Adding mailing list for archiving. ---------- Forwarded message --------- From: Greg Donohoe <dubgr...@gmail.com> Date: Wed, Jan 27, 2021 at 6:11 PM Subject: Re: Reverse zone reformatting after nsupdate execution To: Chris Isaksen <chris.isak...@nysed.gov>
Thank you very much for your reply Chris. Changing the masterfile-style has addressed our issue. I need to do more testing but so far it looks good :-) Thanks again. Rgds, Greg. On Wed, Jan 27, 2021 at 1:32 PM Chris Isaksen <chris.isak...@nysed.gov> wrote: > > > ------------------------------ > *From:* bind-users <bind-users-boun...@lists.isc.org> on behalf of Ondřej > Surý <ond...@isc.org> > *Sent:* Wednesday, January 27, 2021 8:29 AM > *To:* Greg Donohoe <dubgr...@gmail.com> > *Cc:* bind-users@lists.isc.org <bind-users@lists.isc.org> > *Subject:* Re: Reverse zone reformatting after nsupdate execution > > You might want to change `masterfile-style` configuration option: > > > https://bind9.readthedocs.io/en/latest/reference.html?highlight=masterfile-style#tuning > > Ondrej > -- > Ondřej Surý (He/Him) > ond...@isc.org > > > On 27. 1. 2021, at 14:23, Ondřej Surý <ond...@isc.org> wrote: > > > > Greg, > > > > there’s nothing wrong with the zone contents. $ORIGIN means “now append > this to every name not ending with dot”. > > > > Ondřej > > -- > > Ondřej Surý — ISC (He/Him) > > > >> On 27. 1. 2021, at 14:06, Greg Donohoe <dubgr...@gmail.com> wrote: > >> > >> > >> Hello. I am hoping that someone can help me to figure out the cause of > an issue I am seeing when running nsupdate on my BIND9 server. > >> Below you will find all the the details as to how my server is > configured and also the nsupdate commands that I am running. > >> > >> The issue I am seeing is that I have configured a /16 > 10.10.in-addr.arpa reverse zone, however when I execute nsupdate the > 10.10.in-addr.arpa.dns zone file re formats the $ORIGIN to a /24 > 156.10.10.in-addr.arpa. > >> This appears to be an issue with nsupdate rather than BIND itself as I > can manually amend the 10.10.in-addr.arpa.dns zone file whcih always > remains in a /16 format. > >> > >> Please see below for details and if you need any further information > please let me know. > >> > >> ############################### > >> named.conf > >> ############################### > >> greg@hp-linux:/etc/bind$ cat named.conf > >> ## OPTIONS > >> options { > >> directory "/var/cache/bind"; > >> > >> recursion no; > >> listen-on port 53 { any; }; > >> allow-query { any; }; > >> allow-update { any; }; > >> > >> forwarders { > >> 10.10.8.120; > >> 10.196.207.11; > >> }; > >> > >> dnssec-validation auto; > >> > >> auth-nxdomain no; # conform to RFC1035 > >> listen-on-v6 { any; }; > >> }; > >> > >> > >> ## ZONES > >> # Zone statement for forward DNS lookups > >> zone "example.com" IN { > >> type master; > >> file "/etc/bind/master/example.com.dns"; > >> allow-update { any; }; > >> }; > >> zone "10.10.in-addr.arpa" IN { > >> type master; > >> file "/etc/bind/master/10.10.in-addr.arpa.dns"; > >> allow-update { any; }; > >> }; > >> > >> ################################################### > >> The batch.txt file I use to run nsupdate > >> ################################################### > >> server 127.0.0.1 > >> zone example.com > >> update add test.example.com 86400 IN A 10.10.156.37 > >> send > >> server 127.0.0.1 > >> zone 10.10.in-addr.arpa. > >> update add 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com > >> send > >> server 127.0.0.1 > >> zone example.com > >> update add test1.example.com 86400 IN A 10.10.156.38 > >> send > >> server 127.0.0.1 > >> zone 10.10.in-addr.arpa. > >> update add 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com > >> send > >> > >> ###################################################### > >> nsupdate debug output > >> ###################################################### > >> greg@hp-linux:/etc/bind/master$ nsupdate -D -v batch1.txt > >> setup_system() > >> reset_system() > >> user_interaction() > >> do_next_command() > >> do_next_command() > >> do_next_command() > >> evaluate_update() > >> update_addordelete() > >> do_next_command() > >> start_update() > >> send_update() > >> Sending update to 127.0.0.1#53 > >> show_message() > >> Outgoing update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 15755 > >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;example.com. IN SOA > >> > >> ;; UPDATE SECTION: > >> test.example.com. 86400 IN A 10.10.156.37 > >> > >> update_completed() > >> show_message() > >> > >> Reply from update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 15755 > >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;example.com. IN SOA > >> > >> done_update() > >> reset_system() > >> user_interaction() > >> do_next_command() > >> do_next_command() > >> do_next_command() > >> evaluate_update() > >> update_addordelete() > >> do_next_command() > >> start_update() > >> send_update() > >> Sending update to 