confused about ORIGIN and also named-checkzone

I moved a server to using named and manage it in the shell, I used to
use a desktop app that did it for me.

In the process, when I edit a zone, I will push it throug the below
command, to clean it up, and then I delete the first line, and last
line in the output of the zone, and reload rndc

named-checkzone -D -s relative example.com example.com-hosts

It adds in $ORIGIN lines, which I am not sure entirely what they are
for, at least, not in the way it is adding them in. Here is an
example zone, that works now

$TTL 86400
@ 86400 IN SOA ns1.my-company.com. scott.my-
company.com. 2008033103 28800 7200 604800 7200
@ IN NS ns1.my-company.com.
captain.rustall.com IN A 127.0.0.2 ;Whitelist
for winnow
lists.mysql.com IN A
127.0.0.2 ;lists.mysql.com
12.153.224.55 IN A 127.0.0.2 ;Etrade.com
messaging.nextel.com IN A
127.0.0.2 ;messaging.nextel.com
moveon.org IN A 127.0.0.2
gmail.com IN A 127.0.0.2
dotster.com IN A 127.0.0.2
ebay.com IN A 127.0.0.2
stmproducts.com IN A
127.0.0.2 ;stmproducts.com is on dynamic
returns.groups.yahoo.com IN A 127.0.0.2 ;yahoo groups
chopra.com IN A 127.0.0.2 ;they hit a
spamtrap
barebones.com IN A 127.0.0.2
202.128.20.175 IN A
127.0.0.2 ;endtimeprophecy.org - Wordweaver

After I run it through named-checkzone with -D and -s, relative, I get
the below output, which does not make sense. If $ORIGIN sets a base
of all below it, then it seems wrong to me...

$ORIGIN .
$TTL 86400 ; 1 day
wl.my-company IN SOA ns1.my-company.com. scott.my-company.com. (
2008103000 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
7200 ; minimum (2 hours)
)
NS ns1.my-company.com.
NS ns1.nacio.com.

$ORIGIN wl.my-company.com.
202.128.20.175 A 127.0.0.2
12.153.224.55 A 127.0.0.2

$ORIGIN com.wl.my-company.com.
barebones A 127.0.0.2
chopra A 127.0.0.2
constantcontact A 127.0.0.2
dotster A 127.0.0.2
ebay A 127.0.0.2
gmail A 127.0.0.2
lists.mysql A 127.0.0.2
messaging.nextel A 127.0.0.2
captain.rustall A 127.0.0.2
stmproducts A 127.0.0.2
returns.groups.yahoo A 127.0.0.2
$ORIGIN wl.my-company.com.
moveon.org A 127.0.0.2

I hope I am reading this wrong, or I just fubar'd a whole bunch of
zones

Thanks for any guidance
--
Scott

In article ,
Scott Haneda wrote:

> I moved a server to using named and manage it in the shell, I used to
> use a desktop app that did it for me.
>
> In the process, when I edit a zone, I will push it throug the below
> command, to clean it up, and then I delete the first line, and last
> line in the output of the zone, and reload rndc
>
> named-checkzone -D -s relative example.com example.com-hosts

Based on your example below, I think you specified the zone
wl.my-company.com, not example.com.

>
> It adds in $ORIGIN lines, which I am not sure entirely what they are
> for, at least, not in the way it is adding them in. Here is an
> example zone, that works now

They're used because you specified "-s relative". This always generates
single-component owner names, and uses $ORIGIN to specify the suffix.

>
> $TTL 86400
> @ 86400 IN SOA ns1.my-company.com. scott.my-
> company.com. 2008033103 28800 7200 604800 7200
> @ IN NS ns1.my-company.com.
> captain.rustall.com IN A 127.0.0.2 ;Whitelist
> for winnow
> lists.mysql.com IN A
> 127.0.0.2 ;lists.mysql.com
> 12.153.224.55 IN A 127.0.0.2 ;Etrade.com
> messaging.nextel.com IN A
> 127.0.0.2 ;messaging.nextel.com
> moveon.org IN A 127.0.0.2
> gmail.com IN A 127.0.0.2
> dotster.com IN A 127.0.0.2
> ebay.com IN A 127.0.0.2
> stmproducts.com IN A
> 127.0.0.2 ;stmproducts.com is on dynamic
> returns.groups.yahoo.com IN A 127.0.0.2 ;yahoo groups
> chopra.com IN A 127.0.0.2 ;they hit a
> spamtrap
> barebones.com IN A 127.0.0.2
> 202.128.20.175 IN A
> 127.0.0.2 ;endtimeprophecy.org - Wordweaver
>
> After I run it through named-checkzone with -D and -s, relative, I get
> the below output, which does not make sense. If $ORIGIN sets a base
> of all below it, then it seems wrong to me...

Your original file defines names that don't end in ".", so they're
assumed to be in the zone you specified in the named.conf file (or on
the command line when using named-checkzone). E.g.

gmail.com IN A 127.0.0.2

is short for

gmail.com.wl.my-company.com. IN A 127.0.0.2

Then because you specified relative syntax, it becomes:

$ORIGIN com.wl.my-company.com.
gmail IN A 127.0.0.2.

>
> $ORIGIN .
> $TTL 86400 ; 1 day
> wl.my-company IN SOA ns1.my-company.com. scott.my-company.com. (
> 2008103000 ; serial
> 28800 ; refresh (8 hours)
> 7200 ; retry (2 hours)
> 604800 ; expire (1 week)
> 7200 ; minimum (2 hours)
> )
> NS ns1.my-company.com.
> NS ns1.nacio.com.
>
> $ORIGIN wl.my-company.com.
> 202.128.20.175 A 127.0.0.2
> 12.153.224.55 A 127.0.0.2
>
> $ORIGIN com.wl.my-company.com.
> barebones A 127.0.0.2
> chopra A 127.0.0.2
> constantcontact A 127.0.0.2
> dotster A 127.0.0.2
> ebay A 127.0.0.2
> gmail A 127.0.0.2
> lists.mysql A 127.0.0.2
> messaging.nextel A 127.0.0.2
> captain.rustall A 127.0.0.2
> stmproducts A 127.0.0.2
> returns.groups.yahoo A 127.0.0.2
> $ORIGIN wl.my-company.com.
> moveon.org A 127.0.0.2
>
> I hope I am reading this wrong, or I just fubar'd a whole bunch of
> zones

> Thanks for any guidance
> --
> Scott

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

confused about ORIGIN and also named-checkzone - DNS

Thread: confused about ORIGIN and also named-checkzone

LinkBack

Tools

confused about ORIGIN and also named-checkzone

Re: confused about ORIGIN and also named-checkzone