Update RPZ zone records

Mark Andrews marka at isc.org
Thu Jan 25 00:40:17 UTC 2018 

Look at the sever’s logs.

> On 25 Jan 2018, at 11:39 am, Anvar Kuchkartaev <anvar at aegisnet.eu> wrote:
> 
> I updated nsuptate.txt and added .rpz to the end of the record now SERVFAIL happened
> 
> nsupdate.txt:
> 
> server localhost
> zone rpz
> update add 32.213.60.86.188.rpz-client-ip.rpz        60    CNAME    rpz-passtrhu.
> show
> send
> 
> 
> 
> command result:
> 
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; ZONE SECTION:
> ;rpz.                IN    SOA
> 
> ;; UPDATE SECTION:
> 32.213.60.86.188.rpz-client-ip.rpz. 60 IN CNAME    rpz-passtrhu.
> 
> update failed: SERVFAIL
> 
> 
> 
> 
> On 24/01/18 22:46, Mark Andrews wrote:
>>  Nsupdate treats all names as absolute so you need to add the .rpz to the end. 
>> 
>> 
> 
> On 25 Jan 2018, at 08:19, Anvar Kuchkartaev via bind-users <bind-users at lists.isc.org>
>  wrote:
> 
> Hello,
> 
> I am trying to update RPZ zone records dynamically using nsupdate. But unfortunately I am facing with NOTZONE option.
> 
> nsupdate -k /etc/rndc.key < nsupdate.txt
> 
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; ZONE SECTION:
> ;rpz.                IN    SOA
> 
> ;; UPDATE SECTION:
> 32.213.60.86.188.rpz-client-ip.    60 IN    CNAME rpz-passtrhu.
> 
> update failed: NOTZONE
> 
> 
> nsupdate.txt:
> 
> server localhost
> zone rpz
> update add 32.213.60.86.188.rpz-client-ip.        60    CNAME rpz-passtrhu.
> show
> send
> 
> 
> my rpz zone:
> 
> zone "rpz" IN {
>     type master;
>     file "named.rpz";
>     allow-query { localhost; };
>     update-policy {
>                 grant rndc-key zonesub ANY;
>         };
> };
> 
> Any help will be greatly appreciated,
> 
> -- 
> Anvar Kuchkartaev
> 
> anvar at aegisnet.eu
> 
> 
> _______________________________________________
> Please visit 
> https://lists.isc.org/mailman/listinfo/bind-users
>  to unsubscribe from this list
> 
> bind-users mailing list
> 
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Anvar Kuchkartaev 
> 
> anvar at aegisnet.eu 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list