Skip to content

How to Fix BIND Zone File Syntax Error

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about How to Fix BIND Zone File Syntax Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

BIND fails to load a zone with dns_master_load: /etc/bind/db.example.com:5: ignoring out-of-zone data or has no $TTL directive — the zone file has syntax errors or missing required records.

The Problem

zone example.com/IN: loading from master file db.example.com failed:
db.example.com:5: ignoring out-of-zone data
zone example.com/IN: not loaded due to errors.

Step-by-Step Fix

Step 1: Add $TTL directive

; Correct zone file structure
$TTL 3600
$ORIGIN example.com.

@   IN  SOA ns1.example.com. admin.example.com. (
        2024062401  ; Serial
        3600        ; Refresh
        900         ; Retry
        604800      ; Expire
        86400       ; Minimum TTL
)

@       IN  NS      ns1.example.com.
@       IN  NS      ns2.example.com.
@       IN  A       192.0.2.1
www     IN  A       192.0.2.1
mail    IN  MX 10   mail.example.com.

Step 2: Use named-checkzone

sudo named-checkzone example.com /etc/bind/db.example.com

Expected:

zone example.com/IN: loaded serial 2024062401
OK

Step 3: Fix common syntax issues

; Wrong: missing trailing dots in FQDN
@   IN  NS  ns1.example.com

; Right: trailing dot for FQDN
@   IN  NS  ns1.example.com.

; Wrong: space in domain name
www IN A 192.0.2.1

; Right: tabs or consistent spacing
www IN A 192.0.2.1

Step 4: Check serial number format

# Signed 32-bit integer, typically YYYYMMDDNN
# Increment each time the zone is modified

Step 5: Reload BIND

sudo rndc reload
# Or restart
sudo systemctl restart bind9

Prevention Tips

  • Always run named-checkzone before reloading
  • Use a consistent serial number format (YYYYMMDDNN)
  • Include $TTL at the top of every zone file
  • Use full FQDNs with trailing dots in NS and MX records

Common Mistakes with zone file error

  1. Mixing let bindings with <- bindings in do notation, producing type errors
  2. Overlapping type class instances that cause GHC to reject the program with ambiguous dispatch errors
  3. Non-exhaustive pattern matches that compile with warnings then crash at runtime

These mistakes appear frequently in real-world BIND code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### What does "ignoring out-of-zone data" mean in BIND?

A record in the zone file has a name outside the zone's authority. For example, if the $ORIGIN is example.com., a record like other.com. IN A 1.2.3.4 is out of zone. Remove the record or use a different zone file.

Why does BIND require $TTL at the top of zone files?

The $TTL directive sets the default Time-To-Live for all subsequent records without explicit TTL values. BIND refuses to load zone files without a $TTL directive as required by the DNS standards (RFC 2308).

How do I use named-checkzone to validate zone files?

Run named-checkzone <zone-name> <zone-file>. Example: sudo named-checkzone example.com /etc/bind/db.example.com. The tool checks syntax, validates record types, and reports any errors or warnings before the zone is loaded.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro