Zone file creation (DNS)

[llucps]

Hi,

 

A couple of days ago I screwed my DNS Zone from my hosting provider manager.. and becasue of that I reset the DNS Zone and change the DNS.. yes I know my fault .. but happend.

 

So since then the Zone file from each of my domains (they are virtual hosts) mysteriously changed a bit and bind9 started to give me errors, basically complaning about the zone file and being unable to loaded.

 

I know they changed, because I restored a copy of the zone files from a previous back-up.

 

Here is the old zone file from one the domains (which works perfectly):

$TTL 604800
@ IN SOA ns xxx.xxxxxx.com. (
        2016080212 ; serial
        8H ; refresh
        2H ; retry
        1W ; expiry
        11h) ; minimum
@    IN    NS    ns
ns    IN    A           37.187.177.177
@       IN      MX      10 mail
@       IN      TXT     "v=spf1 a mx -all"
@       IN      SPF     "v=spf1 a mx -all"
mail    IN      TXT     "v=spf1 a mx -all"
mail    IN      SPF     "v=spf1 a mx -all"
dkim_34._domainkey IN TXT ("v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ"
                                         "KBgQDGF5JeukrcQzbnPsbx/8yqhhguKxim7/oh8ycCQfauh7WG"
                                         "BoTNNVQleA16a2gGr5qeVHLxJWsHQiYXvd4wCCVbiTBkecl+x/"
                                         "6ZgL12vnSzprL4IKNLu1nNWhxuEX3tN82KbX1tJGteNa/zbzaE"
                                         "zqvYCRAYcjSE7FkHVZyrClD2dQIDAQAB;t=s")
_adsp._domainkey IN TXT "dkim=all"
mail    IN      A               37.187.177.177
imap    IN      A               37.187.177.177
smtp    IN      A               37.187.177.177
pop3    IN      A               37.187.177.177
@       IN      A               37.187.177.177
www     IN      A               37.187.177.177

And this is the new zone that Froxlor automatically generates after I messed up with the DNS Zone from my hosting provider... but I don't recall to change anything from Froxlor domain settings (this zone file doesn't work at all and bind9 is unable to load it, giving en error.

$TTL 604800
$ORIGIN janetgreco.com.
@       18000   IN      SOA     squeakyhost.com lluc.squeakycarrot.com. (
2016081100      ; serial
1800    ; refresh (30 mins)
900     ; retry (15 mins)
604800  ; expire (7 days)
1200    )       ; minimum (20 mins)
@       18000   IN      A       37.187.177.177
www     18000   IN      A       37.187.177.177
@       18000   IN      TXT     "v=spf1 a mx -all"
dkim_34._domainkey      18000   IN      TXT     ("v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ"
                                         "KBgQDGF5JeukrcQzbnPsbx/8yqhhguKxim7/oh8ycCQfauh7WG"
                                         "BoTNNVQleA16a2gGr5qeVHLxJWsHQiYXvd4wCCVbiTBkecl+x/"
                                         "6ZgL12vnSzprL4IKNLu1nNWhxuEX3tN82KbX1tJGteNa/zbzaE"
                                         "zqvYCRAYcjSE7FkHVZyrClD2dQIDAQAB;t=s")

_adsp._domainkey        18000   IN      TXT     "dkim=all"

As you can see changes quite a bit and I have no idea why

 

For now I created another directory inside /etc/bind containing all the zone files from my back-up and I specified the file here (and doing this all is working again):

 

 

The problem is from now on Froxlor generates the zonfiles which don't work at all and I have no idea why? Mainly because before I screwed it up the files generated by Froxlor worked perfectly.

 

Here you have an screenshot of one of my domain settings.. (all the other domains that I have share exactly the same settings:

 

 

Anyone see a reason for this? I would like to find out why?.. specially to generate the zone files automatically again.

 

Thanks.

[d00p]

Well, first of all, yes, the dns stuff changed a lot since 0.9.37.

 

Secondly: please tell us the error that bind gives you. Also you seem to be missing the NS entry, don't you have nameserver specified in your froxlor settings? 

 

Additionally, i don't remember froxlor generating ns-records like in your old zonefile

@    IN    NS    ns
ns    IN    A           37.187.177.177

[llucps]

Oh I wasn't aware that changed so much., good to know.

 

This is the error I'm getting if I use the zone file generated by Froxlor 0.9.37.1:

11-Aug-2016 12:18:32.459 general: error: zone xxxxxxxxxx.com/IN: has no NS records
11-Aug-2016 12:18:32.459 general: error: zone xxxxxxxxxx.com/IN: not loaded due to errors.

This is how I set up my nameserver settings initially (from 2014) which I haven't modify any setting... and I guess the problem is here... Nameserver, MX servers, AXFR servers as well as the option to create mail, imap, pop3 and smtp entries are empty... Could the problem be here?

 

 

 

The ns-records that you mentioned is from the auto-generated zone file which are overwritten everytime Froxlor lunches the cron job.. so Froxlor had to create it.

 

Thanks

[d00p]

Well, as you can see in your settings, there are not nameservers given - hence no NS record. Enter your nameservers there and you will get NS entries and therefore no more errors from bind

[llucps]

Yes you were right.. I specified all the nameservers, the AXFR, MX and imap, pop3 smtp creation and it works now..

 

The only little warning that I get for each of the domains is this:

warning: zone xxxxxxxx.com/IN: 'xxxxxxxx.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record

I guess i could add the with new DNS editor integrated in Froxlor.

 

It looks like I can't specify a SPF Type usign the DNS Editor.. although it seems it's adding the SPF anyway.

 

Thanks a lot!

[d00p]

What "type" do you want to specify for SPF? It's all in the froxlor settings...

 

Also, SPF-Records are obsolete since  RFC 7208, you should only use TXT-records for this

[llucps]

Fixed.. On Domain SPF settings I changed the entry:

"v=spf1 a mx -all"

for this:

@ IN TXT “v=spf1 a mx -all”

and it works perfectly now without warning or errors.

 

Thanks,

[d00p]

Eeh, froxlor did Update this setting to be "v=spf1 a mx -all", the complete record should Not be necessary...are you really using the latest froxlor Version?

 

The Zone you posted earlier Looks correct regarding the spf entry

[llucps]

Umm.. yes I'm using the latest version 0.9.37-1 from the Debian repos.

 

If I put:

@ IN TXT “v=spf1 a mx -all”

It creates this line:

@       18000   IN      TXT     "@ IN TXT “v=spf1 a mx -all”"

If instead I put just:

"v=spf1 a mx -all"

It creates this line:

@       18000   IN      TXT     "v=spf1 a mx -all"

and then bind starts to complain and giving this warning for each domain:

warning: zone xxxxxxxx.com/IN: 'xxxxxxxx.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record

[d00p]

Then, as I said:
 

@ IN TXT “v=spf1 a mx -all”

It creates this line:

@       18000   IN      TXT     "@ IN TXT “v=spf1 a mx -all”"

is obviously wrong.
 

If instead I put just:

"v=spf1 a mx -all"

It creates this line:

@       18000   IN      TXT     "v=spf1 a mx -all"

and then bind starts to complain and giving this warning for each domain:

warning: zone xxxxxxxx.com/IN: 'xxxxxxxx.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record

Is a correct record. And again, as said before, SPF/SPF is OBSOLETE - it's just a warning generated by bind - it should still work.

[llucps]

Yes you're right.

 

The funny thing is why bind is not complaining when I do it wrong and starts complaining when I do it right.

 

And yes, despite of getting that warning, everything works perfectly. I was just curious to know why.

 

Thanks