Re: Dynamically add zones
In message 4c5220c1.7060...@isc.org, Alan Clegg writes: Will this functionality be available through an api? Or will it just be through rndc ? Not sure what API we would use beyond rndc. If you have recommendations, please e-mail me directly or give me a phone call (+1-919-355-885) and let's talk about it... rndc just makes libisccc (ISC Command Channel) calls to talk to the nameserver. One can use libisccc directly if one wants. Look at the rndc code for examples of how to do this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Dynamically add zones
Thanks. I use the libisccc where possible. -- Jack Tavares How many more can we sell with this button? From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Mark Andrews [ma...@isc.org] Sent: Friday, July 30, 2010 01:53 To: Alan Clegg Cc: bind-users@lists.isc.org Subject: Re: Dynamically add zones In message 4c5220c1.7060...@isc.org, Alan Clegg writes: Will this functionality be available through an api? Or will it just be through rndc ? Not sure what API we would use beyond rndc. If you have recommendations, please e-mail me directly or give me a phone call (+1-919-355-885) and let's talk about it... rndc just makes libisccc (ISC Command Channel) calls to talk to the nameserver. One can use libisccc directly if one wants. Look at the rndc code for examples of how to do this. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Do you guys have any hints yet on what it might look like or are you still looking for recommendations? Dan Durrer No-IP On Jul 30, 2010, at 10:44 AM, Evan Hunt wrote: Note that the syntax for this set of tools (dynamic zone creation) is a bit in flux and may be completely changed between 9.7.2 and 9.7.3. For that matter, I expect it to change significantly before the final release of 9.7.2. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Note that the syntax for this set of tools (dynamic zone creation) is a bit in flux and may be completely changed between 9.7.2 and 9.7.3. For that matter, I expect it to change significantly before the final release of 9.7.2. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Still not getting this to work just right, refused queries to newly added
zones.
If I config the zone as a master or as a slave it adds with a success from rndc.
Logs show sending notfies as master or completed zone transfer and zone system
file creation if slave.
Query to the newly added zone comes back as refused.
If I run reconfig it will start answering queries, but I'm guessing that is
because its just re-reading the include from new-zone-file. Am I missing
something here?
Dan
On Jul 29, 2010, at 5:33 PM, Dan Durrer wrote:
Alan,
So is managed.zone.list and zone.list named differently on purpose or is
that a typo?
Dan
On Jul 29, 2010, at 5:23 PM, Alan Clegg acl...@isc.org wrote:
On 7/29/2010 7:19 PM, Dan Durrer wrote:
Alan,
I was playing around with your example. I can get it to add the zone
( that is no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN:
sending notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and
I see that file being populated with the new zones statements I've
added via rndc.
The server however responds with a REFUSED for this zone or any
others done via addzone.
If i take the zone option statement in my_new_zones.dat and apply
them to named.conf and reconfig it resolves just fine. Anyone else
experiencing this?
include the my_new_zones.dat into your named.conf... my entire
named.conf on the sample system reads:
SNIP
options {
directory /etc/namedb;
dnssec-enable yes;
dnssec-validation yes;
new-zone-file /etc/namedb/managed.zone.list;
key-directory /etc/namedb/keys;
};
include /etc/namedb/zone.list;
SNIP
Note that the syntax for this set of tools (dynamic zone creation) is a
bit in flux and may be completely changed between 9.7.2 and 9.7.3. The
functionality will be there, but it might be a bit different in
implementation.. (beware!)
