ignoring out-of-zone data

[Bit Twister]

Thanks in advance for any replies.

What needs changing to avoid the ignoring out-of-zone data data problems?

# named-checkzone home /var/named/home.zone
/var/named/home.zone:18: ignoring out-of-zone data (myrtr.home.test)
/var/named/home.zone:19: ignoring out-of-zone data (tb.home.test)
/var/named/home.zone:20: ignoring out-of-zone data (wb.home.test)
<snipped all the other failures>
/var/named/home.zone:29: ignoring out-of-zone data (mtv.home.test)
zone home/IN: loaded serial 2022121001
OK
zone home/IN: final reference detached



# cat /var/named/home.zone
; Created by /local/bin/set_home_zones Sat 10 Dec 09:57 2022
$TTL 1D
@ IN SOA wb.home.test. root.wb.home.test. (
2022121001 ; Serial num yyymmddnn
1D ; Refresh
6H ; Retry
1W ; Expire
1H ; Minimum TTL
)
; DNS Servers
@ IN NS wb.home.test.
ns IN A 192.168.50.132
;
; also list other Machine Names
mail A 127.0.0.2
news IN CNAME wb.home.test.
localhost A 127.0.0.1
myrtr.home.test. IN A 192.168.50.1
tb.home.test. IN A 192.168.50.100
wb.home.test. IN A 192.168.50.132
wb1.home.test. IN A 192.168.50.133
wb4.home.test. IN A 192.168.50.140
ptr.home.test. IN A 192.168.50.190
scr.home.test. IN A 192.168.50.190
webcam4.wcams.test. IN A 192.168.50.195
webcam3.wcams.test. IN A 192.168.50.196
webcam2.wcams.test. IN A 192.168.50.197
webcam.wcams.test. IN A 192.168.50.198
mtv.home.test. IN A 192.168.50.200
; end of /var/named/home.zone

]# host wb.home.test
Host wb.home.test not found: 3(NXDOMAIN)

]$ hostname
wb.home.test

$ hostname --ip-address
192.168.50.132

$ grep hosts: /etc/nsswitch.conf
# hosts: mdns4_minimal files nis dns mdns4 myhostname
hosts: files dns myhostname

[David W. Hodgins]

The $ORIGIN line is missing. Assuming it's added as
$ORIGIN home.test.
Lines such as
wb.home.test. IN A 192.168.50.132
should be changed to
wb IN A 192.168.50.132

So don't repeat what's in the ORIGIN in the names and don't use a trailing
period in the host names. The trailing dot for name lookups only go in the
domain name in the $ORIGIN line. For reverse name lookups they go in all names.

It's probably easier to show an example that is working.
In /etc/named.conf I've appeneded ...

zone "homeip.net" IN {
type master;
file "myzone";
allow-update { none; };
};

zone "10.168.192.in-addr.arpa" IN {
type master;
file "myreverse";
allow-update { none; };
};

# head -n 21 /var/named/myzone
$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101
i7v.hodgins A 192.168.10.115

# head -n 14 /var/named/myreverse
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 1D
@ IN SOA hodgins.homeip.net. hostmaster.homeip.net. (
200405190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
; define the authoritative name server
NS hodgins.homeip.net.
; our hosts, in numeric order
2 PTR x3.hodgins.homeip.net.
14 PTR x8t.hodgins.homeip.net.

Because I've used an existing domain, homeip.net, if I want to access a system
that uses the real homeip.net I have to put an outside dns server such as
google before mine in resolv.conf

As you are using a domain ending in test, that will not work for some software
that prohibits the use of rfc1918 domains. The first case I ran into with that
was kerberos.

$ nslookup x3.hodgins.homeip.net
Server: ::1
Address: ::1#53

Name: x3.hodgins.homeip.net
Address: 192.168.10.2
$ nslookup 192.168.10.2
2.10.168.192.in-addr.arpa name = x3.hodgins.homeip.net.

