subject:"Re\: named\-checkzone"

Re: named-checkzone as library?

2021-06-30 Thread Tony Finch

Felipe Gasper  wrote:
>
> Is there any public code interface that exposes named-checkzone’s 
> functionality?
> I’d specifically like to have numeric error codes rather than strings.

It isn't easy to do that, I'm afraid.

There are two places that don't do what you want. The source for
named-checkzone is in
https://gitlab.isc.org/isc-projects/bind9/-/tree/main/bin/check

The file named-checkzone.c has the setup and option handling, and
check-tool.c has some of the zone checks - but not all. It deals with
things like using the system resolver to check CNAME or MX records that
point out of the zone.

There are also a load of checks in lib/dns/zone.c - look for
integrity_checks() and the various zone_check_*() functions.
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/lib/dns/zone.c

Both lib/dns/zone.c and bin/check/check-tool.c report their findings by
logging; there isn't an intermediate error code that might describe the
problem. And BIND's error codes are simple errno-style numbers: they can't
say multi-parameter things like "foo.dotat.at/MX points to bar.dotat.at
which is a CNAME".

Tony.
-- 
f.anthony.n.finchhttps://dotat.at/
North Utsire, South Utsire: Variable 2 to 4. Slight or moderate. Fog
patches later. Moderate or good, occasionally very poor later.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Bernard Fay

Ok that was my misunderstanding of named-checkzone. I though I had to check
for all $ORIGINs.

I haven't played with IPv6 yet.  I hope I'll have a chance to do it
eventually.

Thanks for your time guys!



On Mon, Jun 5, 2017 at 9:49 AM, Mark Elkins  wrote:

> Most certainly - Yes.
>
> You have a single zone here, thus only:
>
>  named-checkzone example.com example.com.zone
> ...should work.
>
> Wait till you play with a reverse IPv6 zone - where I personally use many
> $ORIGIN statements - saves hours of typing and makes reading the Zones so
> much easier.
>
>
>
> On 05/06/2017 15:40, Bernard Fay wrote:
>
> I understand what $ORIGIN is doing by reducing the typing and making it
> easier to maintain the zone files.
>
> To Tony, should I understand while using named-checkzone I need to enter
> *only* the top domain and named-checkzone will understand the subdomains
> defined by the multiple $ORIGIN in the zone file?
>
> Thanks,
> Bernard
>
>
> On Mon, Jun 5, 2017 at 9:18 AM, Tony Finch  wrote:
>
>> Bernard Fay  wrote:
>> >
>> > I took control of a DNS based on Bind 9.9.  One of the zone files have
>> > multiple $ORIGIN for example:
>>
>> The key thing to understand is that $ORIGIN just controls how unqualified
>> domain names are expanded into fully-qualified domain names. In
>> particular, $ORIGIN is completely independent of zone boundaries.
>>
>> So in the master file you sketched out,
>>
>> > $ORIGIN example.com
>> > ...
>> > $ORIGIN sub1.example.com
>> > ...
>> > $ORIGIN sub2.example.com
>> > ...
>> > $ORIGIN sub3.example.com
>> > ...
>>
>> The person who wrote the file is using $ORIGIN in order to abbreviate
>> unqualified names in subdomains, but the subdomains are all part of the
>> same zone.
>>
>> The other thing to be aware of is that it is possible to write a zone file
>> without any fuly-qualified names, which is why you have to specify the
>> zone name when loading the file. (This feature is useful for empty zones,
>> for example, but it's usually not a good idea for normal zones.) The zone
>> name is used to set the default $ORIGIN and for the zone sanity checks.
>>
>> So, this works...
>>
>> > While checking the zone file with:
>> > named-checkzone example.com example.com.zone
>> > named-checkzone returns ok for the first $ORIGIN.
>>
>> ...because the zone name you specified on the command line matches the
>> contents of the master file.
>>
>> However,
>>
>> > named-checkzone sub1.example.com example.com.zone
>> > named-checkzone sub2.example.com example.com.zone
>> > named-checkzone sub3.example.com example.com.zone
>> > named-checkzone reports many "ignoring out-of-zone data (
>> example.com)"
>>
>> this doesn't make sense. The master file is one single whole complete
>> zone. The subdomains are not separate zones, and you can't load or check
>> part of the file.
>>
>> So the error message is saying that the SOA record and the apex NS records
>> at example.com and loads of other records are not subdomains of the zone
>> name that you gave on the commamnd line. I usually encounter this error
>> when I have accidentally got my zone name and master file name muddled
>> up, and once you get used to the error message it's a useful consistency
>> check.
>>
>> Tony.
>> --
>> f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h
>> punycode
>> Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, decreasing 5
>> later
>> in southwest. Moderate or rough. Rain at first. Moderate or good.
>>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing 
> listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
>
> --
> Mark James ELKINS  -  Posix Systems - (South) africa...@posix.co.za   
> Tel: +27.128070590 <+27%2012%20807%200590>  Cell: +27.826010496 
> <+27%2082%20601%200496>
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Mark Elkins

