rndc and Updated Zones in bind-9.1.0

Martin McCormick martin at dc.cis.okstate.edu
Wed Mar 7 15:02:46 UTC 2001

	Thank you very much.  You have saved me/us a lot of
wasted time.  

Mark.Andrews at nominum.com writes:
>	BIND 9.1.0 has a bug in that it treats a zone declaration
>	with "allow-update { none; };" as if it was a dynamic zone.

	That is exactly what was happening.

>	This is fixed in 9.1.1rc1.

	I got bind-9.1.1rc3.

>	If the zone is not dynamic then you can edit the zone file.

	I see that, also.  When I had

	allow-update {; };

the zone file would get hashed every time I did a reload which
makes sense if named "thinks" that it is dynamic for that zone
and does not expect one to manually edit the file.  As soon as I
changed the localhost or designation to

	allow-update { none; };

bind did not touch the zone file after a reload and a test record
added to the file showed up in the next zone transfer.

	At least, I did successfully get nsupdate working during
the confusion and it is going to be very handy when we start
running dynamic zones.

	Now, those of you switching to bind-9 might want to file
this next bit of information in your survival kit.

	If you have a stealth master, in other words, your
official master is really a slave to a server that is not listed
as your master, be absolutely sure where your nsupdate directives
are going.  I had installed a key in the named.conf file on the
stealth server and referred to that key in the nsupdate command as in

nsupdate  -kKxxx.private /home/dir/file

	It kept complaining about the key not working.  Using the
debug flag showed that lacking a designated server, nsupdate
figured out that I must want to talk to the master for the
domain.  That particular server is running bind-8 and knows
nothing about keys yet.  Of course it was failing.  Everything
worked properly as soon as I put the server directive in the
batch file that contained the update.  

	Again, thanks for telling me about the bug in 9.1.0.  I
did not know enough, yet, to be sure that there was a real
problem or that I was simply not using the new named properly.

Martin McCormick WB5AGZ  Stillwater, OK 
OSU Center for Computing and Information Services Data Communications Group

More information about the bind-users mailing list