dynamic DNS configuration question
kcd at daimlerchrysler.com
Thu Feb 9 22:51:02 UTC 2006
>I configured dynamic DNS sometime ago and trying to figure if I understand it
>correctly so I apologize in advance since I still should be considered a newbie.
>client side: redhat-8.0 dhcp-3.0.3 using dhclient for updating
>server side: bind-9.2.3 on SuSE machine.
>So here is what I am not completely undestanding:
>I am wanting to manually update the zone file on my primary DNS server and
>see on the that there is an update to the zone file (called zones/domain.com).
> and there is a creation of a zones/domain.com.jnl file. There are $ORIGIN
>and $TTL tags places in the zones/domain.com file. Is this proper behavior?
Once a zone is configured for Dynamic Update, think of it as "owning"
the zone file and writing whatever it wants, whenever it wants, into
that file. To be sure, the Dynamic Update extension mandates that
changes be committed immediately to non-volatile storage, but the BIND
implementation chooses to write the changes first to the journal file,
and only "whenever" to the zone file. So it's really a crapshoot what
the zone file contains at any given point in time. If you want to see
exactly what's in a zone at a particular time, the most straightforward
way is a zone transfer, although I suppose one could hack together
something that reads the zone file, reads and parses the journal file,
and comes up with a "merged" view of both.
>Is it okay to manually change the information in this file and restart the
Generally, it's a good idea to get into the habit of using nsupdate or
some other Dynamic Update client software to "manually" maintain zones
that are configured for Dynamic Update. Put a fancy shmancy frontend on
it if you wish, write something in Perl using the Dynamic Update
capabilities of the Net::DNS module, set up TSIG-authentication if you
want to do updates remotely and are worried about them being spoofed.
Otherwise, if you don't use Dynamic Update in some shape or form to do
these "one-off" updates, you're going to have to be more intrusive than
necessary to the nameserver's operational status, with stop/restart,
freeze/thaw or whatever. Stopping the nameserver's ability to accept
updates for a particular zone, while a manual change is being made to
the zone file, is not something that scales very well, certainly not to
the enterprise level...
More information about the bind-users