-lookaside no;`, but these configuration is not exists anymore for the new bind 9.18.20 I updated. I also checked if I am using DNSSEC via `dnssec-checkds`. [root@pridns ~]# dnssec-checkds -f /etc/named.data/db.ynu.edu.cn.intranet ynu.edu.cn dnssec-dsfromkey: fatal: no DNSKEY RR for ynu.edu.cn in /etc/named.data/db.ynu.edu.cn.intranet No DNSKEY records found in zone apex [root@pridns ~]# echo $? 1 [root@pridns ~]# And not log in `dnssec_log` after I configured DNSSEC logging from https://bind9.readthedocs.io/en/latest/dnssec-guide.html#bind-dnssec-debug-logging. Is it a problem of SOA serial number, after I updated this value, the zone file did not change anymore, but this zone does not load from `rndc dumpdb -all` output. # parts of /var/named/data/cache_dump.db ; Zone dump of 'ynu.edu.cn/IN/INTRANET' ; ; zone not loaded [root@pridns ~]# tail -f /var/log/named/dns-default.log|grep 113.55.127.140 19-Dec-2023 09:28:47.481 query-errors: info: client @0x7fe6f000da68 113.55.127.140#54309 (www.ynu.edu.cn): view INTRANET: query failed (zone not loaded) for www.ynu.edu.cn/IN/A at query.c:5673 19-Dec-2023 09:28:47.481 query-errors: info: client @0x7fe70049a218 113.55.127.140#54310 (www.ynu.edu.cn): view INTRANET: query failed (zone not loaded) for www.ynu.edu.cn/IN/ at query.c:5673 19-Dec-2023 09:28:47.483 client: debug 1: client @0x7fe6fd8b9c98 113.55.127.140#54311 (www.ynu.edu.cn): view INTRANET: servfail cache hit www.ynu.edu.cn/A (CD=0) 19-Dec-2023 09:28:47.483 query-errors: info: client @0x7fe6fd8b9c98 113.55.127.140#54311 (www.ynu.edu.cn): view INTRANET: query failed (SERVFAIL) for www.ynu.edu.cn/IN/A at query.c:7094 19-Dec-2023 09:28:47.484 client: debug 1: client @0x7fe70049a218 113.55.127.140#54312 (www.ynu.edu.cn): view INTRANET: servfail cache hit www.ynu.edu.cn/ (CD=0) 19-Dec-2023 09:28:47.484 query-errors: info: client @0x7fe70049a218 113.55.127.140#54312 (www.ynu.edu.cn): view INTRANET: query failed (SERVFAIL) for www.ynu.edu.cn/IN/ at query.c:7094 [root@pridns ~]# However, this zone file /etc/named.data/db.ynu.edu.cn.intranet is almost the same as other zone file from different view. 2023-12-18 04:18:06 "Nick Tait via bind-users" 写道: > On 17/12/2023 5:30 pm, liudong...@ynu.edu.cn wrote: > > I found this zone file got updated in about 15 minutes when I made > > changes or restarted named, and this behavior seems match the docs > > bind9.readthedocs.io/en/latest/chapter6.html#dynamic-update, but I can > > confirm I DO NOT configure allow-update or update-policy. I even add > > "allow-update {none;}; // no DDNS by default" in the zone block of the > > problematic view. Is there any chances this configuration comes from > > other config file or named build options? > > Are you using DNSSEC with this zone? Your config extract doesn't show > it, but what you described sounds like BIND might be resigning the zone > file and writing the new signed zone over top of the original file? If > so, the solution is to use inline-signing: > https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-inline-signing > > Note that there have been many improvements in BIND's support for DNSSEC > over the last few years, so if this is a server that you've inherited, > it is probably worth reviewing the DNSSEC configuration options to see > if it can be improved? > > Nick. > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: zone not loaded in one of view
I found there was a db.ynu.edu.cn.intranet.jnl beside db.ynu.edu.cn.intranet, I tried to remove it, then restarted and checked the new cache_dump.db, no `zone not loaded` anymore. For the original problem, because I modified serial of SOA and updated bind9 to the latest version, it could not reproduce. Maybe it's also the similar issue, but in the older bind 9.11, no jnl file generated via named. 2023-12-17 15:47:43 "Mark Andrews" 写道: Read your logs and/or use named-checkzone and/or tell name-checkconf to load the zones. -- Mark Andrews On 17 Dec 2023, at 15:22, liudong...@ynu.edu.cn wrote: Hi, I have a bind9 authoritative name server running, but I found a strange problem. One of zone in a specific view not loaded when I view the cache_dump.db after I execute `rndc dumpdb -all`. The zone data file is almost the same for difference views execpted some few domain resolution. [root@pridns data]# head -n 20 /etc/named.data/db.ynu.edu.cn.cernet $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2023121601; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; vpn110800 IN A 113.55.110.251 ; lb-http-jz IN A 113.55.14.52 ynucdn 600 IN A 202.203.208.4 ; vpn2IN A 202.203.208.9 [root@pridns data]# head -n 20 /etc/named.data/db.ynu.edu.cn.intranet $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2023121601; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; lb-http-jz IN A 113.55.14.52 ; vpn110800 IN A 192.168.208.3 ynucdn 600 IN A 202.203.208.4 ; vpn2IN A 202.203.208.9 [root@pridns data]# [root@pridns data]# named-checkconf /etc/named.conf [root@pridns data]# echo $? 