named error: expected prefix length near '4'
Benu
the named.conf until it is barebones but the error persists. How do I
determine what is being referenced as '4'?
---------/var/log/messages---------
starting BIND 9.2.3 -u named -t /var/named/chroot
using 1 CPU
named startup succeeded
loading configuration from '/etc/named.conf'
/etc/named.conf:2: expected prefix length near '4,'
loading configuration: unexpected token
exiting (due to fatal error)
---------/etc/named.conf------------
// generated by named-bootconf.pl
options {
directory "/var/named";
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/rndc.key";
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
Thank
Benu
David Botham
> When this message appeared in /var/log/messages, I removed lines in
> the named.conf until it is barebones but the error persists. How do I
> determine what is being referenced as '4'?
>
> ---------/var/log/messages---------
> starting BIND 9.2.3 -u named -t /var/named/chroot
I noticed that you are running named in a chroot jail. What is the
absolute path of the named.conf file below?
If it is /etc/named.conf and not /var/named/chroot/etc/named.conf then you
are editing the wrong file.
You should be editing /var/named/chroot/etc/named.conf.
Thanks,
Dave...
Benu
Thanks
David Botham <DBo...@OptimusSolutions.com> wrote in message news:<cjs3nd$3ld$1...@sf1.isc.org>...
Benu
DNS and get it up and running on my linux box. I have read and re-read
Bind 9 administrator guide (daily), BIND FAQS, and various posts on
the net. Now, I am at the point where I am no longer certain of
anything.
I have a homenetwork with three machines (Fedora Core 2, XP, and
Win2K) using a Belkin router on a Cable Network (Dynamic IP). I
urgently need to move a website from a hosting service.
To prepare for the move of the website, I have been testing my DNS
configuration with a parked domain (rescue911design.com) and free
domain (benu.widge.net) before addressing the live site.
Currently, all seems to be working internally, but I have sporadic
success serving the internal network while accessing the internet.
What have been particularly confusing to me is: there is root domain
information in the cache and a dig command with +norec correctly looks
up the A records for various hosts. I do not understand why the dig
and host commands returns SERVFAIL when the data is in the cache for
the homelan view.
All files passed named-checkconf, and named-checkzone, there are no
complaints in /var/log/messages or audit_log. My configuration files
are:
--/etc/named.conf
// generated by named-bootconf.pl
acl my-nets {
192.168.2.0/24;
127.0.0.1/24;
localhost;
};
acl xfer {
none;
};
acl external-ns {
68.105.161.20; //Cable NS1
68.1.18.25; //Cable NS2
};
acl bogus-net3 {
208.0.0.0/4;
200.0.0.0/5;
196.0.0.0/6;
194.0.0.0/7;
193.0.0.0/8;
};
acl bogus-net2 {
0.0.0.0/3;
16.0.0.0/3;
64.0.0.0/3;
96.0.0.0/3;
128.0.0.0/3;
160.0.0.0/3;
};
acl bogus-net1 {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
192.0.2.0/24;
224.0.0.0/3;
10.0.0.0/8;
172.16.0.0/16;
};
logging {
[snip]
};
options {
blackhole {
bogus-net1;
bogus-net2;
bogus-net3;
};
directory "/var/named/";
cleaning-interval 30;
allow-query { "my-nets"; "external-ns"; };
allow-recursion { "my-nets"; };
forward first;
forwarders {
68.105.161.20; //Cable NS1
68.1.18.25; //Cable NS2
};
minimal-responses no;
//notify no;
//query-source address * port 53;
transfer-format many-answers;
version "Guess";
zone-statistics yes;
};
controls {
inet 127.0.0.1 allow {
127.0.0.1;
}
keys {
rndckey;
};
};
include "/etc/rndc.key";
view "homelan" {
additional-from-auth yes;
additional-from-cache yes;
match-clients { "my-nets"; };
recursion yes;
zone "2.168.192.in-addr.arpa" in {
type master;
file "2.168.192.in-addr.arpa.hosts";
allow-query { localnets; };
allow-transfer { localnets; };
forwarders { };
};
zone "blkdiamonds.lan" in {
type master;
file "blkdiamonds.lan.hosts";
allow-query { localnets; };
allow-transfer { localnets; };
};
zone "localhost" in {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "0.0.127.in-addr.arpa.hosts";
allow-query { localnets; };
allow-transfer { xfer; };
notify no;
};
};
view "external-nets" {
additional-from-auth no;
additional-from-cache no;
match-clients { any; };
recursion no;
zone "benu.widge.net" in {
type slave;
file "benu.widge.net.hosts";
masters { 64.49.244.135; 66.216.81.145; };
notify yes;
};
zone "rescue911design.com" {
type slave;
file "rescue911design.com.hosts";
masters { 64.202.167.129; };
notify yes;
};
};
view "external-chaos" chaos {
match-clients { any; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "bind.hosts";
allow-query { "my-nets"; };
allow-transfer { "xfer"; };
};
};
--0.0.127.in-addr.arpa.hosts
$TTL 86400
@ IN SOA ns1.blkdiamonds.lan. root.blkdiamonds.lan. (
200410104 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
IN NS ns1.blkdiamonds.lan.
1 IN PTR localhost.
--2.168.192.in-addr.arpa.hosts
$TTL 86400 ; 1 day
@ IN SOA ns1.blkdiamonds.lan. root.blkdiamonds.lan. (
2004101001 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS ns1.blkdiamonds.lan.
