Questions on dynamic DNS nsupdate command

Joe Kattner joe.kattner at adelphia.com
Thu Nov 8 15:23:06 UTC 2001 

-----Original Message-----
From: Pozar, Frank [mailto:frank.pozar at eds.com]
Sent: Thursday, November 08, 2001 9:45 AM
To: 'bind-users at isc.org'
Subject: Questions on dynamic DNS nsupdate command

Have a couple questions regarding the transition from statically maintained
dns zones (using hosts_to_named script/h2n scripts )  to  dynamically
controlled zones using nsupdate...

1.When I issued the nsupdate command the first time on a zone, the format of
the zone file on disk (ex db.new) was changed. It put a ;BIND DUMP V8 at the
top of the file and appended a ;Cl=5 at the end of each line. Also, the
numbers for the serial no. , expire , refresh and ttl times were all placed
on one line.
Is this file corrupted or is it normal for a dynamically controlled zone
file to have this format?

- No, it's not corrupt. This is normal. BIND uses it's own format, which may
look odd at first. 

2. How does  a dynamic zone get loaded into memory upon startup of the named
daemon on the nameserver.... What files are read.. Does it read the zone's
actual zone file on disk and then the .log file, if it exists, and puts it
into memory?  If I want to backup the zone files I should backup these fies
for disaster recovery?

- It reads the zone files from disk, as normal. Once running, it keeps
everything in memory, and writes the files as it needs. In the event of a
crash, when restarting if there is a .log, then that is added in with the
data in the zone files. It is always a good idea to keep backups, no matter
how you get the information into the zones. 

3. I want to restate the obvious for confirmation... once a zone is being
dynamically updated via the nsupdate command or a DHCP routine is hitting
it, it should not be modified by hand (vi"ing" the zone incrementing the
serial number.. or running h2n).

- Correct. Since you have no idea when it BIND will write the file you
should never manually edit the zone files being dynamically updated while
BIND is running. Once you move over, all you're updates need to be done with
nsupdate. Most usually write a script or web interface to make it
easier/faster to manage their zones.

4. We are trying to implement Windows 2000 seats on a subnet owned(authority
given) by a UNIX nameserver. So the situation we are facing is the the
reverse zones have both unix and windows clients in it while the forward
zones are owned by the respective name servers (the windows 2000 domain
controller running DNS controls the forward zone for the windows 200 seats
while the unix server owns the forward zone for unix seats).

So for the shared reverse zone, we would have dynamic updates occuring via
nsupdate command from the unix side and via DHCP controller from the windows
2000 side.. Has anyone implemented such a setup?????  Any suggestions...

On the unix side, we used the host_to_named script to pull changes in the
NIS host map into the dns zone files..  Is there any script using the
nsupdate command to perform dns updates which would replace the
host_to_named  process?????

Would there be an issue if a nsupdate from a unix system was running on a
zone at the same time a windows DHCP controller was submitting dynamic
updates via there ns_update routine?????

- I have no experience with w2k, but have dynamic updates from more than one
source running without problems. I would guess that windows sending dynamic
updates shouldn't be any problem.

5. Is the current suggested roadmap to have the windows 2000 clients on a
separate subnet from UNIX clients??  Therefore, the window systems are
taking control of both the forward and reverse domains.. and unix takes care
of is own...

- Providing a separate network for windows/unix/whatever doesn't really
matter to BIND. It may be easier to know that one network is a certain type
of host, but it is more administrative. Name resolution which doesn't care
what network it is on (assuming it has communication to the proper places).

6. For bind version 8.2.2 (BIND V8), does the serial number change for a
zone dynamically updated occur about 5 minutes after the dynamic change to
the zone in memory??? Therefore the secondary or slave nameservers would not
see this update for 5 minutes??? Is this true???   

- The latest version in the 8.x series, is 8.2.5, you should upgrade due the
security holes in prior versions. I don't believe there is any delay built
in, and have never experienced one of 5 minutes. You could experience a
delay, depending on a number of issues, configuration and location of
servers, network latency etc..


Thanks in advance for all your help..
Frank

More information about the bind-users mailing list