I've seen the RFC. How much is actually implemented in BIND 8.1.1?
Is there any security on updates? Are dynamic updates saved across
system shutdowns and crashes? Where? Re-writing the master zone file?
Gordon L. Burditt
> end
incorrect section name: end
sebastien:/var/named#
Rolf Traber
nsupdate appears to take a piped input from a file and dynamically
updates the DNS with that data. I have not found a description on the
format of this file. I belive nsupdate is used to satisfy the requirement
of recovering from a failure and rebuilding any dynamic entries.
BIND 8.1.1 will generate a log file in the format required for input into
nsupdate. This file is created when BIND 8.1.1 receives any DDNS requests
and it keeps a history of all the dynamic changes made to the DNS.
Therefore if there is a need to restart BIND 8.1.1, using nsupdate along
with the created log file all the dynaic changes could be reinstated.
I am setting up a test platform to try this and I would expect to restore
the DNS in the following manner.
BIND is down for whatever reason.
1. Copy/Move the appropriate log file or rename it so it will not be
overwritten
2. Delete the log file, (May be required if the file is not recreated
when restarting bind, otherwise multiple duplicate updates will be
present in the file)
3. Start Bind
4. Run nsupdate < whatever-the-log-file-is
This should restore the DNS with all its previous dynamic entries.
To submit changes to the DNS we have developed some libraries to create
the required date, but still have to test them, and once this is done the
format of the log file will be revealed to us. Knowing this format you
could then compose your own file for use with nsupdate. As the source is
available you could also examine how the program parses data to determin
the format of the file. Though a sample file in the documentation would
be nice.
I am assuming that dymaic updates are only saved in the log and nsupdate
is required to reinstate them.
Security for updates is covered with the allow-update option in the zone
configuration, by default updates are no permitted unless turned on. So
for a particular zone the allow-update {and-your-access-list;}; need to
be placed in the zones configuration.
I hope this helps, I am still experimenting with BIND 8.1.1 and have yet
to discover all I need to know.
Danny Wilson