Page 1 of 1

Stuck at conf redefined options

Posted: 2017-01-19 10:21
by corsairetc
Hello, I cant figure out what wrong with bind named.conf file.
If I start named-checkconf named conf I get this error.

Code: Select all

named.conf:22: 'options' redefined near 'options'
I cant figure out where ś could be the problem with systax.
Here I attach named.conf file

Code: Select all

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

acl internals { 127.0.0.0/8; 192.168.0.0/24; 172.100.200.0/29; 192.168.44.0/24; 192.168.3.0/26; };

include "/etc/bind/named.conf.options";

acl "trusted" {
     192.168.0.0/24;
     172.100.200.0/29;
     192.168.44.0/24;
     192.168.3.0/26
     ;localhost;
     localnets;
 };

options {
     allow-query { any; };
     allow-recursion { trusted; };
     allow-query-cache { trusted; };
 };

include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
Thank you for any help.

Re: Stuck at conf redefined options

Posted: 2017-01-19 10:25
by cfb
My guess is that you have options defined in:

Code: Select all

include "/etc/bind/named.conf.options";

Re: Stuck at conf redefined options

Posted: 2017-01-19 12:11
by corsairetc
Found it, wrong configuration at named.conf should be this:

Code: Select all

include "/etc/bind/named.conf.options";

acl "trusted" {
     192.168.0.0/24;
     172.100.200.0/29;
     192.168.44.0/24;
     192.168.3.0/26
     ;localhost;
     localnets;
 };
and at named.conf.options should be this:

Code: Select all

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.
	 
	 forwarders {
	 	217.31.204.130;
		193.138.152.1;
		8.8.8.8;
	 };

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================

	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
	
	// Accept requests for internal network only
        allow-query { any; };
	allow-recursion { trusted; };
	allow-query-cache { trusted; };	
	version none;
Now is it withou errors.
Hope this is right configuration.