DNS nslint error messages

Tue Jan 31 01:16:57 PST 2006

On 2006-01-30 19:37, Brad Gilmer <bgilmer at gilmer.org> wrote:
> I am running freebsd 5.4-STABLE on an IBM e-series 330 server.  I have
> recently started playing with DNS and have been largely successful.
> However, nslint reports the following errors:
>
> nslint: missing "a": localhost. -> 127.0.0.1
> nslint: missing "a": localhost.org. -> 0.0.0.1
>
> If I add the line:
>
> localhost.      IN A 127.0.0.1
>
> to my zone file, the first nslint error message goes away, but I then
> see the following message in my /var/log/messages file upon named
> startup:
>
> Jan 30 18:58:55 gilmer named[15485]: master/gilmer.org:16: ignoring out-of-zone data (localhost)

In this case, I think named is right and nslint is doing something funny.

> So which is correct?  Should I insert the A record in the zone file
> and ignore the nslint message, or should I leave it out and ignore the
> named message?  Is there something else improperly configured on my
> system?

I don't know why nslint expects to be able to resolve "localhost." from
a zone file that contains records for "gilmer.org.".  This is a bit
silly, if you ask me.

> What about the second nslint message above?  Why am I getting a
> complaint about 0.0.0.1?

This is probably because of some problem with your `named.conf' file.

> My /etc/namedb/master/gilmer.org file looks like this:
> $TTL    3600
>
> gilmer.org.     IN      SOA     ns1.gilmer.org. admin.gilmer.org.  (
>                                 20060126        ; Serial
>                                 3600    ; Refresh
>                                 900     ; Retry
>                                 3600000 ; Expire
>                                 3600 )  ; Minimum
>
> ;DNS Servers
> @       IN      NS      @

Not a good idea.  To resolve a name in the 'gilmer.org.' domain, a
remote name server has to contact the nameserver at 'gilmer.org.', but
to resolve 'gilmer.org.' is first has to resolve 'gilmer.org.', which
forms a nice and tight but annoying loop.

I think it would be a better idea to just use the *real* IP address of
the NS here.

> ; Machine Names
> localhost.      IN A    127.0.0.1

The "localhost." entry is not good here; it should go.

> ns1             IN A    69.46.128.60
> @               IN A    69.46.128.60
>
> ;Aliases
> mail            IN CNAME        @
> www             IN CNAME        @
>
> ; MX Record
> @               IN MX 10        @

The rest looks ok to me.

> ;       From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90
> ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40 peter Exp $
> ;
> ; This file is automatically edited by the `make-localhost' script in
> ; the /etc/namedb directory.
> ;
>
> $TTL    3600
>
> @       IN      SOA     ns1.gilmer.org. admin.gilmer.org.  (
>                                 20060126        ; Serial
>                                 3600    ; Refresh
>                                 900     ; Retry
>                                 3600000 ; Expire
>                                 3600 )  ; Minimum
>
>         IN      NS      ns1.gilmer.org.
>
> 1       IN      PTR     localhost.

Hmmm, why is a final dot required in this?  This is probably because
nslint reports that it cannot find information for "localhost.", as
opposed to, say, "localhost.gilmer.org."