Using RNDC to control remote access to my BIND server

Tony Finch dot at
Thu Apr 22 19:38:40 UTC 2021

Greg Donohoe <dubgregd at> wrote:

> I have created a CI/CD pipeline in order to amend zone files using nsupdate
> based on a front end user request. This portion of the pipeline is working
> as expected so now I want to be able to connect from my pipeline runner to
> my remote BIND staging server and update the zone files on there with my
> newly updated zone file.

If you want to make the same change on the remote server that you made
locally, can't you use nsupdate again but point it at the remote server?
Or is there something more complicated going on?

Use ddns-keygen to create a TSIG authentication key and add the key to the
allow-update ACL on the remote server.

(You can also add your own TSIG keys to allow remote control with `rndc
-s`, but it sounds to me like rndc is a red herring.)

There's also my `nsdiff` program
which can make a zone on a remote server look like a local zone
file using nsupdate.

f.anthony.n.finch  <dot at>
North Utsire, South Utsire: Northerly or northwesterly 4 to 6,
occasionally 7 at first in eastern South Utsire. Rough at first in
eastern South Utsire, otherwise moderate. Showers. Good.

More information about the bind-users mailing list