On 29/01/2019 17:26, Grant Taylor via bind-users wrote:
Sorry for the late replies, I'm drowning with all the stuff I have to do
and getting late on every project.
For that to work, I need to make sure every separated component works
as expected when configured separately.
Ah, yes. The joys / perils of testing discrete units individually and
then start pugging them together like Legos and making sure that things
still work.
I always use this method. It's way slower but I end up having a better
understanding at each component and I know why it works (instead of
being surprised it works :))
I'm wondering if you're being bitten by something that got me years ago
when I first started messing with dynamic zones that allowed updates.
In short, when dynamic updates are enabled, BIND will make changes to a
journal file (which I think is binary). You have to "freeze" and
"flush" the zone to be able to make to text file.
Indeed you nailed it! The minute I activate the "allow-update { key XXX;
};" statement, "rndc reload" does not reload the zones even if the
contents were updated the proper way.
I have to "freeze" + "thaw" to see them properly (re)loaded!
So I'm guessing that your change wasn't detected because you
transitioned to dynamic updates ~> journal file at the same time (or
apparently) before BIND loaded the new zone. Thus the journal ~> BIND
was using the old version of the zone file.
The journal data, at this point must be memory-only because no journal
file is written upon "rndc reload" after the dynamic updates transition.
I've found that I do most of my zone administration via nsupdate on the
DNS server using the local key & socket.
I'll be using nsupdate only in the future but you know, the "test each
component first" strategy bites you in the ass. In this case, it looked
like some bug was triggered where in reality, there was nothing...
If BIND did do what I'm thinking, then your edits were functionally
lost. (Technically they may still be in the text file.)
Good catch, Bind did what you were thinking, you wizard :)
Good luck.
I don't need luck, I need people who know! And that's what I had, so
thank you :)
--
ObNox
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