Regards, Dave Hodgins

[Bit Twister]

On Sat, 10 Dec 2022 15:15:11 -0500, David W. Hodgins wrote:
> On Sat, 10 Dec 2022 13:34:39 -0500, Bit Twister <BitTw...@mouse-potato.com> wrote:
>
>> Thanks in advance for any replies.
>>
>> What needs changing to avoid the ignoring out-of-zone data data problems?
>>
>> # named-checkzone home /var/named/home.zone
>> /var/named/home.zone:18: ignoring out-of-zone data (myrtr.home.test)
>> /var/named/home.zone:19: ignoring out-of-zone data (tb.home.test)
>> /var/named/home.zone:20: ignoring out-of-zone data (wb.home.test)
>> <snipped all the other failures>
>> /var/named/home.zone:29: ignoring out-of-zone data (mtv.home.test)
>> zone home/IN: loaded serial 2022121001
>> OK
>> zone home/IN: final reference detached
>>
>>
>>

]$ cat /etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

domain home.test
nameserver 127.0.0.1
nameserver 8.8.8.8
search home.test tuner.test

>
> As you are using a domain ending in test, that will not work for some software
> that prohibits the use of rfc1918 domains. The first case I ran into with that
> was kerberos.
>
> $ nslookup x3.hodgins.homeip.net
> Server: ::1
> Address: ::1#53

Assuming I got your values right; Are you getting a clean run from

named-checkzone homeip.net /var/named/myzone
and
named-checkzone 10.168.192.in-addr.arpa /var/named/myreverse
?
still getting
$ named-checkzone home /var/named/home.zone
/var/named/home.zone:4: ignoring out-of-zone data (home.test)
/var/named/home.zone:13: ignoring out-of-zone data (localhost.home.test)
/var/named/home.zone:16: ignoring out-of-zone data (mail.home.test)
/var/named/home.zone:17: ignoring out-of-zone data (news.home.test)
/var/named/home.zone:18: ignoring out-of-zone data (home-router-lan.home.test)

/var/named/home.zone:19: ignoring out-of-zone data (tb.home.test)
/var/named/home.zone:20: ignoring out-of-zone data (wb.home.test)

< snipped rest of same>

$ cat -n /var/named/home.zone
1 ; Created by /local/bin/set_home_zones Sat 10 Dec 21:55 2022
2 $ORIGIN home.test.
3 $TTL 1D
4 @ IN SOA wb wb.home.test. (
5 2022121001 ; Serial num yyymmddnn
6 1D ; Refresh
7 6H ; Retry
8 1W ; Expire
9 1H ; Minimum TTL
10 )
11 ; DNS Servers
12 NS wb
13 localhost A 127.0.0.1
14 ;
15 ; also list other Machine Names
16 mail A 127.0.0.2
17 news IN CNAME wb.home.test.
18 home-router-lan IN A 192.168.50.1
19 tb IN A 192.168.50.100
20 wb IN A 192.168.50.132
21 wb1 IN A 192.168.50.133
22 wb4 IN A 192.168.50.140
23 ptr IN A 192.168.50.190
24 scanner IN A 192.168.50.190
25 webcam4 IN A 192.168.50.195
26 webcam3 IN A 192.168.50.196
27 webcam2 IN A 192.168.50.197
28 webcam IN A 192.168.50.198
29 mtv IN A 192.168.50.200
30 ; end of /var/named/home.zone

[Bit Twister]

On Sun, 11 Dec 2022 00:44:32 -0500, David W. Hodgins wrote:
> ------------7F0lT4UhMgpWfXoUTRCWdf
> Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
> Content-Transfer-Encoding: 8bit

>
> On Sat, 10 Dec 2022 23:10:14 -0500, Bit Twister <BitTw...@mouse-potato.com> wrote:
>> Assuming I got your values right; Are you getting a clean run from
>>
>> named-checkzone homeip.net /var/named/myzone
>> and
>> named-checkzone 10.168.192.in-addr.arpa /var/named/myreverse
>> ?
>

> [root@x3 ~]# named-checkzone homeip.net /var/named/myzone
> zone homeip.net/IN: loaded serial 201201021
> OK
> [root@x3 ~]# named-checkzone 10.168.192.in-addr.arpa /var/named/myreverse
> zone 10.168.192.in-addr.arpa/IN: loaded serial 200405190
> OK
>
> Attaching a version that passes
> $ named-checkzone home.test ./wbzone
> zone home.test/IN: loaded serial 2022121001
> OK
>
> I've set the zone to home.test, changed tabs to spaces and fixed some syntax
> errors including removing 'IN' where it doesn't belong, putting the closing
> bracket for the SOA in the proper place, and fixing up the spacing.

And after converting base64 to david.txt, it passes test. ;)

I modified my set_named_zones script to conform to your copy,
ran my named_changes script to do all my changes.

No change. Tried editing home.zone verbiage and still no change.
Tried editing out tabs and modified spacing to match yours, and still no change.

What the hell. Copied your text file to /var/named.zone, and still no change.

