Weird new BIND error: unknown option '$', Re-Check Configuration fails

Operating system: Ubuntu
OS version: 18.04 LTS

Red-Herring

Status: Virtualmin, and OS kept fully up to date almost daily. PHP, and Database, I’m off the reservation though. I have the MariaDB repository for the database instead of APT, and the same goes for my PHP where I’m at the source with 8 available on my system.

Initial Information:

The specific top-level virtual server that the error message is referencing (renamed to fqdn.tld), was the first one I have added in years. It might be the way I changed Virtualmin over time. I probably added the LetsEncrypt & MailGun parts to my Server Templates between this latest virtual server creation and all the older ones:
Virtualmin → System Settings → Server Templates → BIND DNS Domain: Additional named.conf directives for new zones

${DOM}. IN CAA 0 issue “letsencrypt.org”
${DOM}. IN CAA 0 issuewild “;”
pic._domainkey.mg.${DOM}. IN TXT "k=rsa; p=<snipped-key>"
mg.${DOM}. IN TXT "v=spf1 include:mailgun.org ~all"
email.mg.${DOM}. IN CNAME mailgun.org.

Heres the error from: Virtualmin → System Settings → Re-Check Configuration

The status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active ..

    Your system has 31.4 GiB of memory, which is at or above the Virtualmin recommended minimum of 256 MiB.

    Errors were found in your system's BIND configuration : /etc/bind/named.conf.local:45: unknown option '$', /etc/bind/named.conf.local:48: unknown option 'in', /etc/bind/named.conf.local:51: unknown option 'in', /etc/bind/named.conf.local:52: unknown option '”', /etc/bind/named.conf.local:55: unknown option 'in', /etc/bind/named.conf.local:55: unknown option 'p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN...', /etc/bind/named.conf.local:58: unknown option 'in'

.. your system is not ready for use by Virtualmin.

Here’s my BIND where the error cropped up starting at row 42 (HA! it’s 42!)

/etc/bind/named.conf.local

zone "fqdn.tld" {
	type master;
	file "/var/lib/bind/fqdn.tld.hosts";
	$ {
		dom;
		};
	in CAA 0 issue “letsencrypt.org” $ {
		dom;
		};
	in CAA 0 issuewild “;
	” pic._domainkey.mg.$ {
		dom;
		};
	in TXT k=rsa; p=<snipped-key> mg.$ {
		dom;
		};
	in TXT v=spf1 include:mailgun.org ~all email.mg.$ {
		dom;
		};
	allow-transfer {
		127.0.0.1;
		localnets;
		123.456.789.012;
		123.456.789.012;
		123.456.789.012;
		};
	};

So, I don’t know where my ignorance is, but it’s obvious I’m doing something ignorant. What is it and what’s the best-practice replacement for what I was trying to achieve? I guess I thought that ${DOM} was getting macro replaced, but I barely know what I’m talking about here.

Bueller, Bueller, Bueller, …

I did that thing where each sub-server and virtual-server gets edited to not use DNS features and the error is gone now.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.