Wonder if you can use ddns zones with catalog zones, haven't tried it myself...
On Tue, Jan 29, 2019 at 11:27 AM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 01/29/2019 01:19 AM, ObNox wrote: > > Hi, > > Hi ObNox, > > > For that to work, I need to make sure every separated component works as > > expected when configured separately. > > Ah, yes. The joys / perils of testing discrete units individually and > then start pugging them together like Legos and making sure that things > still work. > > > Now, the trouble really begins : > > > > 1/ I update the zones files to uncomment the "test" record and update > > the serial number > > > > 2/ I update "named.conf" to uncomment the "allow-update" statement using > > "key-dhcp" > > > > 3/ "named-checkconf" does not complain so "rndc reload"! > > > > Problem : The syslog messages don't show the lines indicating that the > > zones have been reloaded, here's an extract : > > > > … > > > > I was expecting the usual messages after a zone change, like previously: > > > > … > > > > So now, with the new "allow-update" statement, the zones are not > > reloaded and this is confirmed by "dig" : > > > > … > > > > The new record "test.domain.tld" is not found and the serial is not the > > new one! > > I'm wondering if you're being bitten by something that got me years ago > when I first started messing with dynamic zones that allowed updates. > > In short, when dynamic updates are enabled, BIND will make changes to a > journal file (which I think is binary). You have to "freeze" and > "flush" the zone to be able to make to text file. > > So I'm guessing that your change wasn't detected because you > transitioned to dynamic updates ~> journal file at the same time (or > apparently) before BIND loaded the new zone. Thus the journal ~> BIND > was using the old version of the zone file. > > I've found that I do most of my zone administration via nsupdate on the > DNS server using the local key & socket. > > I only go through the "freeze" & "flush", edit, and "thaw" (& "sign" for > DNSSEC) cycle when I have more (complex) edits than I want to make via > nsupdate. (I've also wrapped nsupdate with rlwrap so that I have some > (readline) history and better nsupdate command line editing.) > > > I've tested dozens of combinations with both "allow-transfer" and > > "allow-update" by putting them at the "view" level, "options" level, > > "global" level, etc. and nothing changed. > > If BIND did do what I'm thinking, then your edits were functionally > lost. (Technically they may still be in the text file.) > > > So for now I'm lost and I need an expert's PoV to point what I'm doing > > wrong and/or what I missed! > > I'm far from an expert. But hopefully you can benefit from my toe > stubbing / razor cuts. > > > Thank you for any useful clue. > > Good luck. > > > > -- > Grant. . . . > unix || die > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