Reran david.txt test and now it fails. I am sooo lucky. :(

I have no idea what causes the failure.

You mentioned only change to /etc/named.conf was append zones.

Running cauldron release 9 and "systemctl restart named" complained about no
rndc_key so I modified my named_changes script to fold in rndc changes.

Copy of my /etc/named.conf changes:

Basic change is disable ipv6 and dnssec-validation and append rndc_key_changes
and zone definitions.



$ dif /var/local/vorig/etc/named.conf_vinstall /etc/named.conf
0a1
> // Changed by /local/bin/named_03_named_conf_changes Sun 11 Dec 00:16 2022
12c13
< listen-on-v6 port 53 { ::1; };
---
> // listen-on-v6 port 53 { ::1; };
33c34
< dnssec-validation yes;
---
> dnssec-validation no;
59a61,124
>
> /* Created by /local/bin/named_02_rndc_key_changes Sun 11 Dec 00:16 2022 */
> key "rndc-key" {
> algorithm hmac-sha256;
> secret "QHTvaZzPs7T snipped";
> };
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
> /* ******* end of /etc/named_rncd_key.txt ********* */
>
> #* ************************************************ *#
> #* Created by /local/bin/set_home_zones Sun 11 Dec 00:16 2022 *#
> #* ************************************************ *#
> /* build_zones home 192.168 */
>
> zone "home" IN {
> type master;
> file "home.zone";
> allow-update { none; };
> };


snipped several other zone definitions.

No idea where to look next.

Thank you for your time and efforts.

[David W. Hodgins]

On Sun, 11 Dec 2022 03:00:45 -0500, Bit Twister <BitTw...@mouse-potato.com> wrote:
> And after converting base64 to david.txt, it passes test. ;)
> I modified my set_named_zones script to conform to your copy,
> ran my named_changes script to do all my changes.
>
> No change. Tried editing home.zone verbiage and still no change.
> Tried editing out tabs and modified spacing to match yours, and still no change.
>
> What the hell. Copied your text file to /var/named.zone, and still no change.
>
> Reran david.txt test and now it fails. I am sooo lucky. :(
>
> I have no idea what causes the failure.

Most likely whatever method is being used to edit the file is putting in tabs
again. bind does not allow tabs in any of it's config files. The spacing seems
to be critical too.

> You mentioned only change to /etc/named.conf was append zones.

I have other changes as I originally setup bind to use for ad blocking when
my /etc/hosts files exceeded 32KB or whatever the limit was at that time.

> Running cauldron release 9 and "systemctl restart named" complained about no
> rndc_key so I modified my named_changes script to fold in rndc changes.

$ ll /etc/rndc.key
-rw-r----- 1 root named 259 Mar 10 2016 /etc/rndc.key

My rndc.key file was created in 2016, which was pre-systemd for Mageia. The bind
scripts have been simplified quite a bit with the changes to systemd, but the
creation of the rndc made slightly more complicated. I don't recall having to
manually do anything to create it, so either that was done automatically or I've
just forgotten about it.
$ systemctl status named-setup-rndc.service|head -n 2
● named-setup-rndc.service - Generate rndc key for BIND (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-setup-rndc.service; static)

As a static service, it runs on every boot or when manually started unless the
service is masked.

I hadn't tested bind yet on Mageia 9. Found a bug that I've reported.
https://bugs.mageia.org/show_bug.cgi?id=31264
with a fix suggested.

With that fix it works, and then named.service starts ok, though at
this point without any changes from it's defaults.

Let's take this discussion to the Mageia discuss mailing list or private
email as the rest is likely only going to impact Mageia users.

Regards, Dave Hodgins

[Thomas Zajic]

* Bit Twister <BitTw...@mouse-potato.com>

> > zone "home" IN {
> > type master;
> > file "home.zone";
> > allow-update { none; };
> > };

Here you're telling BIND that the name of the zone is "home", and the data
for the zone "home" is in the "home.zone" file. However, in the actual file
there's only data for a zone called "home.test". This is a mismatch, and
this is what the check commands tell you.

Either change the zone data in home.zone to "home" (without the ".test"
appended, ie. "$ORIGIN home."), or change the named.conf line to read
'zone "home.test" IN {'.

