It's been entirely too long since I setup a bind server. I've creating a lot of Windows DNS servers lately so I wanted to try my hand at it on CentOS 6. Unfortunately I'm having a slew of trouble setting up the zone files.
Host Name: shield.domain.com
When I try to start the service I get the following error message:
domain.com.zone:3: SOA record not at top of zone (domain.com.domain.com)
zone domain.com/IN: loading from master file domain.com.zone failed: not at top of zone
zone domain.com/IN: not loaded due to errors.
_default/domain.com/IN: not at top of zone
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
I modified the /etc/named.conf file to include my new zone and the file is setup as so:
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
forwarders { <IP_ADDR_1>;<IP_ADDR_2>;<IP_ADDR_3>;};
};
zone "domain.com" IN {
type master;
file "domain.com.zone";
allow-update { none; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
I then created a new zone file /var/named/domain.com.zone which is configured as such. I can't figure out what I did wrong with the SOA record at the top, or if there are other issues with my zone file:
$ORIGIN domain.com
$TTL 86400
@ IN SOA shield.domain.com. hostmaster.domain.com. (
2013008413 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
IN NS shield.domain.com.
IN A 10.10.0.175
shield IN A 10.10.0.175
I used the following resources and I just find myself getting more and more lost staring blankly at the zone file. This is the only server in the environment multi-hosting different services:
Bind Configuration Files: http://centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html
DNS Sample Zone: http://www.zytrax.com/books/dns/ch6/mydomain.html
Best Answer
The log entry
SOA record not at top of zone (domain.com.domain.com)
is a hint that something is amiss; theSOA
record at the top of the file is not being considered as the entry for the domain that's supposed to be handled by this zone file.This could be caused by the
$ORIGIN domain.com
line mismatching from thezone "domain.com" IN {
line in thenamed.conf
file, either due to an actual mismatched or something like a UTF-8 string handling problem.An easy workaround in this case is to simply remove the
$ORIGIN
line from the zone file; it will then be automatically built based on the zone definition innamed.conf
, ensuring that those strings will match.