On 06 Jul 2020, at 17:59, Mark Andrews <ma...@isc.org> wrote: > Nsupdate can normally determine the name of the zone that has to be updated > so most of the time you don’t need to specify the zone. There are a few > cases, like when adding delegating NS records or glue to the parent zone you > have to override the normal zone discovery procedure.
So if I were to try adding web2.example.com via nsupdate I could simply > update add web2.example.com 96400 IN CNAME www.covisp.net > send That's good to know, but I fear I will remember that and use it in cases where I do need to specify it and muck things up. I change DNS settings so infrequently that each time it is almost like starting over, especially since the underlying software has changed as well. Also, I need better notes, which I am taking this time. (Most of the serials on the DNS files are more than two years old) The latest surprise was that dnssec-enable yes; is obsolete in Bind 9.16. I've noticed no fallout from simply uncommenting it, so I assume it is either required now or implied with dnssec-validation set or auto-dnssec in the zone config. I do have motivation to get all this nsupdate stuff square, however, as I want to move Letsencrypt to wildcard certs and that requires updating the DNS during the LE exchange. -- Vi Veri Veniversum Vivus Vici _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users