HTH
Thomas
--
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic <zla...@gmx.at> Linux-5.15 & slrn-1.0.3a -
- "In layman's terms: speedy thing goes in, speedy thing comes out." -
=-------------------------------------------------------------------------=

[Bit Twister]

On Tue, 13 Dec 2022 05:55:32 +0100, Thomas Zajic wrote:
> * Bit Twister <BitTw...@mouse-potato.com>
>
>> > zone "home" IN {
>> > type master;
>> > file "home.zone";
>> > allow-update { none; };
>> > };
>
> Here you're telling BIND that the name of the zone is "home", and the data
> for the zone "home" is in the "home.zone" file. However, in the actual file
> there's only data for a zone called "home.test". This is a mismatch, and
> this is what the check commands tell you.
>
> Either change the zone data in home.zone to "home" (without the ".test"
> appended, ie. "$ORIGIN home."), or change the named.conf line to read
> 'zone "home.test" IN {'.

We need to backup a bit. I have no ideal what zone names is to be used. Some
background follows: I have a script to read /etc/hosts and create the zone files.
Snippets from /etc/hosts follow:
67.10.190.81 chris.home.test chris

169.254.1.1 tunermtv.tuner.test tunermtv
169.254.1.26 HDHR-103D35E3.tuner.test homerun1
169.254.1.27 HDHR-107BF790.tuner.test homerun2
169.254.1.100 tunertbgw.tuner.test tuner-tb-gateway
169.254.1.200 tunermtvgw.tuner.test tuner-mtv-gateway
169.254.1.200 tunertb.tuner.test tunertb

192.168.15.1 voipwp.voip.test voip-webpg
192.168.15.135 voip.voip.test voip
192.168.15.135 voip.voip.test voip-wb-gateway

192.168.50.1 myrtr.home.test home-router-lan
192.168.50.100 tb.home.test tb
192.168.50.132 wb.home.test wb

I assumed a new zone and reverse file is required for each of the above sections.

If so what would/should SOA lines look like. Currently I have:

$ grep SOA *.zone *.reversed
home.reversed:254.168.192.in-addr.arpa. IN SOA wb.home.test. (
home.zone:home. IN SOA home.test. (
tuner.reversed:1.254.169.in-addr.arpa. IN SOA wb.home.test. (
tuner.zone:tuner IN SOA home.test. (
voip.reversed:15.168.192.in-addr.arpa. IN SOA wb.home.test. (
voip.zone:voip. IN SOA home.test. (

For example I get
# named-checkzone tuner tuner.zone
zone tuner/IN: NS 'wb.tuner' has no address records (A or AAAA)
zone tuner/IN: not loaded due to errors.

[Thomas Zajic]

* Bit Twister <BitTw...@mouse-potato.com>

> We need to backup a bit. I have no ideal what zone names is to be used. Some
> background follows: I have a script to read /etc/hosts and create the zone files.
> Snippets from /etc/hosts follow:

> [...]

> I assumed a new zone and reverse file is required for each of the above sections.

This is something you can decide on your own. You could have one single zone "test",
and then have entries like ...

$ORIGIN test.

tunermtv.tuner IN A 169.254.1.1
HDHR-103D35E3.tuner IN A 169.254.1.26

voipwp.voip IN A 192.168.15.1
voip.voip IN A 192.168.15.135

tb.home IN A 192.168.50.100
wb.home IN A 192.168.50.132

... in it, or you can split it into different zones and zone files, which would
then only contain their respective entries, like zone "tuner.test" containing ...

$ORIGIN tuner.test.

tunermtv IN A 169.254.1.1
HDHR-103D35E3 IN A 169.254.1.26

..., zone "voip.test" containing ...

$ORIGIN voip.test.

voipw IN A 192.168.15.1
voip IN A 192.168.15.135

..., zone "home.test" containing ...

$ORIGIN home.test.

tb IN A 192.168.50.100
wb IN A 192.168.50.132

... and so on. The important thing is that the zone names in named.conf
have to match/correspond to the hostnames or hostname parts that are
listed in the zone file. Basically, the 'zone "whatever"' statement
in named.conf has to match the "$ORIGIN whatever." statement in the
actual zone file. (Okay, so this is not 100% true. You can also
switch back and forth between different "$ORIGIN" values in a single
zone file to save you some repetitive typing work, but this would
only complicate matters for the simple example at hand ;-)).

> If so what would/should SOA lines look like. Currently I have:

> [...]

What does SOA have to do with the contents of the zone file? The SOA
only tells you who the authoritative name server for that zone is, but
that does not necessarily have to be a name server in that same zone
(although it usually is). You could also have, for example, ...

this.zone. IN SOA ns.other.zone. hostmaster.third.zone.

