Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

named-checkzone error 1

Status
Not open for further replies.

Rod_Hutchinson

IS-IT--Management
Apr 22, 2020
6
CA
So I ran through this tutorial on digital ocean and I got to a part where you run checkconf and checkzone, and I got the following error in the checkzone portion.

ran this command rahutch@ns1 $ sudo named-checkzone 1.168.192.in-addr.arpa /etc/bind/zones/db.192.168.1

This is the error I got back:
zone 1.168.192.in-addr.arpa/IN: NS 'ns1.domain.com.1.168.192.in-addr.arpa' has no address records (A or AAAA)
zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.

I have tried several things, added an entry into the /etc/bind/named.conf.local showing ns1.domain.com as an A entry, but that didn't help. Not sure where I went wrong.

this is my db.192.168.1 file:

; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.domain.com. admin.domain.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;

; name servers - NS records
IN NS ns1.domain.com

; PTR Records
205.1 IN PTR ns1.domain.com. ; 192.168.1.205
204.1 IN PTR dc1.domain.com. ; 192.168.1.204
203.1 IN PTR web1.domain.com. ; 192.168.1.203
202.1 IN PTR fp1.domain.com. ; 192.168.1.202

(domain name has been substitued)

Any suggestions of where to start looking?

Thanks in advance.

Rod Hutchinson
 
This should work:

Code:
$TTL 3D       ; default ttl for records without a specified lifetime
$ORIGIN 1.168.192.in-addr.arpa.
@                      IN       SOA     ns1.domain.com. . (
                                        1587664287   ;  serial number
                                        604800       ;  ns refresh
                                        86400        ;  ns retry
                                        2419200      ;  authority expiry
                                        604800      );  min (RFC2308 §4)
                       IN       NS      ns1.domain.com.
205                    IN       PTR     ns1.domain.com.
204                    IN       PTR     dc1.domain.com.
203                    IN       PTR     web1.domain.com.
202                    IN       PTR     fp1.domain.com.
 
Iggsterman:

Golden: All loaded and OK. But help me out here, was it the serial #, or the ORIGIN or the IN NS ns1.domain.com?????

I wouldn't consider myself a newb, but I am inexperienced at getting server software working other than SAMBA.

Thanks for your help, now I should be able to load vCenter and get my environment really cooking.

Cheers

Rod
 
Serial # is not important for the validity of the zone file. I added the ORIGIN where it was missing. Also corrected PTR records which were wrong.
 
More config issues I believe:

When I ping (or generally use any function that uses name resolution) I can ping the IP address, but I only get my domain controller and my File Print servers to respond. Even the DNS ns1 does not reply. I think the issue might be in the forward zone file but I am not sure. What does the ORIGIN statement you put in my reverse file do? Here is my /etc/bind/zones/db.domain.local file:


; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.domain.com. admin.domain.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL

; name servers - NS records
IN NS ns1.domain.com.

; name servers - A records
ns1.domain.com. IN A 192.168.1.205

; 192.168.1.0/24 - A records
fp1.domain.com. IN A 192.168.1.202
web1.domain.com. IN A 192.168.1.203
dc1.domain.com. IN A 192.168.1.204
ubuntu.domain.com. IN A 192.168.1.250
ns1.domain.com. IN A 192.168.1.205
vc1.domain.com. IN A 192.168.1.206


So I can ping, fp1, dc1 and ubuntu, none of the rest of these reply to their name. I have not opened my network to the outside world yet so when I use the FQDN, it just goes to the company I purchased my domain name from.

If you need more info let me know. I have been pounding through BIND documentation, but I am at a loss. Any help would be appreciated.

Cheers

Rod
 
Missed the $ORIGIN. Copy the below. I added the MX record for demonstration purposes. Replace/remove it. If you keep it, add the A record.


Code:
$TTL 86400

@       IN      SOA     ns1.domain.com.  admin.domain.com. (
                        2020042601	; serial number YYMMDDNN
                        604800          ; Refresh
                        86400           ; Retry
                        2419200         ; Expire
                        604800          ; Min TTL
			)

                NS      ns1.domain.com. 

                MX      10 mail.domain.com.


$ORIGIN domain.com.

fp1	IN	A	192.168.1.202 
web1	IN	A	192.168.1.203 
dc1	IN	A	192.168.1.204 
ubuntu	IN	A	192.168.1.250 
ns1	IN	A	192.168.1.205 
vc1	IN	A	192.168.1.206
 
Iggsterman:

No joy. Made the changes; restarted the service and still no reply from web1 or ns1. I have used ping to check connectivity with dc1, fp1 & ubuntu and all are good. But when I try either ns1 or web1 I get "Ping request could not find host web1 (ns1). Please check the name and try again."

So all things being equal would this indicate it is an issue on the hosts themselves???

Been a long weekend. Back to work in the morning (same desk, just have work to do :)

thanks for your help. If you have any other thoughts I would be happy to try them.

Cheers

Rod
 
Can you ping them by IP addresses? If you can then DNS is not to blame. The hosts could be running local firewalls that prohibit ICMP pings.
 
I guess that could be, but they are all fresh installs, I will look into it and if that is the case, I will let you know, while I am putting ketchup on my humble pie :)

Thanks
 
No need for that kind of pie. Get a nice (insert your choice) pie!
Speaking of the installs. Out of the box "new installs" of Windows machines will have ICMP blocked. So go to the Windows Firewall and allow ICMP echo from the subnet that you are originating your "pings".
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top