On 7/28/2010 10:41 PM, Mike Flathers wrote: > Is there a patch for bind 9 to add new zones dynamically without > having to run rndc reconfig? The server stops answering queries when > reconfig is loading in the new config as the config grows this timeout > increases. I haven't hit the source code yet, but something like rndc > addzone zonename [config options | clone zone] would be nice :)
Look for it in BIND 9.7.2
Here's what I have that creates zones, makes them dynamic and signs them
with no human interference (producing the DS record for the parent):
==SNIP==
#!/bin/bash
cd /etc/namedb
cp template master/${1}
rndc addzone ${1} { type master\;\
file \"master/${1}\"\;\
update-policy local\; \
auto-dnssec maintain\; \
}\;
dnssec-keygen -f KSK -K /etc/namedb/keys $1
dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key > ds/${1}
dnssec-keygen -K /etc/namedb/keys $1
rndc sign ${1}
==SNIP==
Yes, no error checking, etc, but it works well as a proof-of-concept...
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
