Error in named-checkzone: DNS Zone Error – No Address Records (A or AAAA)

binddnsdomaindomain-namehostname

I am configuring my private DNS server.
I am following this tutorial. But when I reached the Check BIND Configuration Syntax step, I got some errors.

Here is the command output:

x@e-dns1:/etc/bind$ sudo named-checkzone xyz1.com forward.xyz1.com
zone xyz1.com/IN: NS 'dns1.xyz1.com.xyz1.com' has no address records (A or AAAA)
zone xyz1.com/IN: NS 'dns2.xyz1.com.xyz1.com' has no address records (A or AAAA)
zone xyz1.com/IN: not loaded due to errors.

The file: forward.xyz1.com contains the following:

$TTL    604800

@       IN      SOA     dns1.xyz1.com. admin.xyz1.com. (
                              3         ; Serial
                         604820         ; Refresh
                          86600         ; Retry
                        2419600         ; Expire
                         604600 )       ; Negative Cache TTL

; name servers - NS records
    IN  NS  dns1.xyz1.com
    IN  NS  dns2.xyz1.com

; name servers - A records
dns1.xyz1.com.          IN      A       192.168.56.3
dns2.xyz1.com.          IN      A       192.168.56.5

; 192.168.56.0/24 - A records
host1.xyz1.com.         IN      A       192.168.56.6
host2.xyz1.com.         IN      A       192.168.56.8

Can you please point the me what is wrong? I want to dns servers to be:

dns1.xyz1.com
dns2.xyz1.com

and the hosts:

host1.xyz1.com
host2.xyz1.com

Best Answer

In a bind9 zone file, any fully qualified domain name (FQDN) needs to have the ending . character added to it.

Your references around line 11-12ish

; name servers - NS records
    IN  NS  dns1.xyz1.com
    IN  NS  dns2.xyz1.com

Don't have them.

Should be:

; name servers - NS records
    IN  NS  dns1.xyz1.com.
    IN  NS  dns2.xyz1.com.

Don't forget to increase your serial.

Also, don't forget that if you are doign this for real you need to have glue records set up otherwise one of your name servers must be outside of your domain (zone).

Related Solutions

Dns – Purpose of serial number in DNS zone files

It's so that other servers doing zone transfers can verify if they need to do a zone transfer. Old serial number, no transfer. TTL not involved on this one.

The DNS server knows that it needs to re-read the zone file when the serial number changes as just making a change does not trigger anything, there's no timestamp within the zone file generated by changing anything to note that there has been an update on most DNS software. Most Zone files are just text files in the *nix world.

Normal convention is that the Serial number is the timestamp in date ISO date format followed by a two number increment

2014101501

Microsoft products are set up to autoincrement the Serial Number when changes are made.

Dns – BIND can’t resolve a domain name

It sounds as if you are having some difficulty, so here are two (hopefully) working examples for you. Note that the first option (the .com zone) will likely prevent resolution of normal .com domains (e.g. google.com). The second option (the dns1.com zone) does not have this drawback.

Example .com Zone Files

ex. /etc/bind/named.conf.local

; "db.com.tld" is a random name - use whatever you like.
; The same goes for "db.rev.192".
;
; Likewise, you can adjust your "allow-transfer" settings,
; etc. as needed.

zone "com." IN {
    type master;
    file "/etc/bind/zones/db.com.tld";
    allow-transfer { none; };
};

zone "56.168.192.in-addr.arpa" IN {
    type master;
    file "/etc/bind/zones/db.rev.192";
    allow-transfer { none; };
};

ex. /etc/bind/zones/db.com.tld

; BIND data file for TLD ".com"
;
; This will likely break real ".com" websites (i.e. anything not listed here).

