Discussion:
how to dynamically change/update (own private) domain record
lejeczek via bind-users
2018-09-22 15:53:03 UTC
Permalink
hi guys

is it possible to update domain(not hosts of/in the domain) records?

Something like

domain.local A 10.1.1.100

simple, right?

I'm trying nsupdate but it refuses to do above.

many thanks, L.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
lejeczek via bind-users
2018-09-22 16:20:50 UTC
Permalink
Post by lejeczek via bind-users
is it possible to update domain(not hosts of/in the domain) records?
there is nothing like "not hosts of/in the domain"
Post by lejeczek via bind-users
Something like
domain.local A 10.1.1.100
which is simply an A record and not "not hosts of/in the domain"
Post by lejeczek via bind-users
simple, right?
I'm trying nsupdate but it refuses to do above
what about provide informations like state of the zone file and
unaltered input/output of "nsupdate" given that crystal balls are out of
order?
from my previous post, (different subject):

..
update delete ddd.dom.local. 86400 in a 10.3.1.100
send
update add dom.local. 86400 in a 10.3.1.100
send
update failed: REFUSED

..and in logs:
client @0x7fd7a40f2e40 127.0.0.1#9489/key nsupdate_key: updating zone
'dom.local/IN': update failed: rejected by secure update (REFUSED)

..and zone:
  zone "dom.local" IN {
    auto-dnssec maintain;
    key-directory "myZones";
    allow-query     { localhost; dom.local; };
    #allow-update { key dhcpd; key nsupdate_key; };
    update-policy {
      grant dhcpd wildcard *.dom.local. A CNAME TXT;
      grant nsupdate_key wildcard *.dom.local. A CNAME TXT;
    };
    # below line would be for a slave/stub secondary server
    #allow-transfer { localbox; 172.25.12.203; };
    type master;
    file "myZones/dom.local.signed";
  };

thanks, L
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.or
Mark Andrews
2018-09-22 20:58:38 UTC
Permalink
The update policy rules you have don’t allow the apex to be updated. Change the rule types to “subdomain” and the name fields to “dom.local”.
--
Mark Andrews
Post by lejeczek via bind-users
Post by lejeczek via bind-users
is it possible to update domain(not hosts of/in the domain) records?
there is nothing like "not hosts of/in the domain"
Post by lejeczek via bind-users
Something like
domain.local A 10.1.1.100
which is simply an A record and not "not hosts of/in the domain"
Post by lejeczek via bind-users
simple, right?
I'm trying nsupdate but it refuses to do above
what about provide informations like state of the zone file and
unaltered input/output of "nsupdate" given that crystal balls are out of
order?
..
update delete ddd.dom.local. 86400 in a 10.3.1.100
send
update add dom.local. 86400 in a 10.3.1.100
send
update failed: REFUSED
zone "dom.local" IN {
auto-dnssec maintain;
key-directory "myZones";
allow-query { localhost; dom.local; };
#allow-update { key dhcpd; key nsupdate_key; };
update-policy {
grant dhcpd wildcard *.dom.local. A CNAME TXT;
grant nsupdate_key wildcard *.dom.local. A CNAME TXT;
};
# below line would be for a slave/stub secondary server
#allow-transfer { localbox; 172.25.12.203; };
type master;
file "myZones/dom.local.signed";
};
thanks, L
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/ma
lejeczek via bind-users
2018-09-23 13:41:15 UTC
Permalink
Post by Mark Andrews
The update policy rules you have don’t allow the apex to be updated. Change the rule types to “subdomain” and the name fields to “dom.local”.
fantastycznie!

many! thanks

may I also ask why cname does not work in my setup?

client @0x7f4d84094190 10.3.1.100#12046/key nsupdate_key: updating zone
'dom.local/IN': attempt to add CNAME alongside non-CNAME ignored

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.

Loading...