Most certainly - Yes.

You have a single zone here, thus only:

 named-checkzone example.com  example.com.zone

...should work.

Wait till you play with a reverse IPv6 zone - where I personally use
many $ORIGIN statements - saves hours of typing and makes reading the
Zones so much easier.


On 05/06/2017 15:40, Bernard Fay wrote:
> I understand what $ORIGIN is doing by reducing the typing and making
> it easier to maintain the zone files.
>
> To Tony, should I understand while using named-checkzone I need to
> enter _only_ the top domain and named-checkzone will understand the
> subdomains defined by the multiple $ORIGIN in the zone file?
>
> Thanks,
> Bernard
>
>
> On Mon, Jun 5, 2017 at 9:18 AM, Tony Finch  > wrote:
>
> Bernard Fay >
> wrote:
> >
> > I took control of a DNS based on Bind 9.9.  One of the zone
> files have
> > multiple $ORIGIN for example:
>
> The key thing to understand is that $ORIGIN just controls how
> unqualified
> domain names are expanded into fully-qualified domain names. In
> particular, $ORIGIN is completely independent of zone boundaries.
>
> So in the master file you sketched out,
>
> > $ORIGIN example.com 
> > ...
> > $ORIGIN sub1.example.com 
> > ...
> > $ORIGIN sub2.example.com 
> > ...
> > $ORIGIN sub3.example.com 
> > ...
>
> The person who wrote the file is using $ORIGIN in order to abbreviate
> unqualified names in subdomains, but the subdomains are all part
> of the
> same zone.
>
> The other thing to be aware of is that it is possible to write a
> zone file
> without any fuly-qualified names, which is why you have to specify the
> zone name when loading the file. (This feature is useful for empty
> zones,
> for example, but it's usually not a good idea for normal zones.)
> The zone
> name is used to set the default $ORIGIN and for the zone sanity
> checks.
>
> So, this works...
>
> > While checking the zone file with:
> > named-checkzone example.com  example.com.zone
> > named-checkzone returns ok for the first $ORIGIN.
>
> ...because the zone name you specified on the command line matches the
> contents of the master file.
>
> However,
>
> > named-checkzone sub1.example.com 
> example.com.zone
> > named-checkzone sub2.example.com 
> example.com.zone
> > named-checkzone sub3.example.com 
> example.com.zone
> > named-checkzone reports many "ignoring out-of-zone data
> (example.com )"
>
> this doesn't make sense. The master file is one single whole complete
> zone. The subdomains are not separate zones, and you can't load or
> check
> part of the file.
>
> So the error message is saying that the SOA record and the apex NS
> records
> at example.com  and loads of other records are
> not subdomains of the zone
> name that you gave on the commamnd line. I usually encounter this
> error
> when I have accidentally got my zone name and master file name muddled
> up, and once you get used to the error message it's a useful
> consistency
> check.
>
> Tony.
> --
> f.anthony.n.finch  > 
> http://dotat.at/  -  I xn--zr8h punycode
> Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8,
> decreasing 5 later
> in southwest. Moderate or rough. Rain at first. Moderate or good.
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za   Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Tony Finch

Bernard Fay  wrote:
>
> should I understand while using named-checkzone I need to enter *only*
> the top domain and named-checkzone will understand the subdomains
> defined by the multiple $ORIGIN in the zone file?

