Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15914

Re: Fun with nsudpate and ac1.nstld.com

Path csiph.com!aioe.org!nntp.terraraq.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From "@lbutlr" <kremels@kreme.com>
Newsgroups comp.protocols.dns.bind
Subject Re: Fun with nsudpate and ac1.nstld.com
Date Tue, 7 Jul 2020 10:22:02 -0600
Lines 35
Approved bind-users@lists.isc.org
Message-ID <mailman.626.1594138904.942.bind-users@lists.isc.org> (permalink)
References <61C908E7-0934-4EAD-965E-BB4BFF3A43E7@kreme.com> <CAAeHe+wJ5tDcq__F0tbGXtm-9jURmajCjDQPJSgJR7b5DaaUbw@mail.gmail.com> <9ABC733A-A0FB-4569-B037-90ACBB82AE4D@kreme.com> <A118175B-E33A-462A-9BD3-6D3C2EB0E4D2@isc.org> <D8B5190D-5B3F-4F34-9A3F-F10D1C856B22@kreme.com>
NNTP-Posting-Host lists.isc.org
Content-Type text/plain; charset=utf-8
Content-Transfer-Encoding quoted-printable
X-Trace usenet.stanford.edu 1594138938 9044 149.20.1.60 (7 Jul 2020 16:22:18 GMT)
X-Complaints-To action@cs.stanford.edu
To bind-users <bind-users@lists.isc.org>
Return-Path <kremels@kreme.com>
X-Original-To bind-users@lists.isc.org
Delivered-To bind-users@lists.isc.org
In-Reply-To <A118175B-E33A-462A-9BD3-6D3C2EB0E4D2@isc.org>
X-Mailer Apple Mail (2.3645.0.6.2.3)
X-Spam-Status No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere bind-users@lists.isc.org
X-Mailman-Version 2.1.29
Precedence list
List-Id BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive <https://lists.isc.org/pipermail/bind-users/>
List-Post <mailto:bind-users@lists.isc.org>
List-Help <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID <D8B5190D-5B3F-4F34-9A3F-F10D1C856B22@kreme.com>
X-Mailman-Original-References <61C908E7-0934-4EAD-965E-BB4BFF3A43E7@kreme.com> <CAAeHe+wJ5tDcq__F0tbGXtm-9jURmajCjDQPJSgJR7b5DaaUbw@mail.gmail.com> <9ABC733A-A0FB-4569-B037-90ACBB82AE4D@kreme.com> <A118175B-E33A-462A-9BD3-6D3C2EB0E4D2@isc.org>
Xref csiph.com comp.protocols.dns.bind:15914

Show key headers only | View raw

On 06 Jul 2020, at 17:59, Mark Andrews <marka@isc.org> wrote:
> Nsupdate can normally determine the name of the zone that has to be updated so most of the time you don’t need to specify the zone.  There are a few cases, like when adding delegating NS records or glue to the parent zone you have to override the normal zone discovery procedure.

So if I were to try adding web2.example.com via nsupdate I could simply 

> update add web2.example.com 96400 IN CNAME www.covisp.net
> send

That's good to know, but I fear I will remember that and use it in cases where I do need to specify it and muck things up.

I change DNS settings so infrequently that each time it is almost like starting over, especially since the underlying software has changed as well. Also, I need better notes, which I am taking this time. (Most of the serials on the DNS files are more than two years old)

The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16. I've noticed no fallout from simply uncommenting it, so I assume it is either required now or implied with dnssec-validation set or auto-dnssec in the zone config.

I do have motivation to get all this nsupdate stuff square, however, as I want to move Letsencrypt to wildcard certs and that requires updating the DNS during the LE exchange.



-- 
Vi Veri Veniversum Vivus Vici

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: Fun with nsudpate and ac1.nstld.com "@lbutlr" <kremels@kreme.com> - 2020-07-07 10:22 -0600

csiph-web