dynamic update to SOA records

[cloud cache]

Hello,

How to use nsupdate to dynamic update the SOA records?
For example, I want to update the zone's contact email and main NS
server name.

Thanks.

[Mark Andrews]

update add zone ttl SOA .....
send

Just make sure the serial is bigger than the current serial or
it will be ignores. The old SOA will be removed as a side effect
of the add.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

[Tony Finch]

cloud cache <in...@cloudcache.net> wrote:
>
> How to use nsupdate to dynamic update the SOA records?
> For example, I want to update the zone's contact email and main NS server
> name.

Like this:

$ dig +noall +answer soa fanf2.ucam.org
fanf2.ucam.org. 3600 IN SOA black.dotat.at. dot.dotat.at. 40 3600 600 604800 60
$ nsupdate -l
> update add fanf2.ucam.org 3600 soa black.csi.cam.ac.uk fanf2.cam.ac.uk 41 3600 600 604800 60
> send
> quit
$ dig +noall +answer soa fanf2.ucam.org
fanf2.ucam.org. 3600 IN SOA black.csi.cam.ac.uk. fanf2.cam.ac.uk. 41 3600 600 604800 60
$

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Biscay: South backing east, 5 to 7. Moderate or rough, becoming slight or
moderate. Thundery showers. Moderate or good.

[Phil Mayers]

On 04/27/2012 02:37 AM, cloud cache wrote:
> Hello,

>
> How to use nsupdate to dynamic update the SOA records?
> For example, I want to update the zone's contact email and main NS

As others have pointed out, you just need to use "nsupdate" and send a
valid SOA.

NOTE: "valid" means "must have a serial number > current". Bind won't do
this for you - you need to choose an appropriate, higher, SOA serial in
the new record you send. Adding 1 is fine.

[Phil Mayers]

On 01/05/12 11:20, cloud cache wrote:
>
> But, how will I know the current serial number of the zone, if the zone
> has been changing frequently?

In the past, I've used a script that queries the SOA just before doing
the update (which is safe, because in a race condition you'll be "too
low" and fail)

e.g.

#!/bin/sh

ZONE="example.com"
SERVER="192.0.2.1"
TTL=3600
SOA_SERIAL=`dig @$SERVER +short $ZONE SOA | awk '{ print $3 }'

BUF=`mktemp`
trap "rm -f $BUF" EXIT

cat <<EOF >$BUF
server $SERVER
zone $ZONE
update add $ZONE $TTL SOA your.values. go.here. $(( SOA_SERIAL+1 )) ...
show
send
answer
EOF

[Chris Thompson]

On May 1 2012, Phil Mayers wrote:

>On 01/05/12 11:20, cloud cache wrote:
>>
>> But, how will I know the current serial number of the zone, if the zone
>> has been changing frequently?
>
>In the past, I've used a script that queries the SOA just before doing
>the update (which is safe, because in a race condition you'll be "too
>low" and fail)

Our regular DNS changes (via [scripted] nsupdate) always add the SOA
explicitly (it's going to change anyway, after all), setting the serial
to the Unix time(2) value. BIND may have been incrementing the serial
itself as a result of re-signing activity, but we assume it hasn't
been doing so as often as once a second...

--
Chris Thompson
Email: ce...@cam.ac.uk

[Anand Buddhdev]

On 01/05/2012 16:36, Chris Thompson wrote:

> Our regular DNS changes (via [scripted] nsupdate) always add the SOA
> explicitly (it's going to change anyway, after all), setting the serial
> to the Unix time(2) value. BIND may have been incrementing the serial
> itself as a result of re-signing activity, but we assume it hasn't
> been doing so as often as once a second...

At our request, ISC added an option to BIND 9.9, which allows it to
automatically set the serial number to unix time, so that we don't have
to explicitly set the SOA record each time.

If multiple updates arrive within the same second, then BIND just adds
+1 to the existing serial number, so that for brief periods, the unix
time will be in the "future". However, as time advances, the serial
number will soon be in the past, allowing new updates to set the serial
back to current unix time.

Regards,

Anand Buddhdev
RIPE NCC

[michoski]

Thanks for requesting it, and thanks to ISC for implementing. Like many
others, we have wrappers which do this today...getting it as an official
feature will be great.

--
Men use thought only to justify their wrong doings,
and speech only to conceal their thoughts.
-- Voltaire

[Tony Finch]

Chris Thompson <ce...@cam.ac.uk> wrote:

> Our regular DNS changes (via [scripted] nsupdate) always add the SOA
> explicitly (it's going to change anyway, after all), setting the serial
> to the Unix time(2) value. BIND may have been incrementing the serial
> itself as a result of re-signing activity, but we assume it hasn't
> been doing so as often as once a second...

My nsdiff script can set the serial number to unix time or YYYYMMDDNN; if
that's too small it falls back to increment mode. There's still a bug,
though: lack of support for proper modulo semantics :-) It also uses the
SOA record as an update prerequisite for detecting races and other
inconsistencies. (The system Chris is responsible for uses an HINFO record
for this purpose.)

http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/

Hebrides: North or northeast 4 or 5. Slight or moderate. Fair. Good.

[cloud cache]

But, how will I know the current serial number of the zone, if the zone
has been changing frequently?

Thank you.

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

[Mark Andrews]

In message <f771e61acd065e9d...@mail.mxes.net>, cloud cache writes
:

> But, how will I know the current serial number of the zone, if the zone
> has been changing frequently?
> Thank you.

You ask the master for the current SOA, add a small number to the
serial then send, then check the result by requerying the master.
Look at the fields you want to change not the serial when checking.
The examples so far have a small number as 1 but it can be anything
less than 2^31-1 and NO, I DO NOT RECOMMEND adding 2^31-1 to the
serial when doing this. Script it. If serial + 1, doesn't work
re-try with serial + 2, then serial + 3, etc. Eventually you will
hit a increment that is bigger that the average update rate. Note
I would not go above serial + 100.

Mark

> On Tue, 01 May 2012 09:42:40 +0100, Phil Mayers
> <p.ma...@imperial.ac.uk> wrote:
> > On 04/27/2012 02:37 AM, cloud cache wrote:
> >> Hello,
> >>
> >> How to use nsupdate to dynamic update the SOA records?
> >> For example, I want to update the zone's contact email and main NS
> >
> > As others have pointed out, you just need to use "nsupdate" and send
> > a valid SOA.
> >
> > NOTE: "valid" means "must have a serial number > current". Bind won't
> > do this for you - you need to choose an appropriate, higher, SOA
> > serial in the new record you send. Adding 1 is fine.
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-...@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users