Yes, named-checkzone basically just loads the zone file (the whole thing)
as if it were being loaded by named.

You don't have to have a zone boundary for every subdomain - your zone
file has lots of subdomains all in one zone, and this is completely
normal.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Irish Sea: Cyclonic 6, becoming northwest 6 to gale 8 later. Moderate or
rough. Rain, showers later. Good occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Bernard Fay

I understand what $ORIGIN is doing by reducing the typing and making it
easier to maintain the zone files.

To Tony, should I understand while using named-checkzone I need to enter
*only* the top domain and named-checkzone will understand the subdomains
defined by the multiple $ORIGIN in the zone file?

Thanks,
Bernard


On Mon, Jun 5, 2017 at 9:18 AM, Tony Finch  wrote:

> Bernard Fay  wrote:
> >
> > I took control of a DNS based on Bind 9.9.  One of the zone files have
> > multiple $ORIGIN for example:
>
> The key thing to understand is that $ORIGIN just controls how unqualified
> domain names are expanded into fully-qualified domain names. In
> particular, $ORIGIN is completely independent of zone boundaries.
>
> So in the master file you sketched out,
>
> > $ORIGIN example.com
> > ...
> > $ORIGIN sub1.example.com
> > ...
> > $ORIGIN sub2.example.com
> > ...
> > $ORIGIN sub3.example.com
> > ...
>
> The person who wrote the file is using $ORIGIN in order to abbreviate
> unqualified names in subdomains, but the subdomains are all part of the
> same zone.
>
> The other thing to be aware of is that it is possible to write a zone file
> without any fuly-qualified names, which is why you have to specify the
> zone name when loading the file. (This feature is useful for empty zones,
> for example, but it's usually not a good idea for normal zones.) The zone
> name is used to set the default $ORIGIN and for the zone sanity checks.
>
> So, this works...
>
> > While checking the zone file with:
> > named-checkzone example.com example.com.zone
> > named-checkzone returns ok for the first $ORIGIN.
>
> ...because the zone name you specified on the command line matches the
> contents of the master file.
>
> However,
>
> > named-checkzone sub1.example.com example.com.zone
> > named-checkzone sub2.example.com example.com.zone
> > named-checkzone sub3.example.com example.com.zone
> > named-checkzone reports many "ignoring out-of-zone data (example.com
> )"
>
> this doesn't make sense. The master file is one single whole complete
> zone. The subdomains are not separate zones, and you can't load or check
> part of the file.
>
> So the error message is saying that the SOA record and the apex NS records
> at example.com and loads of other records are not subdomains of the zone
> name that you gave on the commamnd line. I usually encounter this error
> when I have accidentally got my zone name and master file name muddled
> up, and once you get used to the error message it's a useful consistency
> check.
>
> Tony.
> --
> f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h
> punycode
> Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, decreasing 5
> later
> in southwest. Moderate or rough. Rain at first. Moderate or good.
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Mark Andrews


In message 
, Bernard Fay writes:
> Sorry keyboard problem...
> 
> 
> I took control of a DNS based on Bind 9.9.  One of the zone files have
> multiple $ORIGIN for example:
> 
> $ORIGIN example.com
> ...
> $ORIGIN sub1.example.com
> ...
> $ORIGIN sub2.example.com
> ...
> $ORIGIN sub3.example.com
> ...
> 
> 
> While checking the zone file with:
> named-checkzone example.com example.com.zone
> named-checkzone returns ok for the first $ORIGIN.
> 
> But doing
> named-checkzone sub1.example.com example.com.zone
> named-checkzone sub2.example.com example.com.zone
> named-checkzone sub3.example.com example.com.zone
> named-checkzone reports many "ignoring out-of-zone data (example.com)"
> 
> Using multiple $ORIGIN in a single zone file works but named-checkzone does
> not seem to like the idea.
> 
> Is there something wrong by using multiple $ORIGIN in a single zone file or
> my understanding of named-checkzone is wrong?