$TTL 3600
@   IN  SOA     com.    admin.com. (
                2018040501  ; Serial
                604800      ; Refresh period
                86400       ; Retry interval
                2419200     ; Expire time (28 days... later)
                604800 )    ; Negative Cache TTL (1 week)

; Name Servers - NS records
@       IN NS  ns1.com.   ; This is required
@       IN NS  ns2.com.   ; You should have two name servers

; Name Servers - A records
ns1                 IN A        192.168.56.3        ; This is required
ns2                 IN A        192.168.56.3        ; You should have two name servers

; Our domains/sub-domains
dns1                IN A        192.168.56.3        ; dns1.com
host1.dns1          IN A        192.168.56.7        ; host1.dns1.com
host2.dns1          IN A        192.168.56.8        ; host2.dns1.com

Note that is okay to use a period like this, though arguably redundant in this case:

;ok.period.com.     IN A        192.168.56.3        ; ok.period.com -> FQDN

And this is what you should avoid:

;no.period.         IN A        192.168.56.3        ; Don't use periods for sub-domains
;no.period.com      IN A        192.168.56.3        ; While this works, this is actually accessed as no.period.com.com!

ex. /etc/bind/zones/db.rev.192

; BIND reverse data file.
; The domain, etc. used should be a listed 'zone' in named.conf. 

$TTL 86400
@   IN SOA      com.    admin.com. (
                2018040501  ; Serial
                10800       ; Refresh
                3600        ; Retry
                604800      ; Expire
                86400 )     ; Minimum

; In this case, the number just before "PTR" is the last octet 
; of the IP address for the device to map (e.g. 192.168.56.[3])

; Name Servers
@       IN NS   ns1.com.
@       IN NS   ns2.com.

; Reverse PTR Records
3       IN PTR  dns1.com.   
7       IN PTR  host1.dns1.com.
8       IN PTR  host2.dns1.com.

Note that the setup above likely limits your options with regards to having your machines access .com domains other than the ones you create (i.e. they will likely not be able to access them). If you wish them to access foreign .com domains, you can try the narrower approach below.

Example dns1.com Zone Files

ex. /etc/bind/named.conf.local

; "db.dns1.com" is a random name - use whatever you like.
;
; Likewise, you can adjust your "allow-transfer" settings,
; etc. as needed.

zone "dns1.com" IN {
    type master;
    file "/etc/bind/zones/db.dns1.com";
    allow-transfer { none; };
};

You can use the same named.conf.local reverse zone entry as above.

ex. /etc/bind/zones/db.dns1.com

; BIND data for http://dns1.com

$TTL 3600 
@   IN SOA      ns1.dns1.com.   admin.dns1.com. (
                2018040501  ; Serial
                604820      ; Refresh
                86600       ; Retry
                2419600     ; Expire
                604600 )    ; Negative Cache TTL

; Name Servers - NS records
@       IN NS   ns1.dns1.com.   ; This is required
@       IN NS   ns2.dns1.com.   ; You should have two name servers

; Name Servers - A records
ns1                 IN A        192.168.56.3        ; This is required
ns2                 IN A        192.168.56.3        ; You should have two name servers

; Our domains/sub-domains
dns1.com.           IN A        192.168.56.3         ; dns1.com 
host1               IN A        192.168.56.7         ; host1.dns1.com
host2               IN A        192.168.56.8         ; host2.dns1.com

ex. /etc/bind/zones/db.rev.192

; BIND reverse data file.
; The domain, etc. used should be a listed 'zone' in named.conf. 

$TTL 86400
@   IN SOA      dns1.com.   admin.dns1.com. (
                2018040501  ; Serial
                10800       ; Refresh
                3600        ; Retry
                604800      ; Expire
                86400 )     ; Minimum

; In this case, the number just before "PTR" is the last octet 
; of the IP address for the device to map (e.g. 192.168.56.[3])

; Name Servers
@       IN NS   ns1.dns1.com.
@       IN NS   ns2.dns1.com.

; Reverse PTR Records
3       IN PTR  dns1.com.   
7       IN PTR  host1.dns1.com.
8       IN PTR  host2.dns1.com.

Best Answer

Related Solutions

Dns – Purpose of serial number in DNS zone files

Dns – BIND can’t resolve a domain name

Related Question