Corrupted Bind zone files

Hi guys,

I've had something strange happening with bind the last couple of months and haven't reported it until now. But it's not fixing itself :-/

My DNS server occassionaly won't start and I get a slew of errors in the log that look like this:

dns_master_load: /var/named/1063thelounge.com.au.hosts:30: 1063thelounge.com.au: multiple RRs of singleton type
zone 1063thelounge.com.au/IN: loading master file /var/named/1063thelounge.com.au.hosts: multiple RRs of singleton type
_default/1063thelounge.com.au/IN: multiple RRs of singleton type

The zone files looks like this .. the records are repeated several times.

$ttl 38400
$ttl 38400
1063thelounge.com.au. IN SOA tricky.neubreed.com.au. sysadmin.neubreed.com. (
1133650483
10800
3600
604800
38400 )
1063thelounge.com.au. IN NS tricky.neubreed.com.au.
1063thelounge.com.au. IN NS ziggy.neubreed.com.au.
1063thelounge.com.au. IN A 203.98.94.20
www.1063thelounge.com.au. IN A 203.98.94.20
ftp.1063thelounge.com.au. IN A 203.98.94.20
mail.1063thelounge.com.au. IN A 203.98.94.20
1063thelounge.com.au. IN MX 5 mail
1063thelounge.com.au. IN TXT "v=spf1 a mx a:1063thelounge.com.au ip4:203.98.94.20 ?all"
1063thelounge.com.au. IN MX 10 mx.neubreed.com.
my-selector-name._domainkey.1063thelounge.com.au. IN TXT ( "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WFW7ad0DAS3Fm8oGajsTbU38OZ"
"xIuOm4RJ8FNGA03xBHq/me2dwE64jJRtwtyNhTKAbfWSFozSZRABnFmqoCHNWpf498JRvtUuzBx1Ip8W"
"HEuZgpW7rJ3tKCCbnWb5kVeosrsOYXv4Yo6grGaW7aiaKR0r/C2NDvVX2tX/Id0wIDAQAB" )
autoconfig.1063thelounge.com.au. IN A 203.98.94.20
1063thelounge.com.au. IN SOA tricky.neubreed.com.au. sysadmin.neubreed.com. (
1133650481
10800
3600
604800
38400 )
1063thelounge.com.au. IN NS tricky.neubreed.com.au.
1063thelounge.com.au. IN NS ziggy.neubreed.com.au.
1063thelounge.com.au. IN A 203.98.94.20
www.1063thelounge.com.au. IN A 203.98.94.20
ftp.1063thelounge.com.au. IN A 203.98.94.20
mail.1063thelounge.com.au. IN A 203.98.94.20
1063thelounge.com.au. IN MX 5 mail
1063thelounge.com.au. IN TXT "v=spf1 a mx a:1063thelounge.com.au ip4:203.98.94.20 ?all"
1063thelounge.com.au. IN MX 10 mx.neubreed.com.
my-selector-name._domainkey.1063thelounge.com.au. IN TXT ( "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WFW7ad0DAS3Fm8oGajsTbU38OZ"
"xIuOm4RJ8FNGA03xBHq/me2dwE64jJRtwtyNhTKAbfWSFozSZRABnFmqoCHNWpf498JRvtUuzBx1Ip8W"
"HEuZgpW7rJ3tKCCbnWb5kVeosrsOYXv4Yo6grGaW7aiaKR0r/C2NDvVX2tX/Id0wIDAQAB" )
autoconfig.1063thelounge.com.au. IN A 203.98.94.20
2011._domainkey.1063thelounge.com.au. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WFW7ad0DAS3Fm8oGa"
"jsTbU38OZxIuOm4RJ8FNGA03xBHq/me2dwE64jJRtwtyNhTKAbfWSFozSZRABnFmqoCHNWpf498JRvtU"
"uzBx1Ip8WHEuZgpW7rJ3tKCCbnWb5kVeosrsOYXv4Yo6grGaW7aiaKR0r/C2NDvVX2tX/Id0wIDAQAB" )
1063thelounge.com.au. IN MX 10 rubix.neubreed.com.

This is happening to most of the domains on the server, which is quite a few. Not just a couple. To fix I manually edit each file until there's no more errors and then start named .. But this is happening frequently now.

Sometimes the zone file that's repeated varies and they are not identical as in this example:

