Send in your Unix questions today! |
See additional Unix tips and tricks
I recently had an occasion to help a friend update her DNS configuration on a system responsible for a small test domain. Since she seldom touches the zone files on the server, never mind the main configuration file, I suggested that we pay attention to the messages that the process writes to the messages file to highlight any configuration problems that existed in the long neglected named.conf file.
While we didn't run into many problems and the DNS server was working, we noted a number of minor configuration problems -- some resulting in errors and others generating warnings -- which we systematically identified and then resolved.
The first error we noticed was this one:
Jun 19 09:09:09 ns named[6226]: [ID 295310 daemon.error] /etc/named.conf:12:
syntax error near '('
This mistake was a little hard to spot on the screen since parentheses and braces look very similar on a screen when a small font is used. The particular problem was that a parenthesis was used where a brace was needed. Once we made this change, we restarted in.named with a "pkill -HUP in.named" command and noticed that the error was no longer being generated.
The second error we encountered told us that the allow-query option was being used in a location where it didn't apply. In this case, it was included in a forward zone.
Jun 19 09:09:09 ns named[6226]: [ID 295310 daemon.error] 'allow-query' option
for non-{master,slave,stub} zone 'dditch.com'
We were also getting an error associated with that same forward zone saying that it was being skipped because it failed to validate. We figured this was related to the initial problem and moved on to the next error.
The third problem we encountered took a little longer to resolve. The error messages looked like this:
Jun 19 09:09:09 ns named[6226]: [ID 295310 daemon.error] /etc/named.conf:57:
syntax error near '}'
As it turned out, one of the allow-transfer commands in the named.conf file was incorrectly formatted. It looked like this:
allow-transfer {10.1.2.3;10.1.2.4};
It should have looked like this:
allow-transfer {10.1.2.3;10.1.2.4;};
Notice the additional semicolon before the closing brace.
I sometimes format allow-transfer and similar commands across multiple lines so that they're a little easier to read:
allow-transfer {
10.1.2.3;
10.1.2.4;
};
The absence of the semicolon when the command is spread across multiple lines is a little easier to spot.
Two warnings appeared in the messages file regarding the assumed default time to live (TTL). These messages looked like this:
Jun 19 09:09:09 ns named[6226]: [ID 295310 daemon.warning] Zone "dditc
h.com" (file db.annlab.dditch.com): No default TTL ($TTL <value>) set, u
sing SOA minimum instead.
These were easily resolved by inserting a "$TTL 2d" (time to live set to 2 days) command at the tops of the two offending zone files.
Once these issues were resolved, the only messages generated when we sent in.named a hangup to restart DNS were two lines telling us that named was reloading and was then ready to answer queries.
Jun 19 16:39:12 ns named[6370]: [ID 295310 daemon.notice] reloading nameserver
Jun 19 16:39:12 ns named[6370]: [ID 295310 daemon.notice] Ready to answer queries.
If you would like to see even more information from DNS, you can add debugging by specifying the -d option (e.g., /usr/sbin/in.named -d 9)
The named process might not issue warnings in your terminal window when you restart it with a "pkill -HUP in.named" command. However, it sends useful messages to the /var/adm/messages file which you should check from time to time to make sure you're not overlooking some problems that might affect how well your name server is actually working.
