On 2/4/19 7:03 AM, @lbutlr wrote: > # nsupdate -d -v -l example.com > Creating key... > namefromtext > keycreate > incorrect section name: $ORIGIN
I'd recommend that you use nsupdate in interactive mode first. --SNIP-- root@svlg-gateway:/etc/namedb# nsupdate -l > update add funnyrecord.boat 3600 in a 1.1.1.1 > send > quit --SNIP-- Here, I've added an A record "funnyrecord.boat" to the local nameserver. It was accepted (no error message) and the record was signed: --SNIP-- root@svlg-gateway:/etc/namedb# dig funnyrecord.boat +dnssec ; <<>> DiG 9.13.5 <<>> funnyrecord.boat +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35274 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; COOKIE: 840786d22b259dd36f9300b85c584de5adea6d3ab34b6fde (good) ;; QUESTION SECTION: ;funnyrecord.boat. IN A ;; ANSWER SECTION: funnyrecord.boat. 3600 IN A 1.1.1.1 funnyrecord.boat. 3600 IN RRSIG A 8 2 3600 20190306143508 20190204133508 27363 boat. ULJiOVWd3jordtZZnp/1wUZul8Y6xLcEu0kh8mtCDFXGG2QlsKdyeZxb dO54X241NOJRN6dI2RKH05DtErlhFHjLpnrus4BahuZKbWeuOXApCZ4r +XPqManyq+3hyEFCJ8QM1fHSBbuDIyz7nKjr+T+xh/8pUowqNgMoBx+Y 08c= ;; Query time: 1 msec ;; SERVER: 44.127.8.1#53(44.127.8.1) ;; WHEN: Mon Feb 04 14:36:21 UTC 2019 ;; MSG SIZE rcvd: 253 --SNIP-- I can also remove records: --SNIP-- root@svlg-gateway:/etc/namedb# nsupdate -l > update delete funnyrecord.boat > send > quit root@svlg-gateway:/etc/namedb# dig funnyrecord.boat +dnssec ; <<>> DiG 9.13.5 <<>> funnyrecord.boat +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16202 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; COOKIE: 044b781a89250d108be3c3345c584e25b636b5386f74056a (good) ;; QUESTION SECTION: ;funnyrecord.boat. IN A ;; AUTHORITY SECTION: boat. 300 IN SOA admin. ns1.boat. 169 3600 600 86400 300 boat. 300 IN RRSIG SOA 8 1 8600 20190306143720 20190204133720 27363 boat. rx9ZfD6u9O5Hz1+1KkUnr0kqq8k45ljYmTQj1kFb6xQ7HFG13XkMkzbl DDzjAoO1BIymYm8S1Kxq5lMXPNvAnPEChlhRW6xWVnWg4UyWnkzkzRCc hME2NdE4WxSDZ3MMAnEELk29whmYcPIKVQJPgYjtHFJ7KS23PgoWb0qp ciA= boat. 300 IN NSEC alans-time-capsule.boat. NS SOA RRSIG NSEC DNSKEY TYPE65534 boat. 300 IN RRSIG NSEC 8 1 300 20190222045229 20190123035229 27363 boat. AevHxXgaJkotnUTv1jUJnBigUjkUO4gcI/V5AieuCR4cBdxMiRYa1WYS pI+qPQcAzgTf7p/0RCXq45CVrjiXCoh/eEaQgxlqASSCTabCgVE9i0Dw eVgE6NDXe4gtu3GEjhecCj3x3Xd2q6DEWYYQNJkg6fjjZr8xYCsjdYhw V88= canboat.boat. 300 IN NSEC Google-Home-Mini.boat. A TXT RRSIG NSEC canboat.boat. 300 IN RRSIG NSEC 8 2 300 20190306143720 20190204133720 27363 boat. RGLL6h/nX4/MMt+b2w9BA8LAg3R+5oXn73KG6DAKP57Q1Ak+NyFBYeil 4Pkz5w7qgA4k4nRrriTJ0kmckTlaODfx1KWZEOR33nqctK37lOIaenmx Rd7d98qP7/+A0v68T5DSXI9ZNlx5688isxXo2ZTLP2bKFEWYbDZXBEtr DdM= ;; Query time: 1 msec ;; SERVER: 44.127.8.1#53(44.127.8.1) ;; WHEN: Mon Feb 04 14:37:25 UTC 2019 ;; MSG SIZE rcvd: 741 --SNIP-- Those are the basic things you can do with nsupdate... add and delete. Changes are done by deleting the old and then adding the new. The SOA record is updated automatically and all is well with the world. AlanC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
