Why make manual changes to the zone file?  The zone is already
dynamically updated, so the usual reasons (formatting, structure,
in-line signing) don't apply.

Use nsupdate to add your entries.  Named will update the zone, handle
updating the serial number - an even do some validation on the records. 
It's easier, doesn't stop service, and because it automates the
mechanics, safer.

BTW: I recommend using TSIG for authorization with nsupdate rather than
IP addresses.

Timothe Litt
ACM Distinguished Engineer
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

On 29-Sep-21 07:41, Frank Kyosho Fallon wrote:
> Hi,
> Occasionally I need to add hosts manually to forward/reverse lookup
> zones in BIND 9.16. We also have ISC DHCP. Both are on a Mac Mini
> using MacPorts to install.
> Since dynamic updates are continually in progress, I understand I need
> to use *rndc**freeze zone* and *rndc**thaw zone* before and after
> making changes (including manually incrementing the sequence number). 
> Can I safely accomplish the same thing by issuing an *rndc stop*
> command? Would that allow me to make zone changes followed by an *rndc
> reload* command?
> Also, is it safe to simply reboot the server after OS updates, or is
> it necessary to manually stop the DNS server first?
> Does it matter where in the dynamically updated zone files I insert
> the new host A record and PTR record?
> With /etc/hosts I can add hosts on different subnets. To do that in
> DNS, do I first need to add a reverse zone for the additional subnet
> so that I can add PTR records to correspond to A records in the
> forward zone?
> Thanks for any light you can shed on this subject.
> -- 
> Frank Kyosho Fallon
> My pronouns are: He, HIm

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list

Reply via email to