In message <20160424222541.gb22...@harrier.slackbuilds.org>, /dev/rob0 writes: > On Sun, Apr 24, 2016 at 12:04:15PM -0700, jaso...@mail-central.com wrote: > > I'm doing an nsupdate to a remote server from my desktop > > > > cat nsupdate.txt > > server ns01.example.com > > debug yes > > zone example.net. > > update add test.example.net. 500 in TXT "TEST STRING" > > show > > send > > > > nsupdate -k ./jason-key ./nsupdate.txt > > > > On the nameserver, logs show what appears to be 'success', > > > > Apr 24 11:47:07 ns01 named[23053]: 24-Apr-2016 11:47:07.949 update-secu > rity: info: client 10.0.0.17#4218/key jason-key: view internal: signer "jason > -key" approved > > Apr 24 11:47:08 ns01 named[23053]: 24-Apr-2016 11:47:07.949 update: inf > o: client 10.0.0.17#4218/key jason-key: view internal: updating zone 'example > .net/IN': adding an RR at 'test.example.net' TXT "TEST STRING" > > > > checking with dig, it's NOT in 'TXT' where I expected it > > > > dig TXT example.net +short > > (empty) > > As Anand pointed out, you were wrong to expect it there. That's a > part of the mystery solved. > > > instead it's in 'AXFR' > > > > dig AXFR example.net > > > > ; <<>> DiG 9.10.3-P4 <<>> AXFR example.net > > ;; global options: +cmd > > example.net. 5 IN SOA ns01.example.c > om. ns-admin.example.com. 1461435298 7200 1800 604800 5 > > SOA serial is 1461435298 here ... > > > example.net. 5 IN NS ns01.example.c > om. > > example.net. 5 IN A 127.0.0.1 > > test.example.net. 500 IN TXT "TEST STRING" > > example.net. 5 IN SOA ns01.example.c > om. ns-admin.example.com. 1461435298 7200 1800 604800 5 > > ;; Query time: 1 msec > > ;; SERVER: 10.0.0.53#53(10.0.0.53) > > ;; WHEN: Sun Apr 24 11:48:58 PDT 2016 > > ;; XFR size: 5 records (messages 1, bytes 213) > > > > The journal HAS been modified > > > > cd <named chroot> > > grep -rlni acme . > > ./namedb/master/internal.example.net.zone.jnl > > > > After a bind restart, which iiuc is supposed to flush the journal to files, > > Yes it will, but this is not necessary. > > > systemctl stop named.service > > systemctl start named.service > > (My guess is that the problem occurs here. What did systemctl do?) > > > checking with dig, the update's missing > > > > dig AXFR example.net > > > > ; <<>> DiG 9.10.3-P4 <<>> AXFR example.net > > ;; global options: +cmd > > example.net. 5 IN SOA ns01.example.c > om. ns-admin.example.com. 1461435297 7200 1800 604800 5 > > 1461435298 has been reduced to 1461435297, as if the update had never > happened. > > > example.net. 5 IN NS ns01.example.c > om. > > example.net. 5 IN A 127.0.0.1 > > example.net. 5 IN SOA ns01.example.c > om. ns-admin.example.com. 1461435297 7200 1800 604800 5 > > Another problem with this zone is that the single NS host > "ns01.example.com." has no A/AAAA records. This zone would not pass > named-checkzone, which interestingly, is the same code which named > itself uses when initially loading a zone.
example.net != example.com The server is out of zone so named will not detect missing address records. named-checkzone can detect missing address records as it does out of zone checks. > > ;; Query time: 2829 msec > > ;; SERVER: 10.0.0.53#53(10.0.0.53) > > ;; WHEN: Sun Apr 24 11:52:32 PDT 2016 > > ;; XFR size: 4 records (messages 1, bytes 178) > > > > cd <named chroot> > > grep -rlni acme . > > (empty) > > > > What am I failing to do to make this update persistent across flush/restart > , as intended? > > What is deleting your journal? It's not named doing that. > > Why was the journal not written to the zone file on exit? That's > something named DOES do. It depends on how named is stopped. "rndc stop" will write out the zone file as will "kill -TERM". "rndc halt" doesn't. In either case the journal remains and is read and applied on startup. > The smoking gun is in the hand of systemctl ... > -- > http://rob0.nodns4.us/ > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
