Dynamic DNS updates and BIND 8.1.1 - how?
Gordon Burditt
How does one actually send a dynamic DNS update? I've seen nsupdate
in the BIND 8.1.1 distribution, but I haven't been able to figure
out what kind of input file format is required to actually
send an update. Are there any other packages for this? Any
documentation?
I've seen the RFC. How much is actually implemented in BIND 8.1.1?
Is there any security on updates? Are dynamic updates saved across
system shutdowns and crashes? Where? Re-writing the master zone file?
Gordon L. Burditt
Rolf Traber
I could do the following:
Gordon L. Burditt
sebastien:/var/named# nsupdate
> update delete www.traber.ch. cname
> update add www.traber.ch. 100 in cname veronique.traber.ch
>
res_mkupdate: packet size = 67
;; res_send()
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 30251
;; flags:; ZONE: 1, PREREQUISITE: 0, UPDATE: 2, ADDITIONAL: 0
;; traber.ch, type = SOA, class = IN
www.traber.ch. 0S ANY CNAME www.traber.ch.
www.traber.ch. 1m40s IN CNAME veronique.traber.ch.
;; Querying server (# 1) address = 10.2.0.1
;; got answer:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 30251
;; flags: qr ra; ZONE: 0, PREREQUISITE: 0, UPDATE: 0, ADDITIONAL: 0
> end
incorrect section name: end
sebastien:/var/named#
Rolf Traber
Danny Wilson
In article <62t8r1$6...@hammy.lonestar.org>,
gordon...@sneaky.lerctr.org says...
> How does one actually send a dynamic DNS update? I've seen nsupdate
> in the BIND 8.1.1 distribution, but I haven't been able to figure
> out what kind of input file format is required to actually
> send an update. Are there any other packages for this? Any
> documentation?
>
> I've seen the RFC. How much is actually implemented in BIND 8.1.1?
> Is there any security on updates? Are dynamic updates saved across
> system shutdowns and crashes? Where? Re-writing the master zone file?
>
>
>
I have not implemented dynamic update at this time, these are my thoughts
on reading the code and whatever documentation I have been able to find.
nsupdate appears to take a piped input from a file and dynamically
updates the DNS with that data. I have not found a description on the
format of this file. I belive nsupdate is used to satisfy the requirement
of recovering from a failure and rebuilding any dynamic entries.
BIND 8.1.1 will generate a log file in the format required for input into
nsupdate. This file is created when BIND 8.1.1 receives any DDNS requests
and it keeps a history of all the dynamic changes made to the DNS.
Therefore if there is a need to restart BIND 8.1.1, using nsupdate along
with the created log file all the dynaic changes could be reinstated.
I am setting up a test platform to try this and I would expect to restore
the DNS in the following manner.
BIND is down for whatever reason.
1. Copy/Move the appropriate log file or rename it so it will not be
overwritten
2. Delete the log file, (May be required if the file is not recreated
when restarting bind, otherwise multiple duplicate updates will be
present in the file)
3. Start Bind
4. Run nsupdate < whatever-the-log-file-is
This should restore the DNS with all its previous dynamic entries.
To submit changes to the DNS we have developed some libraries to create
the required date, but still have to test them, and once this is done the
format of the log file will be revealed to us. Knowing this format you
could then compose your own file for use with nsupdate. As the source is
available you could also examine how the program parses data to determin
the format of the file. Though a sample file in the documentation would
be nice.
I am assuming that dymaic updates are only saved in the log and nsupdate
is required to reinstate them.
Security for updates is covered with the allow-update option in the zone
configuration, by default updates are no permitted unless turned on. So
for a particular zone the allow-update {and-your-access-list;}; need to
be placed in the zones configuration.
I hope this helps, I am still experimenting with BIND 8.1.1 and have yet
to discover all I need to know.
Danny Wilson