I have a BIND9 (9.9.10-P2) server running on Windows Server 2012 R2. I have 2 views – an internal and external – serving up two zones for domains I own.
For some reason, one of these zones it refuses to serve up answers for despite the server starting without complaints. When creating Zone 2 (the problem zone), since it is set up exactly like Zone 1, I simply copied the file from Zone 1 and replaced the relevant bits with the new name. Checkzone says it's ok and shows no errors. Running checkconf -z throws errors for Zone 2 but not Zone 1:
C:\Program Files\ISC BIND 9\bin>named-checkconf.exe -z ..\etc\named.conf
C:\Program Files\ISC BIND 9\etc\zones\domain2.net.int:4: ignoring out-of-zone data
(domain2.net)
C:\Program Files\ISC BIND 9\etc\zones\domain2.net.int:16: ignoring out-of-zone dat
a (dns.domain2.net)
zone domain2.net/IN: has 0 SOA records
zone domain2.net/IN: has no NS records
zone domain2.net/IN: not loaded due to errors.
internal/domain2.net/IN: bad zone
zone domain1.net/IN: loaded serial 2
C:\Program Files\ISC BIND 9\etc\zones\domain2.net.ext:4: ignoring out-of-zone data
(domain2.net)
C:\Program Files\ISC BIND 9\etc\zones\domain2.net.ext:16: ignoring out-of-zone dat
a (dns.domain2.net)
zone domain2.net/IN: has 0 SOA records
zone domain2.net/IN: has no NS records
zone domain2.net/IN: not loaded due to errors.
external/domain2.net/IN: bad zone
zone domain1.net/IN: loaded serial 2
Here is my named.conf:
key "rndc-key" {
algorithm hmac-md5;
secret "nah";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
acl internals {
127.0.0.0/8;
10.16.0.0/22;
};
view "internal" {
match-clients { internals; };
recursion yes;
zone "domain2.net" {
type master;
file "C:\Program Files\ISC BIND 9\etc\zones\domain2.net.int";
};
zone "domain1.net" {
type master;
file "C:\Program Files\ISC BIND 9\etc\zones\domain1.net.int";
};
};
view "external" {
match-clients { any; };
recursion no;
zone "domain2.net" {
type master;
file "C:\Program Files\ISC BIND 9\etc\zones\domain2.net.ext";
};
zone "domain1.net" {
type master;
file "C:\Program Files\ISC BIND 9\etc\zones\domain1.net.ext";
};
};
Here is Zone 1/Domain 1, the working one:
; domain1.net
$TTL 86400
$ORIGIN domain1.net.
domain1.net. IN SOA dns.domain1.net. hostmaster (
2 ; Serial number
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400) ; Minimum TTL
; Nameservers
IN NS dns.domain1.net.
IN NS dns.domain2.net.
; Records
dns.domain1.net. IN A 127.0.0.2
Here is Zone 2/Domain 2, the broken one:
; domain2.net
$TTL 86400
$ORIGIN domain2.net.
domain2.net. IN SOA dns.domain2.net. hostmaster (
2 ; Serial number
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400) ; Minimum TTL
; Nameservers
IN NS dns.domain2.net.
IN NS dns.domain1.net.
; Records
dns.domain2.net. IN A 127.0.0.6
As far as I can tell Zone 1/Domain 1 works perfectly fine. I have deleted and recreated and copied these files numerous times with no success.
Best Answer
It's ignoring the records in the domain 2 zone files as "out of zone", which seems to indicate a mismatch between the
zone "domain2.net" {line of the conf and thedomain2.net.name in your zone file, which might have been lost in your domain obfuscation.Do those two strings match exactly between those two files (apart from the trailing dot in the zone file), and are there any special characters or encoding differences?