rpz 'rpz.local' is not a master or slave zone crash BIND



  • Re: Possible bug with BIND config generate in 2.4.5 (bind package: 9.14_3)

    Same error like your but not with reverse zone, and I can't recover error.

    rpz 'rpz.local' is not a master or slave zone 
    loading configuration: not found
    exiting (due to fatal error)
    

    I have rpz.local master zone.

            
    options {
            directory "/etc/namedb";
            pid-file "/var/run/named/pid";
            statistics-file "/var/log/named.stats";
            max-cache-size 256M;
            response-policy {
                    zone "rpz.local";
            };
    
    ....
    
    view "any" {
            recursion yes;
            match-clients { any; };
            allow-recursion { any; };
    
            zone "rpz.local" {
                    type master;
                    file "/etc/namedb/master/any/rpz.local.DB";
                    allow-query { any; };
                    allow-transfer { any; };
                    allow-update { any; };
            };
    

    posted bug: https://redmine.pfsense.org/issues/10445


  • LAYER 8

    This post is deleted!

  • LAYER 8

    ok i was able to reproduce it,
    this happen when you have 2 or more view and a response policy,

    this does not work anymore, as i suspected, having response policy inside options lead to that error,

    options {
            ...
    	response-policy {
    		zone "overrides";
    	};
            ....
    };
    
    view "local view" { 
    	recursion yes;
    
    	zone "0.168.192.in-addr.arpa" {
    		type master;
    		file "/etc/namedb/master/local view/0.168.192.DB";
    		allow-query { localhost; localnets; };
    		allow-update { localhost; localnets; };
    	};
    
    	zone "." {
    		type hint;
    		file "/etc/namedb/named.root";
    	};
            zone "overrides" {
                     type master;
                     file "/etc/namedb/master/local view/overrides.DB";
                     allow-query { any; };
                     allow-transfer { none; };
                     allow-update { none; };
            };
            
    

    this one instead work as intended

    options {
            ..
     ..
    };
    
    view "local view" { 
    	recursion yes;
    
    	response-policy {
    		zone "overrides";
    	};
    
    	zone "0.168.192.in-addr.arpa" {
    		type master;
    		file "/etc/namedb/master/local view/0.168.192.DB";
    		allow-query { localhost; localnets; };
    		allow-update { localhost; localnets; };
    	};
    
    	zone "." {
    		type hint;
    		file "/etc/namedb/named.root";
    	};
            zone "overrides" {
                     type master;
                     file "/etc/namedb/master/local view/overrides.DB";
                     allow-query { any; };
                     allow-transfer { none; };
                     allow-update { none; };
                  };
           
    

    you can manually edit the config file /cf/named/etc/namedb/named.conf and check yourself
    launch named with

    /usr/local/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/



  • Hello fiends,

    I was stock in the same error, another workaround is uncheck the response policy zone option into the zone web config:

    Captura de pantalla 2020-06-24 a la(s) 1.39.08 a. m..png

    and set the custom option into every config view.

    Captura de pantalla 2020-06-24 a la(s) 1.39.45 a. m..png

    This way you keep the service working with the web interface.

    Hope this help to anyone.

    Bye.




Log in to reply