Dynamically add zones

Dan Durrer dan at vitalwerks.com
Thu Jul 29 23:19:08 UTC 2010


Alan,

I was playing around with your example.  I can get it to add the zone ( that is no rndc errors or syslog messages).

I see it send notifies for the new zone in my log.

29-Jul-2010 23:06:47.063 notify: info: zone exampledomain.com/IN: sending notifies (serial 12)

I also added the global option  new-zone-file "my_new_zones.dat" and I see that file being populated with the new zones statements I've added via rndc.  

The server however responds with a REFUSED for this zone or any others done via addzone.  

If i take the zone option statement in my_new_zones.dat and apply them to named.conf and reconfig it resolves just fine.  Anyone else experiencing this?

Can't wait for this feature to become finalized :)  

Dan Durrer
No-IP.com


On Jul 28, 2010, at 8:08 PM, Alan Clegg wrote:

> On 7/28/2010 10:41 PM, Mike Flathers wrote:
> 
>> Is there a patch for bind 9 to add new zones dynamically without
>> having to run rndc reconfig?  The server stops answering queries when
>> reconfig is loading in the new config as the config grows this timeout
>> increases.  I haven't hit the source code yet, but something like rndc
>> addzone zonename [config options | clone zone] would be nice :)
> 
> Look for it in BIND 9.7.2
> 
> Here's what I have that creates zones, makes them dynamic and signs them
> with no human interference (producing the DS record for the parent):
> 
> ==SNIP==
> #!/bin/bash
> cd /etc/namedb
> cp template master/${1}
> 
> rndc addzone ${1} { type master\;\
>                                file \"master/${1}\"\;\
>                                update-policy local\; \
>                                auto-dnssec maintain\; \
>                                }\;
> 
> dnssec-keygen -f KSK -K /etc/namedb/keys $1
> dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key > ds/${1}
> 
> dnssec-keygen -K /etc/namedb/keys $1
> 
> rndc sign ${1}
> ==SNIP==
> 
> Yes, no error checking, etc, but it works well as a proof-of-concept...
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list