confused about ORIGIN and also named-checkzone - DNS

This is a discussion on confused about ORIGIN and also named-checkzone - DNS ; I moved a server to using named and manage it in the shell, I used to use a desktop app that did it for me. In the process, when I edit a zone, I will push it throug the below ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: confused about ORIGIN and also named-checkzone

  1. confused about ORIGIN and also named-checkzone

    I moved a server to using named and manage it in the shell, I used to
    use a desktop app that did it for me.

    In the process, when I edit a zone, I will push it throug the below
    command, to clean it up, and then I delete the first line, and last
    line in the output of the zone, and reload rndc

    named-checkzone -D -s relative example.com example.com-hosts

    It adds in $ORIGIN lines, which I am not sure entirely what they are
    for, at least, not in the way it is adding them in. Here is an
    example zone, that works now

    $TTL 86400
    @ 86400 IN SOA ns1.my-company.com. scott.my-
    company.com. 2008033103 28800 7200 604800 7200
    @ IN NS ns1.my-company.com.
    captain.rustall.com IN A 127.0.0.2 ;Whitelist
    for winnow
    lists.mysql.com IN A
    127.0.0.2 ;lists.mysql.com
    12.153.224.55 IN A 127.0.0.2 ;Etrade.com
    messaging.nextel.com IN A
    127.0.0.2 ;messaging.nextel.com
    moveon.org IN A 127.0.0.2
    gmail.com IN A 127.0.0.2
    dotster.com IN A 127.0.0.2
    ebay.com IN A 127.0.0.2
    stmproducts.com IN A
    127.0.0.2 ;stmproducts.com is on dynamic
    returns.groups.yahoo.com IN A 127.0.0.2 ;yahoo groups
    chopra.com IN A 127.0.0.2 ;they hit a
    spamtrap
    barebones.com IN A 127.0.0.2
    202.128.20.175 IN A
    127.0.0.2 ;endtimeprophecy.org - Wordweaver

    After I run it through named-checkzone with -D and -s, relative, I get
    the below output, which does not make sense. If $ORIGIN sets a base
    of all below it, then it seems wrong to me...

    $ORIGIN .
    $TTL 86400 ; 1 day
    wl.my-company IN SOA ns1.my-company.com. scott.my-company.com. (
    2008103000 ; serial
    28800 ; refresh (8 hours)
    7200 ; retry (2 hours)
    604800 ; expire (1 week)
    7200 ; minimum (2 hours)
    )
    NS ns1.my-company.com.
    NS ns1.nacio.com.

    $ORIGIN wl.my-company.com.
    202.128.20.175 A 127.0.0.2
    12.153.224.55 A 127.0.0.2

    $ORIGIN com.wl.my-company.com.
    barebones A 127.0.0.2
    chopra A 127.0.0.2
    constantcontact A 127.0.0.2
    dotster A 127.0.0.2
    ebay A 127.0.0.2
    gmail A 127.0.0.2
    lists.mysql A 127.0.0.2
    messaging.nextel A 127.0.0.2
    captain.rustall A 127.0.0.2
    stmproducts A 127.0.0.2
    returns.groups.yahoo A 127.0.0.2
    $ORIGIN wl.my-company.com.
    moveon.org A 127.0.0.2

    I hope I am reading this wrong, or I just fubar'd a whole bunch of
    zones
    Thanks for any guidance
    --
    Scott



  2. Re: confused about ORIGIN and also named-checkzone

    In article ,
    Scott Haneda wrote:

    > I moved a server to using named and manage it in the shell, I used to
    > use a desktop app that did it for me.
    >
    > In the process, when I edit a zone, I will push it throug the below
    > command, to clean it up, and then I delete the first line, and last
    > line in the output of the zone, and reload rndc
    >
    > named-checkzone -D -s relative example.com example.com-hosts


    Based on your example below, I think you specified the zone
    wl.my-company.com, not example.com.

    >
    > It adds in $ORIGIN lines, which I am not sure entirely what they are
    > for, at least, not in the way it is adding them in. Here is an
    > example zone, that works now


    They're used because you specified "-s relative". This always generates
    single-component owner names, and uses $ORIGIN to specify the suffix.

    >
    > $TTL 86400
    > @ 86400 IN SOA ns1.my-company.com. scott.my-
    > company.com. 2008033103 28800 7200 604800 7200
    > @ IN NS ns1.my-company.com.
    > captain.rustall.com IN A 127.0.0.2 ;Whitelist
    > for winnow
    > lists.mysql.com IN A
    > 127.0.0.2 ;lists.mysql.com
    > 12.153.224.55 IN A 127.0.0.2 ;Etrade.com
    > messaging.nextel.com IN A
    > 127.0.0.2 ;messaging.nextel.com
    > moveon.org IN A 127.0.0.2
    > gmail.com IN A 127.0.0.2
    > dotster.com IN A 127.0.0.2
    > ebay.com IN A 127.0.0.2
    > stmproducts.com IN A
    > 127.0.0.2 ;stmproducts.com is on dynamic
    > returns.groups.yahoo.com IN A 127.0.0.2 ;yahoo groups
    > chopra.com IN A 127.0.0.2 ;they hit a
    > spamtrap
    > barebones.com IN A 127.0.0.2
    > 202.128.20.175 IN A
    > 127.0.0.2 ;endtimeprophecy.org - Wordweaver
    >
    > After I run it through named-checkzone with -D and -s, relative, I get
    > the below output, which does not make sense. If $ORIGIN sets a base
    > of all below it, then it seems wrong to me...


    Your original file defines names that don't end in ".", so they're
    assumed to be in the zone you specified in the named.conf file (or on
    the command line when using named-checkzone). E.g.

    gmail.com IN A 127.0.0.2

    is short for

    gmail.com.wl.my-company.com. IN A 127.0.0.2

    Then because you specified relative syntax, it becomes:

    $ORIGIN com.wl.my-company.com.
    gmail IN A 127.0.0.2.

    >
    > $ORIGIN .
    > $TTL 86400 ; 1 day
    > wl.my-company IN SOA ns1.my-company.com. scott.my-company.com. (
    > 2008103000 ; serial
    > 28800 ; refresh (8 hours)
    > 7200 ; retry (2 hours)
    > 604800 ; expire (1 week)
    > 7200 ; minimum (2 hours)
    > )
    > NS ns1.my-company.com.
    > NS ns1.nacio.com.
    >
    > $ORIGIN wl.my-company.com.
    > 202.128.20.175 A 127.0.0.2
    > 12.153.224.55 A 127.0.0.2
    >
    > $ORIGIN com.wl.my-company.com.
    > barebones A 127.0.0.2
    > chopra A 127.0.0.2
    > constantcontact A 127.0.0.2
    > dotster A 127.0.0.2
    > ebay A 127.0.0.2
    > gmail A 127.0.0.2
    > lists.mysql A 127.0.0.2
    > messaging.nextel A 127.0.0.2
    > captain.rustall A 127.0.0.2
    > stmproducts A 127.0.0.2
    > returns.groups.yahoo A 127.0.0.2
    > $ORIGIN wl.my-company.com.
    > moveon.org A 127.0.0.2
    >
    > I hope I am reading this wrong, or I just fubar'd a whole bunch of
    > zones
    > Thanks for any guidance
    > --
    > Scott


    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


+ Reply to Thread