Dynamically add zones

Alan Clegg aclegg at isc.org
Thu Jul 29 03:08:28 UTC 2010


On 7/28/2010 10:41 PM, Mike Flathers wrote:

> Is there a patch for bind 9 to add new zones dynamically without
> having to run rndc reconfig?  The server stops answering queries when
> reconfig is loading in the new config as the config grows this timeout
> increases.  I haven't hit the source code yet, but something like rndc
> addzone zonename [config options | clone zone] would be nice :)

Look for it in BIND 9.7.2

Here's what I have that creates zones, makes them dynamic and signs them
with no human interference (producing the DS record for the parent):

==SNIP==
#!/bin/bash
cd /etc/namedb
cp template master/${1}

rndc addzone ${1} { type master\;\
                                file \"master/${1}\"\;\
                                update-policy local\; \
                                auto-dnssec maintain\; \
                                }\;

dnssec-keygen -f KSK -K /etc/namedb/keys $1
dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key > ds/${1}

dnssec-keygen -K /etc/namedb/keys $1

rndc sign ${1}
==SNIP==

Yes, no error checking, etc, but it works well as a proof-of-concept...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100728/dc1336c9/attachment.bin>


More information about the bind-users mailing list