rpz 'rpz.local' is not a master or slave zone crash BIND

lexxai

Re: Possible bug with BIND config generate in 2.4.5 (bind package: 9.14_3)

Same error like your but not with reverse zone, and I can't recover error.

rpz 'rpz.local' is not a master or slave zone 
loading configuration: not found
exiting (due to fatal error)

I have rpz.local master zone.

        
options {
        directory "/etc/namedb";
        pid-file "/var/run/named/pid";
        statistics-file "/var/log/named.stats";
        max-cache-size 256M;
        response-policy {
                zone "rpz.local";
        };

....

view "any" {
        recursion yes;
        match-clients { any; };
        allow-recursion { any; };

        zone "rpz.local" {
                type master;
                file "/etc/namedb/master/any/rpz.local.DB";
                allow-query { any; };
                allow-transfer { any; };
                allow-update { any; };
        };

posted bug: https://redmine.pfsense.org/issues/10445

kiokoman

This post is deleted!

kiokoman

ok i was able to reproduce it,
this happen when you have 2 or more view and a response policy,

this does not work anymore, as i suspected, having response policy inside options lead to that error,

options {
        ...
	response-policy {
		zone "overrides";
	};
        ....
};

view "local view" { 
	recursion yes;

	zone "0.168.192.in-addr.arpa" {
		type master;
		file "/etc/namedb/master/local view/0.168.192.DB";
		allow-query { localhost; localnets; };
		allow-update { localhost; localnets; };
	};

	zone "." {
		type hint;
		file "/etc/namedb/named.root";
	};
        zone "overrides" {
                 type master;
                 file "/etc/namedb/master/local view/overrides.DB";
                 allow-query { any; };
                 allow-transfer { none; };
                 allow-update { none; };
        };

this one instead work as intended

options {
        ..
 ..
};

view "local view" { 
	recursion yes;

	response-policy {
		zone "overrides";
	};

	zone "0.168.192.in-addr.arpa" {
		type master;
		file "/etc/namedb/master/local view/0.168.192.DB";
		allow-query { localhost; localnets; };
		allow-update { localhost; localnets; };
	};

	zone "." {
		type hint;
		file "/etc/namedb/named.root";
	};
        zone "overrides" {
                 type master;
                 file "/etc/namedb/master/local view/overrides.DB";
                 allow-query { any; };
                 allow-transfer { none; };
                 allow-update { none; };
              };

you can manually edit the config file /cf/named/etc/namedb/named.conf and check yourself
launch named with

/usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/

julyusito

Hello fiends,

I was stock in the same error, another workaround is uncheck the response policy zone option into the zone web config:

Captura de pantalla 2020-06-24 a la(s) 1.39.08 a. m..png

and set the custom option into every config view.

Captura de pantalla 2020-06-24 a la(s) 1.39.45 a. m..png

This way you keep the service working with the web interface.

Hope this help to anyone.

Bye.

viktor_g

See https://redmine.pfsense.org/issues/10445#note-3