Your understanding of what $ORIGIN does in a master file is wrong.
It is a way to reduce the amount of typing you do by setting the
suffix to be appended to non absolute names though over use will
defeat that.

$ORIGIN example.com.
@ SOA ns hostmaster 0 0 0 0 0
@ NS ns
ns A 1.1.1.1
$ORIGIN sub1.example.com.
@ A 1.2.3.4
$ORIGIN sub2.example.com.
@ A 1.2.3.8

expanded is

example.com. SOA ns.example.com. hostmaster.example.com. 0 0 0 0 0
example.com. NS ns
ns.example.com. A 1.1.1.1
sub1.example.com. A 1.2.3.4
sub2.example.com. A 1.2.3.8

$ORIGIN doesn't mean start of a zone though every zone has a implict
$ORIGIN set when it is being loaded.
 
> Thanks,
> Bernard
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Tony Finch

Bernard Fay  wrote:
>
> I took control of a DNS based on Bind 9.9.  One of the zone files have
> multiple $ORIGIN for example:

The key thing to understand is that $ORIGIN just controls how unqualified
domain names are expanded into fully-qualified domain names. In
particular, $ORIGIN is completely independent of zone boundaries.

So in the master file you sketched out,

> $ORIGIN example.com
> ...
> $ORIGIN sub1.example.com
> ...
> $ORIGIN sub2.example.com
> ...
> $ORIGIN sub3.example.com
> ...

The person who wrote the file is using $ORIGIN in order to abbreviate
unqualified names in subdomains, but the subdomains are all part of the
same zone.

The other thing to be aware of is that it is possible to write a zone file
without any fuly-qualified names, which is why you have to specify the
zone name when loading the file. (This feature is useful for empty zones,
for example, but it's usually not a good idea for normal zones.) The zone
name is used to set the default $ORIGIN and for the zone sanity checks.

So, this works...

> While checking the zone file with:
> named-checkzone example.com example.com.zone
> named-checkzone returns ok for the first $ORIGIN.

...because the zone name you specified on the command line matches the
contents of the master file.

However,

> named-checkzone sub1.example.com example.com.zone
> named-checkzone sub2.example.com example.com.zone
> named-checkzone sub3.example.com example.com.zone
> named-checkzone reports many "ignoring out-of-zone data (example.com)"

this doesn't make sense. The master file is one single whole complete
zone. The subdomains are not separate zones, and you can't load or check
part of the file.

So the error message is saying that the SOA record and the apex NS records
at example.com and loads of other records are not subdomains of the zone
name that you gave on the commamnd line. I usually encounter this error
when I have accidentally got my zone name and master file name muddled
up, and once you get used to the error message it's a useful consistency
check.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, decreasing 5 later
in southwest. Moderate or rough. Rain at first. Moderate or good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Reindl Harald




Am 05.06.2017 um 14:36 schrieb Bernard Fay:

Sorry keyboard problem...


I took control of a DNS based on Bind 9.9.  One of the zone files have 
multiple $ORIGIN for example:


$ORIGIN example.com 
...

$ORIGIN sub1.example.com
...
$ORIGIN sub2.example.com 
...
$ORIGIN sub3.example.com 
...


While checking the zone file with:
named-checkzone example.com  example.com.zone
named-checkzone returns ok for the first $ORIGIN.

But doing
named-checkzone sub1.example.com  example.com.zone
named-checkzone sub2.example.com  example.com.zone
named-checkzone sub3.example.com  example.com.zone
named-checkzone reports many "ignoring out-of-zone data (example.com 
)"


Using multiple $ORIGIN in a single zone file works but named-checkzone 
does not seem to like the idea.


