Re: Bind forgets my changes with nsupdate

2023-10-08 Thread Michael Richardson
201907-b...@planhack.com wrote: >> My solution is not to mix dynamic update with other access. Instead, >> I put in CNAMEs in the signed zone to a sub-zone (or other zone) where >> I do exclusive dynamic update. This isn't perfect, but it works well >> enough to allow dns-01 (cer

Re: Bind forgets my changes with nsupdate

2023-10-07 Thread Björn Persson
Paul van der Vlis via bind-users wrote: > But how could I refresh the key without loosing the IP? I was in a similar situation. I managed my zone files mostly manually, but a few records needed to be updated automatically. Either manual changes would obliterate automatically updated records, as yo

Re: Bind forgets my changes with nsupdate

2023-10-06 Thread 201907-bind
> My solution is not to mix dynamic update with other access. > Instead, I put in CNAMEs in the signed zone to a sub-zone (or other zone) > where I do exclusive dynamic update. This isn't perfect, but it works > well enough to allow dns-01 (certbot/LetsEncrypt) to be able to refresh my >

Re: Bind forgets my changes with nsupdate

2023-10-06 Thread Michael Richardson
In general, you don't want to mix dynamic update zones with ones that you want to edit by hand. I see that you are doing manual DNSSEC signing in your cron job. Your choices are: a) do everything with dynamic update, and turn on automatic DNSSEC management in bind9. b) do your DNSSEC signing

Re: Bind forgets my changes with nsupdate

2023-10-06 Thread Mark Andrews
Just configure named to sign the zone. -- Mark Andrews > On 6 Oct 2023, at 22:30, Paul van der Vlis wrote: > > Op 06-10-2023 om 10:39 schreef Mark Andrews: >> You need to figure out what is updating the zone. This isn’t named. > > Thanks for your answer. > It makes me find the reason. See m

Re: Bind forgets my changes with nsupdate

2023-10-06 Thread Paul van der Vlis via bind-users
Op 06-10-2023 om 10:39 schreef Mark Andrews: You need to figure out what is updating the zone. This isn’t named. Thanks for your answer. It makes me find the reason. See my other message. With regards, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://vandervlis.nl/ -- Visit ht

Re: Bind forgets my changes with nsupdate

2023-10-06 Thread Paul van der Vlis via bind-users
Op 06-10-2023 om 10:28 schreef Paul van der Vlis via bind-users: Hello, I try to give a dynamic IP to a name, using nsupdate. This works fine, but after some hours the IP is gone from the master (which I update). Something like this: Host home.customer.nl not found: 3(NXDOMAIN) The IP is the

Re: Bind forgets my changes with nsupdate

2023-10-06 Thread Mark Andrews
You need to figure out what is updating the zone. This isn’t named. -- Mark Andrews > On 6 Oct 2023, at 19:28, Paul van der Vlis via bind-users > wrote: > > Hello, > > I try to give a dynamic IP to a name, using nsupdate. This works fine, but > after some hours the IP is gone from the mast