adding DS record via nsupdate

Tue, 05 Feb 2013 15:32:27 -0800 

Hello -

I am trying to add a DS record via nsupdate and I can't get it to succeed.

It does not generate an error, but when I dig for the DS record I get NXDOMAIN.

What I edit the zone file and add the same DS record  and reload, I can query it
just fine.

I do the following as an example:

nsupdate -d
server <ip addr>
zone test.net
update add subzone.test.net 9999 IN DS 34845 7 1 
325AA7B83FAC7DB621678EB2FB9035B51A0A504F
send

The output is
Sending update to <ip>#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45236
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
;; ZONE SECTION:
;test.net.                      IN      SOA

;; UPDATE SECTION:
subzone.test.net.       9999    IN      DS      34845 7 1 
325AA7B83FAC7DB621678EB2FB9035B51A0A504F


Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45236
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;test.net.                      IN      SOA

<end>

Dig results

 dig @<ip> +noadflag +nocdflag -t ds subzone.test.net.

; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21747
;; flags: qr aa rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;subzone.test.net.              IN      DS

;; AUTHORITY SECTION:
test.net.               500     IN      SOA     xxxx.test.net. 
hostmaster.xxxx.test.net. 2013010938 10800 3600 604800 86400


When I put the DS record in the zone manually:

tail <zonefile>:
subzone.test.net.       9999    IN      DS      34845 7 1 
325AA7B83FAC7DB621678EB2FB9035B51A0A504F

and do a dig, it works:
dig @<ip> -t ds subzone.test.net.

; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21326
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;subzone.test.net.              IN      DS

;; ANSWER SECTION:
subzone.test.net.       9999    IN      DS      34845 7 1 
325AA7B83FAC7DB621678EB2FB9035B51A0A504F

;; Query time: 0 msec

Should this work?
Thank you

--
Jack Tavares
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to