0 [root@pridns data]# [root@pridns data]# rndc zonestatus ynu.edu.cn in CERNET name: ynu.edu.cn type: primary files: db.ynu.edu.cn.cernet, /etc/named.data/db.ynu.edu.cn.common serial: 2023121601 nodes: 576 last loaded: Sat, 16 Dec 2023 08:00:49 GMT secure: no dynamic: no reconfigurable via modzone: no [root@pridns data]# [root@pridns data]# rndc zonestatus ynu.edu.cn in INTRANET rndc: 'zonestatus' failed: zone not loaded [root@pridns data]# [root@pridns data]# named-checkzone ynu.edu.cn /etc/named.data/db.ynu.edu.cn.intranet zone ynu.edu.cn/IN: loaded serial 2023121601 OK [root@pridns data]# [root@pridns data]# ll /etc/named.data/db.ynu.edu.cn.cernet /etc/named.data/db.ynu.edu.cn.intranet -rw-r--r-- 1 root root 1.3K Dec 16 16:00 /etc/named.data/db.ynu.edu.cn.cernet -rw-r--r-- 1 root root 1.3K Dec 16 16:00 /etc/named.data/db.ynu.edu.cn.intranet [root@pridns data]# And here is parts of content in /var/named/data/cache_dump.db ; Zone dump of 'ynu.edu.cn/IN/INTRANET' ; ; zone not loaded ; ; Zone dump of 'rpz/IN/INTRANET' -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: Re: zone not loaded in one of view
Hi, I do have two `named`, one is original /usr/sbin/named installed via `yum install bind bind-utils` a few years ago, and another /usr/local/sbin/named which I build from source. I did not remember when the jnl file generated, maybe in the first run of new named, I never saw jnl file in the past. When I using the older named, /etc/named.data/db.ynu.edu.cn.intranet always got updated unexpected, detailed information is on Zone file got updated via named process unexpected (isc.org), so I update the named, but this problem still exists. After I make some changes to named.conf like disable DNSSEC or DLV or something else manually or explicitly. The file not changed anymore, but resulted in `zone not loaded`. Now I removed the jnl file and it worked well now. [root@pridns ~]# /usr/sbin/named -v BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.15 (Extended Support Version) [root@pridns ~]# /usr/local/sbin/named -v BIND 9.18.20 (Extended Support Version) [root@pridns ~]# [root@pridns ~]# ll ~/db.ynu.edu.cn.intranet.jnl /etc/named.data/db.ynu.edu.cn.intranet -rw-r--r-- 1 root root 1.3K Dec 16 16:00 /etc/named.data/db.ynu.edu.cn.intranet -rw-r--r-- 1 named named 1.1K Dec 15 17:48 /root/db.ynu.edu.cn.intranet.jnl [root@pridns ~]# 2023-12-19 16:43:36 "Greg Choules" 写道: Hi. The existence of a `.jnl` file for the zone means that, at some point in the past anyway, you *did* allow dynamic updates to this zone and some updates were made, which were stored in the journal file. I would like to ask a couple of questions: 1) What is the timeline of your investigation? Map out file creation and modification dates and times along with log messages and times you made changes to see if you can build a picture of what actually happened when. 2) How many instances of 'named' are running on this server? I have seen in the past people have two or more 'named' processes running that they were not aware of, which *might* cause problems if they are trying to use the same data files. Cheers, Greg On Tue, 19 Dec 2023 at 08:26, wrote: I found there was a db.ynu.edu.cn.intranet.jnl beside db.ynu.edu.cn.intranet, I tried to remove it, then restarted and checked the new cache_dump.db, no `zone not loaded` anymore. For the original problem, because I modified serial of SOA and updated bind9 to the latest version, it could not reproduce. Maybe it's also the similar issue, but in the older bind 9.11, no jnl file generated via named. 2023-12-17 15:47:43 "Mark Andrews" 写道: Read your logs and/or use named-checkzone and/or tell name-checkconf to load the zones. -- Mark Andrews On 17 Dec 2023, at 15:22, liudong...@ynu.edu.cn wrote: Hi, I have a bind9 authoritative name server running, but I found a strange problem. One of zone in a specific view not loaded when I view the cache_dump.db after I execute `rndc dumpdb -all`. The zone data file is almost the same for difference views execpted some few domain resolution. [root@pridns data]# head -n 20 /etc/named.data/db.ynu.edu.cn.cernet $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2023121601; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; vpn110800 IN A 113.55.110.251 ; lb-http-jz IN A 113.55.14.52 ynucdn 600 IN A 202.203.208.4 ; vpn2IN A 202.203.208.9 [root@pridns data]# head -n 20 /etc/named.data/db.ynu.edu.cn.intranet $TTL 86400 ; 1 day @ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. ( 2023121601; serial number 10800 ; Refresh interval, every 3 hours 3600; Retry interval, every 30 minutes 604800 ; Expire after 1 week 86400 ) ;Minimum TTL of 1 day $INCLUDE /etc/named.data/db.ynu.edu.cn.common ; RR of type A ; lb-http-jz IN A 113.55.14.52 ; vpn110800 IN A 192.168.208.3 ynucdn 600 IN A 202.203.208.4 ; vpn2IN A 202.203.208.9 [root@pridns data]# [root@pridns data]# named-checkconf /etc/named.conf [root@pridns data]# echo $? 0 [root@pridns data]# [root@pridns data]# rndc zonestatus ynu.edu.cn in CERNET name: ynu.edu.cn type: primary files: db.ynu.edu.cn.cernet, /etc/named.data/db.ynu.edu.cn.common serial: 2023121601 nodes: 576 last loaded: Sat, 16 Dec 2023 08:00:49 GMT secure: no dynamic: no