incorrect section name: $ORIGIN

Alan Clegg alan at clegg.com
Mon Feb 4 14:47:26 UTC 2019 

On 2/4/19 7:03 AM, @lbutlr wrote:

> # nsupdate -d -v -l example.com
> Creating key...
> namefromtext
> keycreate
> incorrect section name: $ORIGIN

I'd recommend that you use nsupdate in interactive mode first.

--SNIP--
root at svlg-gateway:/etc/namedb# nsupdate -l
> update add funnyrecord.boat 3600 in a 1.1.1.1
> send
> quit
--SNIP--

Here, I've added an A record "funnyrecord.boat" to the local nameserver.
 It was accepted (no error message) and the record was signed:

--SNIP--
root at svlg-gateway:/etc/namedb# dig funnyrecord.boat +dnssec

; <<>> DiG 9.13.5 <<>> funnyrecord.boat +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35274
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 840786d22b259dd36f9300b85c584de5adea6d3ab34b6fde (good)
;; QUESTION SECTION:
;funnyrecord.boat.		IN	A

;; ANSWER SECTION:
funnyrecord.boat.	3600	IN	A	1.1.1.1
funnyrecord.boat.	3600	IN	RRSIG	A 8 2 3600 20190306143508 20190204133508
27363 boat. ULJiOVWd3jordtZZnp/1wUZul8Y6xLcEu0kh8mtCDFXGG2QlsKdyeZxb
dO54X241NOJRN6dI2RKH05DtErlhFHjLpnrus4BahuZKbWeuOXApCZ4r
+XPqManyq+3hyEFCJ8QM1fHSBbuDIyz7nKjr+T+xh/8pUowqNgMoBx+Y 08c=

;; Query time: 1 msec
;; SERVER: 44.127.8.1#53(44.127.8.1)
;; WHEN: Mon Feb 04 14:36:21 UTC 2019
;; MSG SIZE  rcvd: 253
--SNIP--

I can also remove records:

--SNIP--
root at svlg-gateway:/etc/namedb# nsupdate -l
> update delete funnyrecord.boat
> send
> quit
root at svlg-gateway:/etc/namedb# dig funnyrecord.boat +dnssec

; <<>> DiG 9.13.5 <<>> funnyrecord.boat +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16202
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: 044b781a89250d108be3c3345c584e25b636b5386f74056a (good)
;; QUESTION SECTION:
;funnyrecord.boat.		IN	A

;; AUTHORITY SECTION:
boat.			300	IN	SOA	admin. ns1.boat. 169 3600 600 86400 300
boat.			300	IN	RRSIG	SOA 8 1 8600 20190306143720 20190204133720 27363
boat. rx9ZfD6u9O5Hz1+1KkUnr0kqq8k45ljYmTQj1kFb6xQ7HFG13XkMkzbl
DDzjAoO1BIymYm8S1Kxq5lMXPNvAnPEChlhRW6xWVnWg4UyWnkzkzRCc
hME2NdE4WxSDZ3MMAnEELk29whmYcPIKVQJPgYjtHFJ7KS23PgoWb0qp ciA=
boat.			300	IN	NSEC	alans-time-capsule.boat. NS SOA RRSIG NSEC DNSKEY
TYPE65534
boat.			300	IN	RRSIG	NSEC 8 1 300 20190222045229 20190123035229 27363
boat. AevHxXgaJkotnUTv1jUJnBigUjkUO4gcI/V5AieuCR4cBdxMiRYa1WYS
pI+qPQcAzgTf7p/0RCXq45CVrjiXCoh/eEaQgxlqASSCTabCgVE9i0Dw
eVgE6NDXe4gtu3GEjhecCj3x3Xd2q6DEWYYQNJkg6fjjZr8xYCsjdYhw V88=
canboat.boat.		300	IN	NSEC	Google-Home-Mini.boat. A TXT RRSIG NSEC
canboat.boat.		300	IN	RRSIG	NSEC 8 2 300 20190306143720 20190204133720
27363 boat. RGLL6h/nX4/MMt+b2w9BA8LAg3R+5oXn73KG6DAKP57Q1Ak+NyFBYeil
4Pkz5w7qgA4k4nRrriTJ0kmckTlaODfx1KWZEOR33nqctK37lOIaenmx
Rd7d98qP7/+A0v68T5DSXI9ZNlx5688isxXo2ZTLP2bKFEWYbDZXBEtr DdM=

;; Query time: 1 msec
;; SERVER: 44.127.8.1#53(44.127.8.1)
;; WHEN: Mon Feb 04 14:37:25 UTC 2019
;; MSG SIZE  rcvd: 741
--SNIP--

Those are the basic things you can do with nsupdate... add and delete.
Changes are done by deleting the old and then adding the new.

The SOA record is updated automatically and all is well with the world.

AlanC

More information about the bind-users mailing list