... and all would be well, provided that "ns.other.zone" and "third.zone"
can be resolved properly, and DNS clients would know that they have to
ask "ns.other.zone" for authoritative DNS data on "this.zone".

> [...]

> For example I get
> # named-checkzone tuner tuner.zone
> zone tuner/IN: NS 'wb.tuner' has no address records (A or AAAA)
> zone tuner/IN: not loaded due to errors.

This error message is totally meaningless without knowing the actual
full contents of the zone file, I'm afraid.

[Bit Twister]

All right, making some progress.

wb.home.test is the named server node name.

# named-checkzone home.test. /var/named/local/home.zone
zone home.test/IN: loaded serial 2022121601
OK
zone home.test/IN: final reference detached

# cat /var/named/local/home.zone
;* ************************************************ */
;* /var/named/local/home.zone */
;* Created by /local/bin/set_home_zones Fri 16 Dec 21:24 2022 */
;* REF: https://www.isc.org/bind/ */
;* REF: hhttps://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
;* ************************************************ */
;$ORIGIN home.test
$TTL 1D
home.test. IN SOA wb.home.test. (
hostmaster.wb.home.test. ; address of responsible party
2022121601 ; Serial num yyymmddnn

1D ; Refresh
6H ; Retry
1W ; Expire

1H ) ; Minimum TTL
; DNS Servers
NS wb
localhost A 127.0.0.1
;

; also list other Machine Names

mail A 127.0.0.2
;news IN CNAME wb.home.test.

home-router-lan IN A 192.168.50.1

tb IN A 192.168.50.100
wb IN A 192.168.50.132

wb1 IN A 192.168.50.133
wb4 IN A 192.168.50.140
ptr IN A 192.168.50.190
scanner IN A 192.168.50.190
webcam4 IN A 192.168.50.195
webcam3 IN A 192.168.50.196
webcam2 IN A 192.168.50.197
webcam IN A 192.168.50.198
mtv IN A 192.168.50.200
; end of /var/named/local/home.zone

Using your separate zone examples
all my SOA errors disappeared. But not making any more headway.
For example:

# named-checkzone voip.test. /var/named/local/voip.zone
zone voip.test/IN: has no NS records
zone voip.test/IN: not loaded due to errors.
zone voip.test/IN: final reference detached


# cat /var/named/local/voip.zone
;* ************************************************ */
;* /var/named/local/voip.zone */
;* Created by /local/bin/set_home_zones Fri 16 Dec 21:24 2022 */
;* REF: https://www.isc.org/bind/ */
;* REF: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
;* ************************************************ */
$ORIGIN voip.test.
$TTL 1D
@ IN SOA wb.home.test. (
hostmaster.wb.home.test. ; address of responsible party
2022121601 ; Serial num yyymmddnn

1D ; Refresh
6H ; Retry
1W ; Expire

1H ) ; Minimum TTL
; DNS Servers
; NS wb.home.test
localhost A 127.0.0.1
;

; also list other Machine Names

mail A 127.0.0.2
;news IN CNAME wb.home.test.

voip-wb4-gateway IN A 192.168.1.135
voip-webpg IN A 192.168.15.1
voip IN A 192.168.15.135
voip-wb-gateway IN A 192.168.15.135
; end of /var/named/local/voip.zone

[David W. Hodgins]

On Fri, 16 Dec 2022 23:36:03 -0500, Bit Twister <BitTw...@mouse-potato.com> wrote:
> # named-checkzone voip.test. /var/named/local/voip.zone
> zone voip.test/IN: has no NS records

My working zone, just showing one of the A records.

$ORIGIN homeip.net.
$TTL 1D
; any time you make a change to the domain, bump the
; "serial" setting below. the format is easy:
; YYYYMMDDI, with the I being an iterator in case you
; make more than one change during any one day
@ IN SOA hodgins hostmaster (
201201021 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ) ; minimum
; hodgins.homeip.net serves this domain as both the
; name server (NS) and mail exchange (MX)
NS hodgins
MX 10 hodgins
; just in case someone asks for localhost.homeip.net
localhost A 127.0.0.1
; our hostnames, in alphabetical order
hodgins A 192.168.10.101

Note the NS and MX records showing which machine is running named, and
where mail is sent.