127.0.0.1#53 > >> show_message() > >> Outgoing update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 38067 > >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;10.10.in-addr.arpa. IN SOA > >> > >> ;; UPDATE SECTION: > >> 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com. > >> > >> update_completed() > >> show_message() > >> > >> Reply from update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 38067 > >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;10.10.in-addr.arpa. IN SOA > >> > >> done_update() > >> reset_system() > >> user_interaction() > >> do_next_command() > >> do_next_command() > >> do_next_command() > >> evaluate_update() > >> update_addordelete() > >> do_next_command() > >> start_update() > >> send_update() > >> Sending update to 127.0.0.1#53 > >> show_message() > >> Outgoing update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22045 > >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;example.com. IN SOA > >> > >> ;; UPDATE SECTION: > >> test1.example.com. 86400 IN A 10.10.156.38 > >> > >> update_completed() > >> show_message() > >> > >> Reply from update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 22045 > >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;example.com. IN SOA > >> > >> done_update() > >> reset_system() > >> user_interaction() > >> do_next_command() > >> do_next_command() > >> do_next_command() > >> evaluate_update() > >> update_addordelete() > >> do_next_command() > >> start_update() > >> send_update() > >> Sending update to 127.0.0.1#53 > >> show_message() > >> Outgoing update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7571 > >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;10.10.in-addr.arpa. IN SOA > >> > >> ;; UPDATE SECTION: > >> 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com. > >> > >> update_completed() > >> show_message() > >> > >> Reply from update query: > >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 7571 > >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 > >> ;; ZONE SECTION: > >> ;10.10.in-addr.arpa. IN SOA > >> > >> done_update() > >> reset_system() > >> user_interaction() > >> cleanup() > >> Shutting down task manager > >> shutdown_program() > >> Shutting down request manager > >> Destroy DST lib > >> Destroying request manager > >> Freeing the dispatchers > >> Shutting down dispatch manager > >> Destroying event > >> Shutting down socket manager > >> Shutting down timer manager > >> Removing log context > >> Destroying memory context > >> greg@hp-linux:/etc/bind/master$ systemctl restart named.service > >> > >> ###################################################### > >> Forward zone file after the nsupdate > >> ###################################################### > >> greg@hp-linux:/etc/bind/master$ cat example.com.dns > >> $ORIGIN . > >> $TTL 3600 ; 1 hour > >> example.com IN SOA ns1.example.com. admin\.example.com. ( > >> 2 ; serial > >> 900 ; refresh (15 minutes) > >> 600 ; retry (10 minutes) > >> 1209600 ; expire (2 weeks) > >> 3600 ; minimum (1 hour) > >> ) > >> NS ns1.example.com. > >> $ORIGIN example.com. > >> ns1 A 192.168.0.15 > >> $TTL 86400 ; 1 day > >> test A 10.10.156.37 > >> test1 A 10.10.156.38 > >> > >> ######################################################## > >> Reverse zone file after the update > >> ######################################################## > >> greg@hp-linux:/etc/bind/master$ cat 10.10.in-addr.arpa.dns > >> $ORIGIN . > >> $TTL 3600 ; 1 hour > >> 10.10.in-addr.arpa IN SOA ns1.example.com. admin\.example.com. ( > >> 2 ; serial > >> 3600 ; refresh (1 hour) > >> 600 ; retry (10 minutes) > >> 1209600 ; expire (2 weeks) > >> 3600 ; minimum (1 hour) > >> ) > >> NS ns1.example.com. > >> $ORIGIN 156.10.10.in-addr.arpa. > >> $TTL 86400 ; 1 day > >> 37 PTR test.example.com. > >> 38 PTR test1.example.com. > >> > >> If any additional info is required please let me know and I will send > it asap. > >> > >> Look for to your response. > >> > >> Rgds, > >> Greg Donohoe. > >> _______________________________________________ > >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > >> > >> ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > >> > >> > >> bind-users mailing list > >> bind-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/bind-users > > > > Confidentiality Notice > > This email including all attachments is confidential and intended solely > for the use of the individual or entity to which it is addressed. This > communication may contain information that is protected from disclosure > under State and/or Federal law. Please notify the sender immediately if you > have received this communication in error and delete this email from your > system. If you are not the intended recipient you are notified that > disclosing, copying, distributing or taking any action in reliance on the > contents of this information is strictly prohibited. > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users