Re: Nsupdate and TTL

Thu, 23 Apr 2020 00:33:14 -0700 

Hello,
From my experience you don't need to delete whole set, I was actually doing this quite recently and discovered and interesting behavior of BIND server - last record you add will override the TTL value for a set. 


So if you add another NS record to a zone, all existing NS records will 
have TTL overriden with the last one you add.


On 23/04/2020 01:06, Mark Andrews wrote:



On 23 Apr 2020, at 07:20, Evan Hunt <e...@isc.org> wrote:

On Wed, Apr 22, 2020 at 03:04:38PM -0600, @lbutlr via bind-users wrote:

# nsupdate -k /path/to/key

zone example.com
ttl 3600
send
^d

No errors, but no change in the TTL.

"ttl 3600" just means "from now on assume I mean ttl 3600 in all the
records I send". You didn't actually send an update, so nothing changed..

As far as I can recall, the only way to change a TTL in nsupdate is to
delete the whole RRset and then add it back in the same transaction:


zone example.com
ttl 3600
update del example.com in a
update add example.com in a 192.0.2.1
update add example.com in a 192.0.2.2
update add example.com in a 192.0.2.3
send

Also don’t forget to add a prerequisite section to ensure you are removing
the records you think you are.

zone example.com
ttl 3600
prereq yxrrset example.com in a 192.0.2.1
prereq yxrrset example.com in a 192.0.2.2
prereq yxrrset example.com in a 192.0.2.3
update del example.com in a
update add example.com in a 192.0.2.1
update add example.com in a 192.0.2.2
update add example.com in a 192.0.2.3
send

Also note you can’t do it this way for the NS RRset at top of zone.  You need to
delete the NS RRs individually and then add them back without deleting all the
NS at any point in the process as the NS RRset is required to always exist.

Note: named only keeps a single TTL for a RRset so it will update the TTL on all
the records when you add a new one with a different TTL but this is not part of
the UPDATE RFC.


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to