Can you delete NS records with nsupdate?

Kevin Darcy kcd at daimlerchrysler.com
Tue Jan 22 22:26:56 UTC 2002 

Mark_Andrews at isc.org wrote:

> > In article <a2k87j$8q7 at pub3.rc.vix.com>,
> > Lists User  <lists at mail.tiggee.com> wrote:
> > >The problem I am having was that the NS record was a lame record.
> > >
> > >In the domain tester.com. I had a ns record for sub1.
> > >example:
> > >update add sub1.tester.com. 10800 NS ns1.anotherdomain.com.
> > >
> > >This added no problem.
> > >
> > >then when I tried:
> > >update delete sub1.tester.com. NS ns1.anotherdomain.com.
> > >or
> > >update delete sub1.tester.com. IN NS ns1.anotherdomain.com.
> > >
> > >
> > >It bombed and said:
> > >
> > >Reply from SOA query:
> > >;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:  33475
> > >;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > >;; QUESTION SECTION:
> > >;sub1.tester.com.       IN      SOA
> > >
> > >
> > >response to SOA query was unsuccessful
> > >
> > >
> > >
> > >I guess this is because it was a lame nameserver correct?
> >
> > I suspect a bug in nsupdate.  It seems to be assuming that you're trying to
> > remove the NS record at the top of the sub1.tester.com domain, rather than
> > the delegation record in the tester.com domain.  So it's doing an SOA query
> > for sub1.tester.com rather than tester.com.
>
>         If you want to update glue then you need to specify the zone.
>
>         zone tester.com.
>         update delete sub1.tester.com. IN NS ns1.anotherdomain.com.
>
>         Note the periods at the ends of the domain names.

To put it a slightly different way: if you want to delete NS records, you need
to decide *which* set of NS records you want to delete or delete from, i.e. from
the delegating NS records (in the parent zone, otherwise known as "glue") or
from the NS records in the zone itself. nsupdate's "default" is to delete the NS
records in the zone itself. If you want to delete delegating NS records, then
you need to tell nsupdate that by specifying "zone". The "zone" keyword is only
recognized in the BIND 9 version of nsupdate.


- Kevin

More information about the bind-users mailing list