________________________________ From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Ondřej Surý <ond...@isc.org> Sent: Wednesday, January 27, 2021 8:29 AM To: Greg Donohoe <dubgr...@gmail.com> Cc: bind-users@lists.isc.org <bind-users@lists.isc.org> Subject: Re: Reverse zone reformatting after nsupdate execution
You might want to change `masterfile-style` configuration option: https://bind9.readthedocs.io/en/latest/reference.html?highlight=masterfile-style#tuning Ondrej -- Ondřej Surý (He/Him) ond...@isc.org > On 27. 1. 2021, at 14:23, Ondřej Surý <ond...@isc.org> wrote: > > Greg, > > there’s nothing wrong with the zone contents. $ORIGIN means “now append this > to every name not ending with dot”. > > Ondřej > -- > Ondřej Surý — ISC (He/Him) > >> On 27. 1. 2021, at 14:06, Greg Donohoe <dubgr...@gmail.com> wrote: >> >> >> Hello. I am hoping that someone can help me to figure out the cause of an >> issue I am seeing when running nsupdate on my BIND9 server. >> Below you will find all the the details as to how my server is configured >> and also the nsupdate commands that I am running. >> >> The issue I am seeing is that I have configured a /16 10.10.in-addr.arpa >> reverse zone, however when I execute nsupdate the 10.10.in-addr.arpa.dns >> zone file re formats the $ORIGIN to a /24 156.10.10.in-addr.arpa. >> This appears to be an issue with nsupdate rather than BIND itself as I can >> manually amend the 10.10.in-addr.arpa.dns zone file whcih always remains in >> a /16 format. >> >> Please see below for details and if you need any further information please >> let me know. >> >> ############################### >> named.conf >> ############################### >> greg@hp-linux:/etc/bind$ cat named.conf >> ## OPTIONS >> options { >> directory "/var/cache/bind"; >> >> recursion no; >> listen-on port 53 { any; }; >> allow-query { any; }; >> allow-update { any; }; >> >> forwarders { >> 10.10.8.120; >> 10.196.207.11; >> }; >> >> dnssec-validation auto; >> >> auth-nxdomain no; # conform to RFC1035 >> listen-on-v6 { any; }; >> }; >> >> >> ## ZONES >> # Zone statement for forward DNS lookups >> zone "example.com" IN { >> type master; >> file "/etc/bind/master/example.com.dns"; >> allow-update { any; }; >> }; >> zone "10.10.in-addr.arpa" IN { >> type master; >> file "/etc/bind/master/10.10.in-addr.arpa.dns"; >> allow-update { any; }; >> }; >> >> ################################################### >> The batch.txt file I use to run nsupdate >> ################################################### >> server 127.0.0.1 >> zone example.com >> update add test.example.com 86400 IN A 10.10.156.37 >> send >> server 127.0.0.1 >> zone 10.10.in-addr.arpa. >> update add 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com >> send >> server 127.0.0.1 >> zone example.com >> update add test1.example.com 86400 IN A 10.10.156.38 >> send >> server 127.0.0.1 >> zone 10.10.in-addr.arpa. >> update add 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com >> send >> >> ###################################################### >> nsupdate debug output >> ###################################################### >> greg@hp-linux:/etc/bind/master$ nsupdate -D -v batch1.txt >> setup_system() >> reset_system() >> user_interaction() >> do_next_command() >> do_next_command() >> do_next_command() >> evaluate_update() >> update_addordelete() >> do_next_command() >> start_update() >> send_update() >> Sending update to 127.0.0.1#53 >> show_message() >> Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 15755 >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;example.com. IN SOA >> >> ;; UPDATE SECTION: >> test.example.com. 86400 IN A 10.10.156.37 >> >> update_completed() >> show_message() >> >> Reply from update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 15755 >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;example.com. IN SOA >> >> done_update() >> reset_system() >> user_interaction() >> do_next_command() >> do_next_command() >> do_next_command() >> evaluate_update() >> update_addordelete() >> do_next_command() >> start_update() >> send_update() >> Sending update to 127.0.0.1#53 >> show_message() >> Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 38067 >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;10.10.in-addr.arpa. IN SOA >> >> ;; UPDATE SECTION: >> 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com. >> >> update_completed() >> show_message() >> >> Reply from update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 38067 >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;10.10.in-addr.arpa. IN SOA >> >> done_update() >> reset_system() >> user_interaction() >> do_next_command() >> do_next_command() >> do_next_command() >> evaluate_update() >> update_addordelete() >> do_next_command() >> start_update() >> send_update() >> Sending update to 127.0.0.1#53 >> show_message() >> Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22045 >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;example.com. IN SOA >> >> ;; UPDATE SECTION: >> test1.example.com. 86400 IN A 10.10.156.38 >> >> update_completed() >> show_message() >> >> Reply from update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22045 >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;example.com. IN SOA >> >> done_update() >> reset_system() >> user_interaction() >> do_next_command() >> do_next_command() >> do_next_command() >> evaluate_update() >> update_addordelete() >> do_next_command() >> start_update() >> send_update() >> Sending update to 127.0.0.1#53 >> show_message() >> Outgoing update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7571 >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;10.10.in-addr.arpa. IN SOA >> >> ;; UPDATE SECTION: >> 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com. >> >> update_completed() >> show_message() >> >> Reply from update query: >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7571 >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 >> ;; ZONE SECTION: >> ;10.10.in-addr.arpa. IN SOA >> >> done_update() >> reset_system() >> user_interaction() >> cleanup() >> Shutting down task manager >> shutdown_program() >> Shutting down request manager >> Destroy DST lib >> Destroying request manager >> Freeing the dispatchers >> Shutting down dispatch manager >> Destroying event >> Shutting down socket manager >> Shutting down timer manager >> Removing log context >> Destroying memory context >> greg@hp-linux:/etc/bind/master$ systemctl restart named.service >> >> ###################################################### >> Forward zone file after the nsupdate >> ###################################################### >> greg@hp-linux:/etc/bind/master$ cat example.com.dns >> $ORIGIN . >> $TTL 3600 ; 1 hour >> example.com IN SOA ns1.example.com. admin\.example.com. ( >> 2 ; serial >> 900 ; refresh (15 minutes) >> 600 ; retry (10 minutes) >> 1209600 ; expire (2 weeks) >> 3600 ; minimum (1 hour) >> ) >> NS ns1.example.com. >> $ORIGIN example.com. >> ns1 A 192.168.0.15 >> $TTL 86400 ; 1 day >> test A 10.10.156.37 >> test1 A 10.10.156.38 >> >> ######################################################## >> Reverse zone file after the update >> ######################################################## >> greg@hp-linux:/etc/bind/master$ cat 10.10.in-addr.arpa.dns >> $ORIGIN . >> $TTL 3600 ; 1 hour >> 10.10.in-addr.arpa IN SOA ns1.example.com. admin\.example.com. ( >> 2 ; serial >> 3600 ; refresh (1 hour) >> 600 ; retry (10 minutes) >> 1209600 ; expire (2 weeks) >> 3600 ; minimum (1 hour) >> ) >> NS ns1.example.com. >> $ORIGIN 156.10.10.in-addr.arpa. >> $TTL 86400 ; 1 day >> 37 PTR test.example.com. >> 38 PTR test1.example.com. >> >> If any additional info is required please let me know and I will send it >> asap. >> >> Look for to your response. >> >> Rgds, >> Greg Donohoe. >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users Confidentiality Notice This email including all attachments is confidential and intended solely for the use of the individual or entity to which it is addressed. This communication may contain information that is protected from disclosure under State and/or Federal law. Please notify the sender immediately if you have received this communication in error and delete this email from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