AlanC
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Is there a patch for bind 9 to add new zones dynamically without having to run rndc reconfig? This feature is being added in BIND 9.7.2. It's available now in the beta version, 9.7.2b1. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Alan/ Evan,
Thanks didn't get to reading the beta release notes yet. Wow, how timely is
this :)
Thanks
-m
On Wed, Jul 28, 2010 at 8:08 PM, Alan Clegg acl...@isc.org wrote:
On 7/28/2010 10:41 PM, Mike Flathers wrote:
Is there a patch for bind 9 to add new zones dynamically without
having to run rndc reconfig? The server stops answering queries when
reconfig is loading in the new config as the config grows this timeout
increases. I haven't hit the source code yet, but something like rndc
addzone zonename [config options | clone zone] would be nice :)
Look for it in BIND 9.7.2
Here's what I have that creates zones, makes them dynamic and signs them
with no human interference (producing the DS record for the parent):
==SNIP==
#!/bin/bash
cd /etc/namedb
cp template master/${1}
rndc addzone ${1} { type master\;\
file \master/${1}\\;\
update-policy local\; \
auto-dnssec maintain\; \
}\;
dnssec-keygen -f KSK -K /etc/namedb/keys $1
dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key ds/${1}
dnssec-keygen -K /etc/namedb/keys $1
rndc sign ${1}
==SNIP==
Yes, no error checking, etc, but it works well as a proof-of-concept...
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Alan,
I was playing around with your example. I can get it to add the zone ( that is
no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN: sending
notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and I see that
file being populated with the new zones statements I've added via rndc.
The server however responds with a REFUSED for this zone or any others done via
addzone.
If i take the zone option statement in my_new_zones.dat and apply them to
named.conf and reconfig it resolves just fine. Anyone else experiencing this?
Can't wait for this feature to become finalized :)
Dan Durrer
No-IP.com
On Jul 28, 2010, at 8:08 PM, Alan Clegg wrote:
On 7/28/2010 10:41 PM, Mike Flathers wrote:
Is there a patch for bind 9 to add new zones dynamically without
having to run rndc reconfig? The server stops answering queries when
reconfig is loading in the new config as the config grows this timeout
increases. I haven't hit the source code yet, but something like rndc
addzone zonename [config options | clone zone] would be nice :)
Look for it in BIND 9.7.2
Here's what I have that creates zones, makes them dynamic and signs them
with no human interference (producing the DS record for the parent):
==SNIP==
#!/bin/bash
cd /etc/namedb
cp template master/${1}
rndc addzone ${1} { type master\;\
file \master/${1}\\;\
update-policy local\; \
auto-dnssec maintain\; \
}\;
dnssec-keygen -f KSK -K /etc/namedb/keys $1
dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key ds/${1}
dnssec-keygen -K /etc/namedb/keys $1
rndc sign ${1}
==SNIP==
Yes, no error checking, etc, but it works well as a proof-of-concept...
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
On 7/29/2010 7:19 PM, Dan Durrer wrote:
Alan,
I was playing around with your example. I can get it to add the zone
( that is no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN:
sending notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and
I see that file being populated with the new zones statements I've
added via rndc.
The server however responds with a REFUSED for this zone or any
others done via addzone.
If i take the zone option statement in my_new_zones.dat and apply
them to named.conf and reconfig it resolves just fine. Anyone else
experiencing this?
include the my_new_zones.dat into your named.conf... my entire
named.conf on the sample system reads:
SNIP
options {
directory /etc/namedb;
dnssec-enable yes;
dnssec-validation yes;
new-zone-file /etc/namedb/managed.zone.list;
key-directory /etc/namedb/keys;
};
include /etc/namedb/zone.list;
SNIP
Note that the syntax for this set of tools (dynamic zone creation) is a
bit in flux and may be completely changed between 9.7.2 and 9.7.3. The
functionality will be there, but it might be a bit different in
implementation.. (beware!)
AlanC
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
Alan,
So is managed.zone.list and zone.list named differently on purpose or is that
a typo?
Dan
On Jul 29, 2010, at 5:23 PM, Alan Clegg acl...@isc.org wrote:
On 7/29/2010 7:19 PM, Dan Durrer wrote:
Alan,
I was playing around with your example. I can get it to add the zone
( that is no rndc errors or syslog messages).
I see it send notifies for the new zone in my log.
