Just so I find it again when I run across the same problem in the future:

I wanted to log in to one of my servers and couldn’t access it, because I couldn’t resolve the name from one specific domain. All other domains worked fine.

So let’s head over to the DNS server and check what we can do. I’m running BIND, and it ships with two tools, named-checkconf and named-checkzone. As the name implies named-checkconf checks the overall configuration, named-checkzone single zone. There is also an option -z for named-checkconf that checks all the primary zones found in the configuration.

I’m using this in a Makefie to reload BIND after I’ve made changes. I just type make, and my configuration gets checked and if everything is okay, BIND will be reloaded:

root@dns:/etc/bind# cat Makefile
all:
        /usr/sbin/named-checkconf -z
        /usr/sbin/rndc reload

But both named-checkconf and named-checkzone showed that the configuration and the zone were okay.

The Name Server Control Utility (rndc) has some more options we can use.

root@dns:/etc/bind# rndc zonestatus badzone
rndc: 'zonestatus' failed: zone not loaded

We can now try to reload that zone with rndc:

root@dns:/etc/bind# rndc reload badzone
rndc: 'reload' failed: out of range

The first useful link appeared around seventh or eight search result and I didn’t find it myself, someone in #denog over on IRCNET was very helpful. Thanks.

So the bad zone allowed dynamic updates and something with the journal-file was messed up. Here is what to do:

rndc freeze badzone

Then find a file with your zone name and ending in jnl. Remove it.

rm badzone.jnl

And know thaw the zone:

rndc thaw badzone