Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #16026
| Path | csiph.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Brett Delmage <Brett@BrettDelmage.ca> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | nsupdate apparently not working for me. What am I overlooking / doing wrong? |
| Date | Tue, 28 Jul 2020 22:30:05 -0400 (EDT) |
| Lines | 137 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.772.1595989778.942.bind-users@lists.isc.org> (permalink) |
| References | <alpine.DEB.2.21.2007282220460.32192@pannier.local> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; format=flowed; charset=US-ASCII |
| X-Trace | usenet.stanford.edu 1595989819 16759 149.20.1.60 (29 Jul 2020 02:30:19 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users <bind-users@lists.isc.org> |
| Return-Path | <Brett@BrettDelmage.ca> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| X-Spam-Status | No, score=1.3 required=5.0 tests=RDNS_NONE,SPF_PASS, T_SPF_HELO_PERMERROR autolearn=disabled version=3.4.2 |
| X-Spam-Level | * |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <alpine.DEB.2.21.2007282220460.32192@pannier.local> |
| Xref | csiph.com comp.protocols.dns.bind:16026 |
Show key headers only | View raw
nsupdate works according to updated contents of a dynamic zonefile
but dig does not report the added A record.
What am I doing stupidly here?
BIND version 1:9.16.5-1+ubuntu18.04.1
- both authoritative and local recursive
zone config:
zone "ottawatch.ca"
{
type master;
file "/var/lib/bind/master/ottawatch.ca";
allow-transfer { key "pannier-xfer"; };
notify yes;
update-policy { grant ddns-key.ottawatch.ca subdomain ottawatch.ca.; };
};
[do I have the correct update-policy syntax?]
(I also tried "update-policy local" with nsupdate -l, with same results.)
# nsupdate -D -k ddns-key.ottawatch.ca nsupdate.script
nsupdate.script:
server 127.0.0.1
zone ottawatch.ca.
update del ddns-update.ottawatch.ca. a
send
update add ddns-update.ottawatch.ca. 999 a 3.4.5.8
send
zone DB after update and "rndc sync" executed to incorporate .jnl:
$ORIGIN .
$TTL 900 ; 15 minutes
ottawatch.ca IN SOA cacloud.ottawatch.ca. hostmaster.ottawatch.ca. (
2020072808 ; serial
900 ; refresh (15 minutes)
180 ; retry (3 minutes)
2419200 ; expire (4 weeks)
900 ; minimum (15 minutes)
)
NS cacloud.ottawatch.ca.
NS pannier.ottawatch.ca.
A 206.248.172.47
MX 10 mail1.ottawajazzscene.ca.
TXT "v=spf1 a ip4:206.248.172.47 -all"
$ORIGIN ottawatch.ca.
cacloud A 23.111.69.176
AAAA 2607:7b00:7200:1::281a:5de2
$TTL 999 ; 16 minutes 39 seconds
ddns-update A 3.4.5.8 <--- nsupdate worked (it seems)
$TTL 900 ; 15 minutes
pannier A 206.248.172.47
AAAA 2607:f2c0:a000:1d1::73:1
# dig -4 @cacloud.ottawatch.ca cacloud.ottawatch.ca. a
; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca cacloud.ottawatch.ca. a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1862
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 195a1192604da78e010000005f20daf7193b36ec5545d879 (good)
;; QUESTION SECTION:
;cacloud.ottawatch.ca. IN A
;; ANSWER SECTION:
cacloud.ottawatch.ca. 900 IN A 23.111.69.176
;; Query time: 0 msec
;; SERVER: 23.111.69.176#53(23.111.69.176)
;; WHEN: Tue Jul 28 22:12:07 EDT 2020
;; MSG SIZE rcvd: 93
BUT dig does not report the nsupdate-added a record (NXDOMAIN):
# dig -4 @cacloud.ottawatch.ca ddns-key.ottawatch.ca. a
; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca ddns-key.ottawatch.ca. a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49598
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6db0ccbd0085ecca010000005f20db0f7cdb769b038236f9 (good)
;; QUESTION SECTION:
;ddns-key.ottawatch.ca. IN A
;; AUTHORITY SECTION:
ottawatch.ca. 900 IN SOA cacloud.ottawatch.ca. hostmaster.ottawatch.ca. 2020072808 900 180 2419200 900
;; Query time: 0 msec
;; SERVER: 23.111.69.176#53(23.111.69.176)
;; WHEN: Tue Jul 28 22:12:31 EDT 2020
;; MSG SIZE rcvd: 133
A record added to the dynamic zone file manually works:
dig -4 @cacloud.ottawatch.ca bb.ottawatch.ca. a
; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca bb.ottawatch.ca. a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8033
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8feed7fd82821e9a010000005f20dc3de1670c37be1dadbc (good)
;; QUESTION SECTION:
;bb.ottawatch.ca. IN A
;; ANSWER SECTION:
bb.ottawatch.ca. 900 IN A 3.4.5.9
;; Query time: 0 msec
;; SERVER: 23.111.69.176#53(23.111.69.176)
;; WHEN: Tue Jul 28 22:17:33 EDT 2020
;; MSG SIZE rcvd: 88
END OF DETAILS
Back to comp.protocols.dns.bind | Previous | Next | Find similar
nsupdate apparently not working for me. What am I overlooking / doing wrong? Brett Delmage <Brett@BrettDelmage.ca> - 2020-07-28 22:30 -0400
csiph-web