29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN:
sending notifies (serial 12)
I also added the global option new-zone-file my_new_zones.dat and
I see that file being populated with the new zones statements I've
added via rndc.
The server however responds with a REFUSED for this zone or any
others done via addzone.
If i take the zone option statement in my_new_zones.dat and apply
them to named.conf and reconfig it resolves just fine. Anyone else
experiencing this?
include the my_new_zones.dat into your named.conf... my entire
named.conf on the sample system reads:
SNIP
options {
directory /etc/namedb;
dnssec-enable yes;
dnssec-validation yes;
new-zone-file /etc/namedb/managed.zone.list;
key-directory /etc/namedb/keys;
};
include /etc/namedb/zone.list;
SNIP
Note that the syntax for this set of tools (dynamic zone creation) is a
bit in flux and may be completely changed between 9.7.2 and 9.7.3. The
functionality will be there, but it might be a bit different in
implementation.. (beware!)
AlanC
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
On 7/29/2010 5:38 PM, Jack Tavares wrote:
Will this functionality be available through an api?
Or will it just be through rndc ?
Not sure what API we would use beyond rndc. If you have
recommendations, please e-mail me directly or give me a phone call
(+1-919-355-885) and let's talk about it...
What error checking and reporting will it give?
Error checking is about as good as editing named.conf by hand and then
running named-checkconf. The log on the server receiving the 'rndc'
command gets useful things like:
--SNIP--
30-Jul-2010 00:25:29.013 received control channel command 'addzone
clegg.com { type slave; file slave/clegg.com'
30-Jul-2010 00:25:29.014 none:1: missing ';' before end of file
30-Jul-2010 00:25:29.014 none:1: '}' expected near end of file
--SNIP--
and
--SNIP--
30-Jul-2010 00:42:26.717 received control channel command 'addzone
boo!bad.com { type master; file master/boo!bad.com; update-policy
local; auto-dnssec maintain; };'
30-Jul-2010 00:42:26.717 none:1: '{' expected near '!'
--SNIP--
Unfortunately, rndc isn't very talkative on error messages, but it does
complain if something goes wrong:
When adding a zone that is already in the named.conf:
--SNIP--
r...@ubuntu:/etc/namedb# ./addslavezone clegg.com
rndc: 'addzone' failed: already exists
--SNIP--
And with a bad name:
--SNIP--
r...@ubuntu:/etc/namedb# ./addzone boo\!bad.com
rndc: 'addzone' failed: unexpected token
--SNIP--
Once scripted to do pre-rndc error checking, I'm sure that someone
will be able to write a heck of a frontend -- we expect nothing less.
:)
AlanC
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Dynamically add zones
Hey guys, It looks like bind 10 will address this, but I might as well check here. Is there a patch for bind 9 to add new zones dynamically without having to run rndc reconfig? The server stops answering queries when reconfig is loading in the new config as the config grows this timeout increases. I haven't hit the source code yet, but something like rndc addzone zonename [config options | clone zone] would be nice :) -m ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamically add zones
On 7/28/2010 10:41 PM, Mike Flathers wrote:
Is there a patch for bind 9 to add new zones dynamically without
having to run rndc reconfig? The server stops answering queries when
reconfig is loading in the new config as the config grows this timeout
increases. I haven't hit the source code yet, but something like rndc
addzone zonename [config options | clone zone] would be nice :)
Look for it in BIND 9.7.2
Here's what I have that creates zones, makes them dynamic and signs them
with no human interference (producing the DS record for the parent):
==SNIP==
#!/bin/bash
cd /etc/namedb
cp template master/${1}
rndc addzone ${1} { type master\;\
file \master/${1}\\;\
update-policy local\; \
auto-dnssec maintain\; \
}\;
dnssec-keygen -f KSK -K /etc/namedb/keys $1
dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key ds/${1}
dnssec-keygen -K /etc/namedb/keys $1
rndc sign ${1}
==SNIP==
Yes, no error checking, etc, but it works well as a proof-of-concept...
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
