Nsupdate and TTL

Mark Andrews marka at isc.org
Thu Apr 23 07:39:44 UTC 2020 


> On 23 Apr 2020, at 17:31, Petr Bena <petr at bena.rocks> wrote:
> 
> Hello,
> 
> From my experience you don't need to delete whole set, I was actually doing this quite recently and discovered and interesting behavior of BIND server - last record you add will override the TTL value for a set.
> 
> So if you add another NS record to a zone, all existing NS records will have TTL overriden with the last one you add.

Which is a side effect of BIND having a single TTL per RRset as I
said below.

To use UPDATE to change records on any DNS server please use the
methods listed below. The UPDATE message is a bit larger but it is
robust.

Mark

> On 23/04/2020 01:06, Mark Andrews wrote:
>> 
>>> On 23 Apr 2020, at 07:20, Evan Hunt <each at isc.org> wrote:
>>> 
>>> On Wed, Apr 22, 2020 at 03:04:38PM -0600, @lbutlr via bind-users wrote:
>>>> # nsupdate -k /path/to/key
>>>>> zone example.com
>>>>> ttl 3600
>>>>> send
>>>>> ^d
>>>> No errors, but no change in the TTL.
>>> "ttl 3600" just means "from now on assume I mean ttl 3600 in all the
>>> records I send". You didn't actually send an update, so nothing changed..
>>> 
>>> As far as I can recall, the only way to change a TTL in nsupdate is to
>>> delete the whole RRset and then add it back in the same transaction:
>>> 
>>>> zone example.com
>>>> ttl 3600
>>>> update del example.com in a
>>>> update add example.com in a 192.0.2.1
>>>> update add example.com in a 192.0.2.2
>>>> update add example.com in a 192.0.2.3
>>>> send
>> Also don’t forget to add a prerequisite section to ensure you are removing
>> the records you think you are.
>> 
>> zone example.com
>> ttl 3600
>> prereq yxrrset example.com in a 192.0.2.1
>> prereq yxrrset example.com in a 192.0.2.2
>> prereq yxrrset example.com in a 192.0.2.3
>> update del example.com in a
>> update add example.com in a 192.0.2.1
>> update add example.com in a 192.0.2.2
>> update add example.com in a 192.0.2.3
>> send
>> 
>> Also note you can’t do it this way for the NS RRset at top of zone.  You need to
>> delete the NS RRs individually and then add them back without deleting all the
>> NS at any point in the process as the NS RRset is required to always exist.
>> 
>> Note: named only keeps a single TTL for a RRset so it will update the TTL on all
>> the records when you add a new one with a different TTL but this is not part of
>> the UPDATE RFC.
>> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list