Path: csiph.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!feeder.usenetexpress.com!tr3.eu1.usenetexpress.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!news.killfile.org!usenet.stanford.edu!not-for-mail
From: Brett Delmage <Brett@BrettDelmage.ca>
Newsgroups: comp.protocols.dns.bind
Subject: Re: nsupdate apparently not working for me. What am I overlooking / doing wrong?
Date: Tue, 28 Jul 2020 23:29:28 -0400 (EDT)
Lines: 36
Approved: bind-users@lists.isc.org
Message-ID: <mailman.774.1595993336.942.bind-users@lists.isc.org>
References: <alpine.DEB.2.21.2007282220460.32192@pannier.local> <D22E9F6E-14D6-47E2-A511-357DCE921524@isc.org> <alpine.DEB.2.21.2007282317350.9231@pannier.local>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="8323328-590702738-1595993368=:9231"
X-Trace: usenet.stanford.edu 1595993377 19681 149.20.1.60 (29 Jul 2020 03:29:37 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bind-users <bind-users@lists.isc.org>
To: Mark Andrews <marka@isc.org>
Return-Path: <Brett@BrettDelmage.ca>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
In-Reply-To: <D22E9F6E-14D6-47E2-A511-357DCE921524@isc.org>
X-Spam-Status: No, score=1.3 required=5.0 tests=RDNS_NONE,SPF_PASS, T_SPF_HELO_PERMERROR autolearn=disabled version=3.4.2
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <alpine.DEB.2.21.2007282317350.9231@pannier.local>
X-Mailman-Original-References: <alpine.DEB.2.21.2007282220460.32192@pannier.local> <D22E9F6E-14D6-47E2-A511-357DCE921524@isc.org>
Xref: csiph.com comp.protocols.dns.bind:16028

--8323328-590702738-1595993368=:9231
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT

On Wed, 29 Jul 2020, Mark Andrews wrote:

> Make sure you are using the CORRECT name in the dig query.  You used
> ddns-key.ottawatch.ca instead of ddns-update.ottawatch.ca.

Thanks Mark... so tired I didn't see that when staring at it. 
(Blame grass allergies and terrible heat lately.)

> Also you can delete and add in the same UPDATE operation.  Remove the
> first “send” in nsupdate.script.

Yes, thanks for the tip. I did man nsupdate :-) I had 
nsupdate debug enabled earlier, so split this it up while testing.

> Also ottawatch.ca has DS records but the zone is not signed.  You need
> to fix this as lookups are failing for anyone that is validating responses.

Again, testing artifact. Domain is actually signed but I disabled that and 
took it out of the config to simplify while testing.

Domain is not live for anything now but my kicking around so no harm done 
except to eagle eyes like yours who look up DNSSEC chain of trust :-)

Thanks for your second look and premiere response.

Brett

p.s. this Mailman list is slightly misconfigured. I have DKIM signing and 
a DMARC policy, so get lots of failure reports when I post to this list. 
Any chance you guys could toggle that flag so the list doesn't break DKIM 
signing? It's a straight-forward toggle; I use it on Mailman lists I run.
--8323328-590702738-1595993368=:9231--