Regards, Dave Hodgins

[Bit Twister]

On Fri, 16 Dec 2022 23:49:51 -0500, David W. Hodgins wrote:
> On Fri, 16 Dec 2022 23:36:03 -0500, Bit Twister <BitTw...@mouse-potato.com> wrote:
>> # named-checkzone voip.test. /var/named/local/voip.zone
>> zone voip.test/IN: has no NS records
>
> My working zone, just showing one of the A records.
> $ORIGIN homeip.net.
> $TTL 1D
> ; any time you make a change to the domain, bump the
> ; "serial" setting below. the format is easy:
> ; YYYYMMDDI, with the I being an iterator in case you
> ; make more than one change during any one day
> @ IN SOA hodgins hostmaster (
> 201201021 ; serial
> 8H ; refresh
> 4H ; retry
> 4W ; expire
> 1D ) ; minimum
> ; hodgins.homeip.net serves this domain as both the
> ; name server (NS) and mail exchange (MX)
> NS hodgins
> MX 10 hodgins

What is the 10 on the MX entry?

[David W. Hodgins]

On Sat, 17 Dec 2022 00:41:59 -0500, Bit Twister <BitTw...@mouse-potato.com> wrote:
> What is the 10 on the MX entry?

From https://arstechnica.com/gadgets/2020/08/understanding-dns-anatomy-of-a-bind-zone-file/
"numeric priority of the mailserver in this specific record. Lower numbers mean
higher priority. When multiple SMTP servers are available for a domain, you'll see
multiple MX records as well, each with a different priority. In theory, higher
priority mailservers should always be tried first, and lower priority mailservers
only tried if the higher priority server fails.".

Regards, Dave Hodgins

[Bit Twister]

Well frap, I can not see the forest for the trees in the way. :(

The systemctl status named seems to indicate line 36 and 37 is at fault. Why not
any of the previous lines? The reverse lines are from the same printf statement
reading /etc/hosts.

# systemctl status named
Dec 17 06:05:55 bash[1128670]: /var/named/local/home.reversed:36: ignoring out-of-zone data (198.254.168.192.in-addr.arpa)
Dec 17 06:05:55 bash[1128670]: /var/named/local/home.reversed:37: ignoring out-of-zone data (200.254.168.192.in-addr.arpa)
Dec 17 06:05:55 wb.home.test bash[1128670]: zone 50.168.192.in-addr.arpa/IN: has 0 SOA records
Dec 17 06:05:55 wb.home.test bash[1128670]: zone 50.168.192.in-addr.arpa/IN: has no NS records
Dec 17 06:05:55 wb.home.test bash[1128670]: zone 50.168.192.in-addr.arpa/IN: not loaded due to errors.

Tried with and without the IN keyword for lines 20 through 37.

# cat -n home.reversed
1 ;* ************************************************ */
2 ;* /var/named/local/home.reversed */
3 ;* Created by /local/bin/set_home_zones Sat 17 Dec 06:05 2022 */
4 ;* REF: https://www.isc.org/bind/ */
5 ;* REF: https://www.apnic.net/about-apnic/corporate-documents/documents/resource-guidelines/reverse-zones/ */
6 ;* REF: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
7 ;* REF: https://arstechnica.com/gadgets/2020/08/understanding-dns-anatomy-of-a-bind-zone-file/*/
8 ;* ************************************************ */
9 $ORIGIN 254.168.192.in-addr.arpa.
10 $TTL 86400
11 @ IN SOA wb.home.test. (
12 hostmaster.wb.home.test. ; address of responsible party
13 2022121701 ; Serial num yyymmddnn
14 8H ; Refresh
15 4H ; Retry
16 1W ; Expire
17 1D ) ; Minimum TTL
18 ;
19 ; wb.home.test serves this domain as both the
20 ; name server (NS) and mail exchange (MX)
21 ; define the authoritative name server
22 IN NS wb.home.test.
23 ; our hosts, in numeric order
24 132 IN PTR wb.home.test.
25 ; Machine Ip addresses
26 1 IN PTR myrtr.home.test.
27 100 IN PTR tb.home.test.
28 132 IN PTR wb.home.test.
29 133 IN PTR wb1.home.test.
30 140 IN PTR wb4.home.test.
31 190 IN PTR ptr.home.test.
32 190 IN PTR scr.home.test.
33 195 IN PTR webcam4.wcams.test.
34 196 IN PTR webcam3.wcams.test.
35 197 IN PTR webcam2.wcams.test.
36 198 IN PTR webcam.wcams.test.
37 200 IN PTR mtv.home.test.
38 ; end of /var/named/local/home.reversed

[David W. Hodgins]

Reverse is different than zone.
# head -n 16 /var/named/myreverse
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 1D

@ IN SOA hodgins.homeip.net. hostmaster.homeip.net. (
200405190 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)

; define the authoritative name server

NS hodgins.homeip.net.

