Path: csiph.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: Brett Delmage Newsgroups: comp.protocols.dns.bind Subject: nsupdate apparently not working for me. What am I overlooking / doing wrong? Date: Tue, 28 Jul 2020 22:30:05 -0400 (EDT) Lines: 137 Approved: bind-users@lists.isc.org Message-ID: References: NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Trace: usenet.stanford.edu 1595989819 16759 149.20.1.60 (29 Jul 2020 02:30:19 GMT) X-Complaints-To: action@cs.stanford.edu To: bind-users Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org X-Spam-Status: No, score=1.3 required=5.0 tests=RDNS_NONE,SPF_PASS, T_SPF_HELO_PERMERROR autolearn=disabled version=3.4.2 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: Xref: csiph.com comp.protocols.dns.bind:16026 nsupdate works according to updated contents of a dynamic zonefile but dig does not report the added A record. What am I doing stupidly here? BIND version 1:9.16.5-1+ubuntu18.04.1 - both authoritative and local recursive zone config: zone "ottawatch.ca" { type master; file "/var/lib/bind/master/ottawatch.ca"; allow-transfer { key "pannier-xfer"; }; notify yes; update-policy { grant ddns-key.ottawatch.ca subdomain ottawatch.ca.; }; }; [do I have the correct update-policy syntax?] (I also tried "update-policy local" with nsupdate -l, with same results.) # nsupdate -D -k ddns-key.ottawatch.ca nsupdate.script nsupdate.script: server 127.0.0.1 zone ottawatch.ca. update del ddns-update.ottawatch.ca. a send update add ddns-update.ottawatch.ca. 999 a 3.4.5.8 send zone DB after update and "rndc sync" executed to incorporate .jnl: $ORIGIN . $TTL 900 ; 15 minutes ottawatch.ca IN SOA cacloud.ottawatch.ca. hostmaster.ottawatch.ca. ( 2020072808 ; serial 900 ; refresh (15 minutes) 180 ; retry (3 minutes) 2419200 ; expire (4 weeks) 900 ; minimum (15 minutes) ) NS cacloud.ottawatch.ca. NS pannier.ottawatch.ca. A 206.248.172.47 MX 10 mail1.ottawajazzscene.ca. TXT "v=spf1 a ip4:206.248.172.47 -all" $ORIGIN ottawatch.ca. cacloud A 23.111.69.176 AAAA 2607:7b00:7200:1::281a:5de2 $TTL 999 ; 16 minutes 39 seconds ddns-update A 3.4.5.8 <--- nsupdate worked (it seems) $TTL 900 ; 15 minutes pannier A 206.248.172.47 AAAA 2607:f2c0:a000:1d1::73:1 # dig -4 @cacloud.ottawatch.ca cacloud.ottawatch.ca. a ; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca cacloud.ottawatch.ca. a ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1862 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 195a1192604da78e010000005f20daf7193b36ec5545d879 (good) ;; QUESTION SECTION: ;cacloud.ottawatch.ca. IN A ;; ANSWER SECTION: cacloud.ottawatch.ca. 900 IN A 23.111.69.176 ;; Query time: 0 msec ;; SERVER: 23.111.69.176#53(23.111.69.176) ;; WHEN: Tue Jul 28 22:12:07 EDT 2020 ;; MSG SIZE rcvd: 93 BUT dig does not report the nsupdate-added a record (NXDOMAIN): # dig -4 @cacloud.ottawatch.ca ddns-key.ottawatch.ca. a ; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca ddns-key.ottawatch.ca. a ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49598 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 6db0ccbd0085ecca010000005f20db0f7cdb769b038236f9 (good) ;; QUESTION SECTION: ;ddns-key.ottawatch.ca. IN A ;; AUTHORITY SECTION: ottawatch.ca. 900 IN SOA cacloud.ottawatch.ca. hostmaster.ottawatch.ca. 2020072808 900 180 2419200 900 ;; Query time: 0 msec ;; SERVER: 23.111.69.176#53(23.111.69.176) ;; WHEN: Tue Jul 28 22:12:31 EDT 2020 ;; MSG SIZE rcvd: 133 A record added to the dynamic zone file manually works: dig -4 @cacloud.ottawatch.ca bb.ottawatch.ca. a ; <<>> DiG 9.16.5-Ubuntu <<>> -4 @cacloud.ottawatch.ca bb.ottawatch.ca. a ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8033 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8feed7fd82821e9a010000005f20dc3de1670c37be1dadbc (good) ;; QUESTION SECTION: ;bb.ottawatch.ca. IN A ;; ANSWER SECTION: bb.ottawatch.ca. 900 IN A 3.4.5.9 ;; Query time: 0 msec ;; SERVER: 23.111.69.176#53(23.111.69.176) ;; WHEN: Tue Jul 28 22:17:33 EDT 2020 ;; MSG SIZE rcvd: 88 END OF DETAILS