$ttl 38400
$ttl 38400
@ IN SOA tricky.neubreed.com.au. webmaster.neubreed.com. (
1222040371
10800
3600
604800
38400 )
@ IN NS tricky.neubreed.com.au.
@ IN NS ziggy.neubreed.com.au.
jobsingov.com.au. IN A 203.98.94.20
www.jobsingov.com.au. IN A 203.98.94.20
ftp.jobsingov.com.au. IN A 203.98.94.20
m.jobsingov.com.au. IN A 203.98.94.20
localhost.jobsingov.com.au. IN A 127.0.0.1
webmail.jobsingov.com.au. IN A 203.98.94.20
admin.jobsingov.com.au. IN A 203.98.94.20
mail.jobsingov.com.au. IN A 203.98.94.20
jobsingov.com.au. IN MX 5 mail.jobsingov.com.au.
jobsingov.com.au. IN MX 10 mx.neubreed.com.
jobsingov.com.au. IN TXT "v=spf1 a mx a:jobsingov.com.au ip4:203.98.94.20 ?all"
my-selector-name._domainkey.jobsingov.com.au. IN TXT "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WFW7ad0DAS3Fm8oGajsTbU38OZxIuOm4RJ8FNGA03xBHq/me2dwE64jJRtwtyNhTKAbfWSFozSZRABnFmqoCHNWpf498JRvtUuzBx1Ip8WHEuZgpW7rJ3tKCCbnWb5kVeosrsOYXv4Yo6grGaW7aiaKR0r/C2NDvVX2tX/Id0wIDAQAB"
jobsingov.com.au. IN SOA tricky.neubreed.com.au. webmaster.neubreed.com. (
1221621329
10800
3600
604800
38400 )
jobsingov.com.au. IN NS tricky.neubreed.com.au.
jobsingov.com.au. IN NS ziggy.neubreed.com.au.
jobsingov.com.au. IN A 203.98.94.20
www.jobsingov.com.au. IN A 203.98.94.20
ftp.jobsingov.com.au. IN A 203.98.94.20
m.jobsingov.com.au. IN A 203.98.94.20
localhost.jobsingov.com.au. IN A 127.0.0.1
webmail.jobsingov.com.au. IN A 203.98.94.20
admin.jobsingov.com.au. IN A 203.98.94.20
mail.jobsingov.com.au. IN A 203.98.94.20
jobsingov.com.au. IN MX 5 mail.jobsingov.com.au.
jobsingov.com.au. IN MX 10 mx.neubreed.com.
jobsingov.com.au. IN TXT "v=spf1 a mx a:jobsingov.com.au ip4:203.98.94.20 ?all"
staging.jobsingov.com.au. IN A 61.29.36.18
my-selector-name._domainkey.jobsingov.com.au. IN TXT ( "k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WFW7ad0DAS3Fm8oGajsTbU38OZ"
"xIuOm4RJ8FNGA03xBHq/me2dwE64jJRtwtyNhTKAbfWSFozSZRABnFmqoCHNWpf498JRvtUuzBx1Ip8W"
"HEuZgpW7rJ3tKCCbnWb5kVeosrsOYXv4Yo6grGaW7aiaKR0r/C2NDvVX2tX/Id0wIDAQAB" )
autoconfig.jobsingov.com.au. IN A 203.98.94.20
2011._domainkey.jobsingov.com.au. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9WFW7ad0DAS3Fm8oGa"
"jsTbU38OZxIuOm4RJ8FNGA03xBHq/me2dwE64jJRtwtyNhTKAbfWSFozSZRABnFmqoCHNWpf498JRvtU"
"uzBx1Ip8WHEuZgpW7rJ3tKCCbnWb5kVeosrsOYXv4Yo6grGaW7aiaKR0r/C2NDvVX2tX/Id0wIDAQAB" )
jobsingov.com.au. IN MX 10 rubix.neubreed.com.

Do you know what the cause might be?

Status: 
Active

Comments

Hrm, that's really unusual!

Roughly how often does that occur?

And when it occurs to one domain, does it happen for all domains?

Also, have you noticed any patterns as to when it occurs? Any idea of what may be occurring that triggers it?

Also, does this domain have any aliases?

Hi Jamie,

Both of the above examples are aliases. I think you might be onto something there ..

I had a look through the last batch that failed and they appear to be all alias domains.

It's odd that the repeated zone information in some of them differ.

This occurs every couple of weeks and I'm not consciously aware of any events that happen prior, other than perhaps editing records through the webmin / virtualmin

Did you perhaps somehow create an alias domain with the same name as the parent domain (jobsingov.com.au) ?

Also, on the DNS records template page at System Settings -> Server Templates -> Default Settings -> BIND DNS domain, what is the "BIND DNS records for new domains" field set to?

Hi,

Answer to no. 1 No .. I don't think that's possible is it? jobsingov is an alias child of a subserver

Answer to no. 2 It's blank

So if you create a new test domain, does the same problem of duplicate records happen?

And if you add an alias to that test domain, does that trigger the problem?

Both the test domains and their zones I created as above are clean.

Some observations:

I have zone files in two places /var/named/ and most are in /var/named/chroot/var/named/

All the zones that are in /var/named are the zones that generally screw up. They look to be duplicates.

The test domain and alias domain zone files were added to /var/named/chroot/var/named/ and noot /var/named

Another thing I noticed was that I have hundred's of these lock files in /var/named:

chrootHASH(0x16e43fb0).lock
chrootHASH(0x16f941c0).lock

I don't have enough understanding of Bind's configuration to determine if the above is weird, but you might!

Thanks, Ryan

Is BIND on your system configured to use a chroot directory? That will explain why most domains are under /var/named/chroot/var/named . In fact, I would expect them all to be there.

Is there anything that you do with a test domain that triggers the problem, like adding a record or an alias domain?