Is there something wrong by using multiple $ORIGIN in a single zone file 
or my understanding of named-checkzone is wrong?


you strip way too much from your config as well as input/output of 
named-checkzone and the mess in the quoting above is the result of HTML 
converted to sane plaintext as typically encouraged on lists


what is the purpose of obfuscate 'DNS DATA* that much?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone with multiple $ORIGIN

2017-06-05 Thread Bernard Fay

Sorry keyboard problem...

I took control of a DNS based on Bind 9.9.  One of the zone files have
multiple $ORIGIN for example:

$ORIGIN example.com
...
$ORIGIN sub1.example.com
...
$ORIGIN sub2.example.com
...
$ORIGIN sub3.example.com
...

While checking the zone file with:
named-checkzone example.com example.com.zone
named-checkzone returns ok for the first $ORIGIN.

But doing
named-checkzone sub1.example.com example.com.zone
named-checkzone sub2.example.com example.com.zone
named-checkzone sub3.example.com example.com.zone
named-checkzone reports many "ignoring out-of-zone data (example.com)"

Using multiple $ORIGIN in a single zone file works but named-checkzone does
not seem to like the idea.

Is there something wrong by using multiple $ORIGIN in a single zone file or
my understanding of named-checkzone is wrong?

Thanks,
Bernard

On Mon, Jun 5, 2017 at 8:27 AM, Bernard Fay  wrote:

> Hi,
>
> I took control of a DNS based on Bind 9.9.  One of the zone files have
> multiple $ORIGIN for example:
>
> $ORIGIN example.com
> ...
> $ORIGIN sub1.example.com
> ...
> $ORIGIN sub2.example.com
> ...
> $ORIGIN sub3.example.com
> ...
>
>
> While checking the zone file with:
> named-checkzone example.com example.com.zone
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone Test Runs

2010-10-13 Thread Martin McCormick

I wrote:
 I am testing bind9.7 and seem to not be correctly defining the
 path to the localhost forward and reverse zones which are in
 /var/named/etc/namedb/master. After the chroot, they should be
 found by a path of named/etc/namedb/master but so far nothing
 seems to work.

My thanks to a member of this list for helping me better use the
available tools.

I had been using named-checkzone and named-checkconf for
years to check syntax but these do so much more. Many thanks to
the ISC community for designing such good applications.

Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named-checkzone Test Runs

2010-10-13 Thread Lightner, Jeff

Can you share what you're talking about since it appears you're saying
you got the reply off list?

-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Martin McCormick
Sent: Wednesday, October 13, 2010 4:54 PM
To: bind-us...@isc.org
Subject: Re: named-checkzone Test Runs 

I wrote:
 I am testing bind9.7 and seem to not be correctly defining the
 path to the localhost forward and reverse zones which are in
 /var/named/etc/namedb/master. After the chroot, they should be
 found by a path of named/etc/namedb/master but so far nothing
 seems to work.

My thanks to a member of this list for helping me better use the
available tools.

I had been using named-checkzone and named-checkconf for
years to check syntax but these do so much more. Many thanks to
the ISC community for designing such good applications.

Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Proud partner. Susan G. Komen for the Cure.

Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone Test Runs

2010-10-13 Thread Martin McCormick

A list member wrote:
 named-checkzone doesn't need to read the named.conf file - it just makes 
 sure that the zone is correct.  if you want to check named.conf, you will 
 need to use named-checkconf
 
 For checking config, try
 
 named-checkconf -t [chroot directory] [relative path to named.conf]
 
 So, for you (if I understand your setup correctly) maybe something like
 
 named-checkconf -t /var/named /etc/named.conf
 
 
 
 For checking zones, try
 
 named-checkzone -w [working directory] [zonename] [relative path to the 
 zonefile]

This was a good reminder. After re-reading the man page
for named-checkzone, I tried named-compilezone and got it to
print out a usable zone plus analyse the quality of the records
in the zone. It appears that this is good for finding orphaned
MX records, etc.

named-compilezone -oDOMAIN.ZONE -j -k ignore okstate.edu 
/var/named/db/zonefilename

This compiles a useble zone, ignores name warnings and prints
all the dodgy MX records and other possible issues you may have
with this zone.

Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone Test Runs

2010-10-13 Thread Martin McCormick

For the sake of thoroughness, the -j flag causes
named-compilezone to also look at the .jnl files so that the
zone you getis as up to date as possible.

Martin
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone

2010-06-25 Thread Joseph S D Yao

On Thu, Jun 24, 2010 at 04:37:45PM -0400, Paul Amaral wrote:
 I was thinking more instantaneous without moving things around. I looked at 
 vim vimrc autocmd but I couldn't get named-checkzone to execute and I would 
 still have to somehow have named-checkzone look at the last zone that was 
 edited. 
 
 Good suggestion though.


Check $PATH or use the full file name from /.


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone

2010-06-25 Thread Joseph S D Yao

On Thu, Jun 24, 2010 at 03:46:37PM -0400, P.A wrote:
 Hi, im trying to get some ideas how I can exec named-checkzone on a zone
 file that has just been executed. We have com users who edit zone files but
 forget to run the command when they are do editing the file.  Trying to
 figure out if anyone has a good way of enforcing that the zone gets checked
 after its been edited.


Shell command file that
(1) Checks it out of version control [RCS, Subversion, git, whatever]
(2) Throws it into ${EDITOR:-vi}
(3) Runs named-checkzone using zone name based on file name
(4) If it fails, let the user absorb the error msg before goto (2)
(5) If it succeeds, ask the user whether to edit again or commit
(6) Check it back into version control
(7) rndc reload


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named-checkzone

2010-06-24 Thread Taylor, Gord

My suggestion is to create a backup copy of the (current) zone files in
another directory. Only allow the users to edit those files, then
execute a shell script that checks them, and only moves them to the
production directory once the named-checkzone (and named-checkconf)
works correctly. Otherwise, returns an error.
 
The only thing we don't check is that the SOA serial has been
incremented because our DNS file editor does that automatically...

 


From: bind-users-bounces+gord.taylor=rbc@lists.isc.org
[mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf
Of P.A
Sent: 2010, June, 24 3:47 PM
To: bind-us...@isc.org
Subject: named-checkzone



Hi, im trying to get some ideas how I can exec named-checkzone on a zone
file that has just been executed. We have com users who edit zone files
but forget to run the command when they are do editing the file.  Trying
to figure out if anyone has a good way of enforcing that the zone gets
checked after its been edited.

 

Thanks Paul.

___

This e-mail may be privileged and/or confidential, and the sender does not waive
any related rights and obligations. Any distribution, use or copying of this 
e-mail or the information
it contains by other than an intended recipient is unauthorized.
If you received this e-mail in error, please advise me (by return e-mail or 
otherwise) immediately.

Ce courriel peut contenir des renseignements protégés et confidentiels.
Lexpéditeur ne renonce pas aux droits et obligations qui sy rapportent.
Toute diffusion, utilisation ou copie de ce courriel ou des renseignements 
quil contient
par une personne autre que le destinataire désigné est interdite.
Si vous recevez ce courriel par erreur, veuillez men aviser immédiatement, 
par retour de courriel ou par un autre moyen.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named-checkzone

2010-06-24 Thread Paul Amaral

I was thinking more instantaneous without moving things around. I looked at vim 
vimrc autocmd but I couldn’t get named-checkzone to execute and I would still 
have to somehow have named-checkzone look at the last zone that was edited. 

 

Good suggestion though.

 

From: Taylor, Gord [mailto:gord.tay...@rbc.com] 
Sent: Thursday, June 24, 2010 4:32 PM
To: P.A; bind-us...@isc.org
Subject: RE: named-checkzone

 

My suggestion is to create a backup copy of the (current) zone files in another 
directory. Only allow the users to edit those files, then execute a shell 
script that checks them, and only moves them to the production directory once 
the named-checkzone (and named-checkconf) works correctly. Otherwise, returns 
an error.

