Configuring Bind – Error About SOA Record When Starting named Service

It's been entirely too long since I setup a bind server. I've creating a lot of Windows DNS servers lately so I wanted to try my hand at it on CentOS 6. Unfortunately I'm having a slew of trouble setting up the zone files.

Host Name: shield.domain.com

When I try to start the service I get the following error message:

domain.com.zone:3: SOA record not at top of zone (domain.com.domain.com)
zone domain.com/IN: loading from master file domain.com.zone failed: not at top of zone
zone domain.com/IN: not loaded due to errors.
_default/domain.com/IN: not at top of zone
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0

I modified the /etc/named.conf file to include my new zone and the file is setup as so:

options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
    forwarders { <IP_ADDR_1>;<IP_ADDR_2>;<IP_ADDR_3>;};
};

zone "domain.com" IN {
    type master;
    file "domain.com.zone";
    allow-update { none; };
};

logging {
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

I then created a new zone file /var/named/domain.com.zone which is configured as such. I can't figure out what I did wrong with the SOA record at the top, or if there are other issues with my zone file:

$ORIGIN domain.com
$TTL 86400
@       IN      SOA     shield.domain.com.    hostmaster.domain.com. (
                    2013008413      ; serial
                    21600           ; refresh after 6 hours
                    3600            ; retry after 1 hour
                    604800          ; expire after 1 week
                    86400 )         ; minimum TTL of 1 day

    IN      NS      shield.domain.com.

            IN      A       10.10.0.175

shield      IN      A       10.10.0.175

I used the following resources and I just find myself getting more and more lost staring blankly at the zone file. This is the only server in the environment multi-hosting different services:

Bind Configuration Files: http://centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html

DNS Sample Zone: http://www.zytrax.com/books/dns/ch6/mydomain.html

Best Answer

The log entry SOA record not at top of zone (domain.com.domain.com) is a hint that something is amiss; the SOA record at the top of the file is not being considered as the entry for the domain that's supposed to be handled by this zone file.

This could be caused by the $ORIGIN domain.com line mismatching from the zone "domain.com" IN { line in the named.conf file, either due to an actual mismatched or something like a UTF-8 string handling problem.

An easy workaround in this case is to simply remove the $ORIGIN line from the zone file; it will then be automatically built based on the zone definition in named.conf, ensuring that those strings will match.

Best Answer

Related Solutions

Fedora – Setting Up a DNS Server on Fedora 11

Debian – Setting up a DNS name server for a mass virtual host with Bind9

Related Topic