; our hosts, in numeric order

2 PTR x3.hodgins.homeip.net.
14 PTR x8t.hodgins.homeip.net.

101 PTR hodgins.homeip.net.
101 PTR rp4.hodgins.homeip.net.

Note that spacing is strict. Do not use tabs. Yes, I intentionally have two
hostnames for 192.168.10.101.

Regards, Dave Hodgins

[Bit Twister]

Damn. I look at your setting and it looks soooo easy to implement yet
I get this


Snipped the Dec 20 21:09:24 wb1.home.arpa bash[17316]:
from the following systemctl status named output for easier readability:

: /var/named/local/voip.zone:34: ignoring out-of-zone data (voip-wb1-gateway.voip.arpa)
: /var/named/local/voip.zone:35: ignoring out-of-zone data (voip-wb-gateway.voip.arpa)
: zone voip/IN: has 0 SOA records
: zone voip/IN: has no NS records
: zone voip/IN: not loaded due to errors.
: _default/voip/IN: bad zone

Be careful about the file, Several lines are commented out with ;
because they were causing problems.

# cat -n /var/named/local/voip.zone
1 ;* ************************************************ */
2 ;* /var/named/local/voip.zone */
3 ;* Created by /local/bin/set_home_zones Tue 20 Dec 21:09 2022 */
4 ;* REF: https://www.isc.org/bind/ */
5 ;* REF: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
6 ;* ************************************************ */
7 $ORIGIN voip.arpa.
8 $TTL 1D
9 @ IN SOA wb1.home.arpa (
10 hostmaster.wb1.home.arpa ; address of responsible party
11 2022122001 ; Serial num yyymmddnn
12 1D ; Refresh
13 6H ; Retry
14 1W ; Expire
15 1H ) ; Minimum TTL
16 ; wb1.home.arpa serves this domain as both the
17 ; name server (NS) and mail exchange (MX)
18 ; DNS Servers
19 NS wb1.home.arpa
20 ; just in case someone asks for localhost.home.arpa
21 ; IN NS wb1.home.arpa.
22 ; MX 10 mail.home.arpa.
23 ;ns1 IN A ns1.home.arpa.
24 ;localhost IN A 127.0.0.1.
25 ;mail IN A 127.0.0.2.
26 ;ns1 IN A 127.0.0.3.
27 ;
28 ; also list other Machine Names
29 mail IN A 127.0.0.2
30 ;news IN CNAME wb1.home.arpa.
31 voip-wb4-gateway A 192.168.1.135
32 voip-webpg A 192.168.15.1
33 voip A 192.168.15.135
34 voip-wb1-gateway A 192.168.15.135
35 voip-wb-gateway A 192.168.15.135
36 ; end of /var/named/local/voip.zone

No idea why lines 34 and 35 were kicked out, yet line 31 made the cut.

Input to create the viop stuff

# grep voip /etc/hosts
192.168.1.135 voipwb4.voip.arpa voip-wb4-gateway
192.168.15.1 voipwp.voip.arpa voip-webpg
192.168.15.135 voip.voip.arpa voip
192.168.15.135 voip.voip.arpa voip-wb1-gateway
192.168.15.135 voip.voip.arpa voip-wb-gateway

[Thomas Zajic]

* Bit Twister <BitTw...@mouse-potato.com>

> : /var/named/local/voip.zone:34: ignoring out-of-zone data (voip-wb1-gateway.voip.arpa)
> : /var/named/local/voip.zone:35: ignoring out-of-zone data (voip-wb-gateway.voip.arpa)
> : zone voip/IN: has 0 SOA records
> : zone voip/IN: has no NS records
> : zone voip/IN: not loaded due to errors.
> : _default/voip/IN: bad zone

You have a syntax error in your SOA record in all of your zones,
AFAICT. The hostmaster address is supposed to come *before* the
opening "(" bracket, not after/within.

The "has 0 SOA records" and "has no NS records" tells you that
there is something wrong with it (though I wonder why BIND does
not complain and refuse to load the zone at all, TBH).

[...]

So instead of ...