 

The only thing we don't check is that the SOA serial has been incremented 
because our DNS file editor does that automatically...


 

  _  

From: bind-users-bounces+gord.taylor=rbc@lists.isc.org 
[mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A
Sent: 2010, June, 24 3:47 PM
To: bind-us...@isc.org
Subject: named-checkzone

Hi, im trying to get some ideas how I can exec named-checkzone on a zone file 
that has just been executed. We have com users who edit zone files but forget 
to run the command when they are do editing the file.  Trying to figure out if 
anyone has a good way of enforcing that the zone gets checked after its been 
edited.

 

Thanks Paul.

___

This e-mail may be privileged and/or confidential, and the sender does not waive
any related rights and obligations. Any distribution, use or copying of this 
e-mail or the information
it contains by other than an intended recipient is unauthorized.
If you received this e-mail in error, please advise me (by return e-mail or 
otherwise) immediately.

Ce courriel peut contenir des renseignements protégés et confidentiels.
L’expéditeur ne renonce pas aux droits et obligations qui s’y rapportent.
Toute diffusion, utilisation ou copie de ce courriel ou des renseignements 
qu’il contient
par une personne autre que le destinataire désigné est interdite.
Si vous recevez ce courriel par erreur, veuillez m’en aviser immédiatement, 
par retour de courriel ou par un autre moyen.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named-checkzone

2010-06-24 Thread Todd Snyder

If you wanted to throw CVS into the mix, it would make all this pretty easy.  
You can have it run scripts on checkin, and you know all the files changed from 
a cvs diff, so it’s easy to run that through the named-checkzone.

CVS doesn’t have to make things much more complicated.  You could create a 
script that when run (ex: vizone zonename) would checkout the zonefiles 
project, and open a vi for the session.  then, when closed, it would checkin 
the zonefile and run the verification script.  Heck, you could just alias “vi” 
to your script if that is all your user does with vi, or if you use a unique 
account for DNS changes.

t.

From: bind-users-bounces+tsnyder=rim@lists.isc.org 
[mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of P.A
Sent: Thursday, June 24, 2010 4:38 PM
To: 'Taylor, Gord'; bind-us...@isc.org
Subject: named-checkzone


I was thinking more instantaneous without moving things around. I looked at vim 
vimrc autocmd but I couldn’t get named-checkzone to execute and I would still 
have to somehow have named-checkzone look at the last zone that was edited.

Good suggestion though.

From: Taylor, Gord [mailto:gord.tay...@rbc.com]
Sent: Thursday, June 24, 2010 4:32 PM
To: P.A; bind-us...@isc.org
Subject: RE: named-checkzone

My suggestion is to create a backup copy of the (current) zone files in another 
directory. Only allow the users to edit those files, then execute a shell 
script that checks them, and only moves them to the production directory once 
the named-checkzone (and named-checkconf) works correctly. Otherwise, returns 
an error.

The only thing we don't check is that the SOA serial has been incremented 
because our DNS file editor does that automatically...



From: bind-users-bounces+gord.taylor=rbc@lists.isc.org 
[mailto:bind-users-bounces+gord.taylor=rbc@lists.isc.org] On Behalf Of P.A
Sent: 2010, June, 24 3:47 PM
To: bind-us...@isc.org
Subject: named-checkzone
Hi, im trying to get some ideas how I can exec named-checkzone on a zone file 
that has just been executed. We have com users who edit zone files but forget 
to run the command when they are do editing the file.  Trying to figure out if 
anyone has a good way of enforcing that the zone gets checked after its been 
edited.

Thanks Paul.
___

This e-mail may be privileged and/or confidential, and the sender does not waive
any related rights and obligations. Any distribution, use or copying of this 
e-mail or the information
it contains by other than an intended recipient is unauthorized.
If you received this e-mail in error, please advise me (by return e-mail or 
otherwise) immediately.