;
1 PTR gw.blkdiamonds.lan
2 PTR ftp.blkdiamonds.lan.
PTR ns1.blkdiamonds.lan.
PTR www.blkdiamonds.lan.
PTR roxie.blkdiamonds.lan.
--benu.widge.net.hosts
$ORIGIN .
$TTL 259200 ; 3 days
benu.widge.net. IN SOA ns1.widge.net. root.benu.widge.net. (
200410103 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns1.widge.net.
NS ns1.blkdiamonds.lan.
MX 10 mail.benu.widge.net.
$ORIGIN benu.widge.net.
$TTL 259200 ; 3 days
ftp CNAME ns1
gw A 192.168.2.1
HINFO "Belkin" "BEF"
TXT "The router"
localhost A 127.0.0.1
mail CNAME ns1
ns1 A 192.168.2.2
HINFO "Pentium" "Fedora 2.0"
MX 10 mail
www CNAME ns1
--bind.hosts
; @(#)db.bind v1.2 25 JAN 2001 Rob Thomas ro...@cymru.com
;
$TTL 1D
@ 1D CHAOS SOA localhost. root.localhost. (
2004100601 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
CHAOS NS localhost.
version.bind. CHAOS TXT "BIND 9.1.3+robhacks"
authors.bind. CHAOS TXT "are better coders than I. :)"
--blkdiamonds.lan.hosts
$ORIGIN .
$TTL 259200 ; 3 days
blkdiamonds.lan. IN SOA ns1.blkdiamonds.lan. root.blkdiamonds.lan. (
200410103 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
NS ns1.blkdiamonds.lan.
MX 10 mail.blkdiamonds.lan.
$ORIGIN blkdiamonds.lan.
$TTL 21600 ; 6 hours
4X7II6FO4Y A 192.168.2.140
$TTL 259200 ; 3 days
ftp CNAME ns1
gw A 192.168.2.1
HINFO "Belkin" "BEF"
TXT "The router"
localhost A 127.0.0.1
mail CNAME ns1
ns1 A 192.168.2.2
HINFO "Pentium" "Fedora 2.0"
MX 10 mail
www CNAME ns1
--rescue911design.com.hosts
;
; Zone file rescue911design.com
$TTL 3D
rescue911design.com. IN SOA ns1.rescue911design.com.
root.rescue911design.com. (
200410101 ; serial, todays date + todays
serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
NS ns1 ; Inet Address of name server
NS part5.secureserver.net.
NS part6.secureserver.net.
MX 10 mail ; Primary Mail Exchanger
;
ns1 A 192.168.2.2
MX 10 mail
HINFO "Pentium" "Fedora 2.0"
www CNAME ns1
mail CNAME ns1
ftp CNAME ns1
localhost A 127.0.0.1
gw A 192.168.2.1
HINFO "Belkin" "BEF"
TXT "The router"
--/etc/resolv.conf
search blkdiamonds.lan
domain blkdiamonds.lan
nameserver 192.168.2.2
nameserver 68.105.161.20 //ISP DSN
--/etc/resolv.conf2
search blkdiamonds.lan
domain blkdiamonds.lan
nameserver 127.0.0.1
nameserver 192.168.2.2
I will greatly appreciate a nudge in the right direction.
Benu
Barry Margolin
wrote:
> I have been worked religiously for the past four weeks to understand
> DNS and get it up and running on my linux box. I have read and re-read
> Bind 9 administrator guide (daily), BIND FAQS, and various posts on
> the net. Now, I am at the point where I am no longer certain of
> anything.
>
> I have a homenetwork with three machines (Fedora Core 2, XP, and
> Win2K) using a Belkin router on a Cable Network (Dynamic IP). I
> urgently need to move a website from a hosting service.
>
> To prepare for the move of the website, I have been testing my DNS
> configuration with a parked domain (rescue911design.com) and free
> domain (benu.widge.net) before addressing the live site.
>
> Currently, all seems to be working internally, but I have sporadic
> success serving the internal network while accessing the internet.
> What have been particularly confusing to me is: there is root domain
> information in the cache and a dig command with +norec correctly looks
> up the A records for various hosts. I do not understand why the dig
> and host commands returns SERVFAIL when the data is in the cache for
> the homelan view.
Could you provide some example queries that fail?
If you try to look up something in rescue911design.com or benu.widge.net
from your homelan, it won't use the data from the zone files, it should
forward to the ISP nameservers. This is because you only list these
zones in the external-nets view.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
Ronan Flood
Where did you get the interesting list of address blocks in bogus-net2
and bogus-net3? I'm currently sitting within 128.86/16 (and therefore
within 128/3), and it most certainly isn't bogus.
Also, 64.0.0.0/3 will include 68.105.161.20 and 68.1.18.25, your
"external-ns" machines which are also your forwarders, so you
appear to be blackholing them!
> acl bogus-net1 {
> 0.0.0.0/8;
> 1.0.0.0/8;
> 2.0.0.0/8;
> 192.0.2.0/24;
> 224.0.0.0/3;
> 10.0.0.0/8;
> 172.16.0.0/16;
> };
>
> logging {
> [snip]
> };
>
> options {
> blackhole {
> bogus-net1;
> bogus-net2;
> bogus-net3;
> };
> directory "/var/named/";
> cleaning-interval 30;
> allow-query { "my-nets"; "external-ns"; };
> allow-recursion { "my-nets"; };
> forward first;
> forwarders {
> 68.105.161.20; //Cable NS1
> 68.1.18.25; //Cable NS2
> };
--
Ronan Flood <R.F...@noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)