dnssec updated zone data is not live ??
Gregory Machin
gdm at linuxpro.co.za
Thu Dec 10 21:03:06 UTC 2009
Hi
Please can you advise. I's been ages since I have configured dnssec .
I used nsupdate (with dnssec) to update a zone file with all the host
current ip's so that they are reachable via a host name even when the
ip has changed (a dyndns.org type of thing). Everything seems to work
fine named accepts the update and writes it to the .jnl file but when
it try and ping the updated host name I get "ping: unknown host
greg.za.protetor.net", and this is one the server running named. yet I
the logs show
Dec 10 14:47:52 server named[17862]: client 97.xxx.xxx.127#50043: view
external: updating zone 'device.example.net/IN': deleting rrset at
'greg.device.example.net' A
Dec 10 14:47:52 server named[17862]: client 97.xxx.xxx.127#50043: view
external: updating zone 'device.example.net/IN': adding an RR at
'greg.device.example.net' A
Which is correct from what I remember the last time I did this.
my zone configuration:
/etc/named.conf
zone "device.example.net" {
type master;
file "/var/named/device.example.net.db";
allow-transfer { any; };
allow-update { key device.example.net; };
};
zone file:
$ORIGIN .
$TTL 3600 ; 1 hour
device.example.net IN SOA ns1.example.net. ns2.example.net. (
2009120805 ; serial
900 ; refresh (15 minutes)
600 ; retry (10 minutes)
86400 ; expire (1 day)
3600 ; minimum (1 hour)
)
NS ns1.example.net.
NS ns2.example.net.
A 205.234.215.112
MX 0 server.example.net.
$ORIGIN device.example.net.
$TTL 60 ; 1 minute
greg A 97.xxx.xxx.127
Running:
BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5
any suggestions would be welcome. I have run out of ideas and googles.
More information about the bind-users
mailing list