Ce courriel peut contenir des renseignements protégés et confidentiels.
Lexpéditeur ne renonce pas aux droits et obligations qui sy rapportent.
Toute diffusion, utilisation ou copie de ce courriel ou des renseignements 
quil contient
par une personne autre que le destinataire désigné est interdite.
Si vous recevez ce courriel par erreur, veuillez men aviser immédiatement,
par retour de courriel ou par un autre moyen.

-
This transmission (including any attachments) may contain confidential 
information, privileged material (including material protected by the 
solicitor-client or other applicable privileges), or constitute non-public 
information. Any use of this information by anyone other than the intended 
recipient is prohibited. If you have received this transmission in error, 
please immediately reply to the sender and delete this information from your 
system. Use, dissemination, distribution, or reproduction of this transmission 
by unintended recipients is not authorized and may be unlawful.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named-checkzone behavior change?

2010-05-10 Thread Jack Tavares

Correction:

I am calling named-checkzone not checkconf.
this:
named-checkconf -k ignore -n ignore -i none test.net. zonefile

should read
named-checkzone -k ignore -n ignore -i none test.net. zonefile

the rest of the email is correct

From: Jack Tavares
Sent: Monday, May 10, 2010 12:49 PM
To: bind-users@lists.isc.org
Subject: named-checkzone behavior change?

I have downloaded 9.7.0-P1 and I am running into something odd with 
named-checkzone
I have a simple zone with an NS record that has no A or  record.

named-checkzone has flags to ignore this. and this same command (see below) 
worked in 9.6

but given this zone file
test.net. 500 IN SOA d88.test.net. hostmaster.d88.test.net. 2010051001 10800 
3600 604800 86400
test.net. 500 IN NS d88.test.net.

gives

zone test.net/IN: NS 'd88.test.net' has no address records (A or )
zone test.net/IN: not loaded due to errors.

Is this a bug? or do I have a flag missing or incorrect?



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: named-checkzone behavior change?

2010-05-10 Thread Jack Tavares

I see this was intentional.
2800. [func]Reject zones which have NS records which 
refer to
CNAMEs, DNAMEs or don't have 
address record (class IN
only).  Reject UPDATEs which 
would cause the zone
to fail the above checks if 
committed. [RT #20678]

From: Jack Tavares
Sent: Monday, May 10, 2010 12:54 PM
To: Jack Tavares; bind-users@lists.isc.org
Subject: RE: named-checkzone behavior change?

Correction:

I am calling named-checkzone not checkconf.
this:
named-checkconf -k ignore -n ignore -i none test.net. zonefile

should read
named-checkzone -k ignore -n ignore -i none test.net. zonefile

the rest of the email is correct

From: Jack Tavares
Sent: Monday, May 10, 2010 12:49 PM
To: bind-users@lists.isc.org
Subject: named-checkzone behavior change?

I have downloaded 9.7.0-P1 and I am running into something odd with 
named-checkzone
I have a simple zone with an NS record that has no A or  record.

named-checkzone has flags to ignore this. and this same command (see below) 
worked in 9.6

but given this zone file
test.net. 500 IN SOA d88.test.net. hostmaster.d88.test.net. 2010051001 10800 
3600 604800 86400
test.net. 500 IN NS d88.test.net.

gives

zone test.net/IN: NS 'd88.test.net' has no address records (A or )
zone test.net/IN: not loaded due to errors.

Is this a bug? or do I have a flag missing or incorrect?



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named-checkzone as library?

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone with multiple $ORIGIN

Re: named-checkzone Test Runs

RE: named-checkzone Test Runs

Re: named-checkzone Test Runs

Re: named-checkzone Test Runs

Re: named-checkzone

Re: named-checkzone

RE: named-checkzone

RE: named-checkzone

RE: named-checkzone

RE: named-checkzone behavior change?

RE: named-checkzone behavior change?

20 matches

Site Navigation

Mail list logo

Footer information