> 9 @ IN SOA wb1.home.arpa (
> 10 hostmaster.wb1.home.arpa ; address of responsible party
> 11 2022122001 ; Serial num yyymmddnn
> 12 1D ; Refresh
> 13 6H ; Retry
> 14 1W ; Expire
> 15 1H ) ; Minimum TTL

... it should read

> 9 @ IN SOA wb1.home.arpa hostmaster.wb1.home.arpa (

> 11 2022122001 ; Serial num yyymmddnn
> 12 1D ; Refresh
> 13 6H ; Retry
> 14 1W ; Expire
> 15 1H ) ; Minimum TTL

[Bit Twister]

On Thu, 22 Dec 2022 07:25:01 +0100, Thomas Zajic wrote:
> * Bit Twister <BitTw...@mouse-potato.com>
>
>> : /var/named/local/voip.zone:34: ignoring out-of-zone data (voip-wb1-gateway.voip.arpa)
>> : /var/named/local/voip.zone:35: ignoring out-of-zone data (voip-wb-gateway.voip.arpa)
>> : zone voip/IN: has 0 SOA records
>> : zone voip/IN: has no NS records
>> : zone voip/IN: not loaded due to errors.
>> : _default/voip/IN: bad zone
>
> You have a syntax error in your SOA record in all of your zones,
> AFAICT. The hostmaster address is supposed to come *before* the
> opening "(" bracket, not after/within.
>
> The "has 0 SOA records" and "has no NS records" tells you that
> there is something wrong with it (though I wonder why BIND does
> not complain and refuse to load the zone at all, TBH).

Thanks to everyone who replied to this thread.

"has no NS records" was because of missing trailing . in SOA lines

where I put hostmaster was just one of the attempted fixes.
Where I have placed it came from one of the references.
Also made it kinda handy to provide a comment for what it is for.

The main problem all along was the no NS records error.

I just now have it running on three nodes and was about to
do the overhaul here and I thought I would check Usenet for
updates in thread.

SOLUTION was to create a "IN NS" line in all zone and reversed files.
Here is a line numbered copy of my working tb voip files.

cat -n /var/named/local/voip.zone
1 ;* ************************************************ */
2 ;* /var/named/local/voip.zone */

3 ;* Created by /local/bin/set_home_zones Thu 22 Dec 01:28 2022 */
4 ;* from grep "voip" /etc/hosts
5 ; build_zones 192 168 15
6 ;* REF: https://www.isc.org/bind/ */
7 ;* REF: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
8 ;* ************************************************ */
9 $ORIGIN voip.arpa.
10 $TTL 1D
11 @ IN SOA tb.home.arpa. (
12 hostmaster.tb.home.arpa ; address of responsible party
13 2022122201 ; Serial num yyymmddnn
14 1D ; Refresh
15 6H ; Retry
16 1W ; Expire
17 1H ) ; Minimum TTL
18 ; DNS Servers
19 @ IN NS ns1.home.arpa.

20 ; just in case someone asks for localhost.home.arpa
21 ;

22 ; also list other Machine Names
23 mail IN A 127.0.0.2
24 voip-wb4-gateway A 192.168.1.135
25 voip-webpg A 192.168.15.1
26 voip-wb-gateway A 192.168.15.135
27 voip A 192.168.15.135
28 ; end of /var/named/local/voip.zone

cat -n /var/named/local/voip.reversed
1 ;* ************************************************ */
2 ;* /var/named/local/voip.reversed */
3 ;* Created by /local/bin/set_home_zones Thu 22 Dec 01:28 2022 */
4 ;* from grep voip /etc/hosts
5 ; build_zones 192 168 15 135 voip voip arpa voip
6 ;* REF: https://www.isc.org/bind/ */
7 ;* REF: https://www.apnic.net/about-apnic/corporate-documents/documents/resource-guidelines/reverse-zones/ */
8 ;* REF: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-14-04*/
9 ;* REF: https://arstechnica.com/gadgets/2020/08/understanding-dns-anatomy-of-a-bind-zone-file/*/
10 ;* ************************************************ */
11 $ORIGIN 15.168.192.in-addr.arpa.
12 $TTL 86400
13 @ IN SOA tb.home.arpa. (
14 hostmaster.tb.home.arpa. ; address of responsible party
15 2022122201 ; Serial num yyymmddnn
16 8H ; Refresh
17 4H ; Retry
18 1W ; Expire
19 1D ) ; Minimum TTL
20 ;
21 ; define the authoritative name server
22 @ IN NS ns1.home.arpa.
23 ; our hosts, in numeric order
24 135 PTR voipwb4.voip.arpa.
25 1 PTR voipwp.voip.arpa.
26 135 PTR voip-wb.voip.arpa.
27 135 PTR voip.voip.arpa.
28 ; end of /var/named/local/voip.reversed