Reverse zone reformatting after nsupdate execution

Chris Isaksen Chris.Isaksen at nysed.gov
Wed Jan 27 13:32:29 UTC 2021 


________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Ondřej Surý <ondrej at isc.org>
Sent: Wednesday, January 27, 2021 8:29 AM
To: Greg Donohoe <dubgregd at gmail.com>
Cc: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: Reverse zone reformatting after nsupdate execution

You might want to change `masterfile-style` configuration option:

https://bind9.readthedocs.io/en/latest/reference.html?highlight=masterfile-style#tuning

Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org

> On 27. 1. 2021, at 14:23, Ondřej Surý <ondrej at isc.org> wrote:
>
> Greg,
>
> there’s nothing wrong with the zone contents. $ORIGIN means “now append this to every name not ending with dot”.
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
>> On 27. 1. 2021, at 14:06, Greg Donohoe <dubgregd at gmail.com> wrote:
>>
>> 
>> Hello. I am hoping that someone can help me to figure out the cause of an issue I am seeing when running nsupdate on my BIND9 server.
>> Below you will find all the the details as to how my server is configured and also the nsupdate commands that I am running.
>>
>> The issue I am seeing is that I have configured a /16 10.10.in-addr.arpa reverse zone, however when I execute nsupdate the 10.10.in-addr.arpa.dns zone file re formats the $ORIGIN to a /24 156.10.10.in-addr.arpa.
>> This appears to be an issue with nsupdate rather than BIND itself as I can manually amend the 10.10.in-addr.arpa.dns zone file whcih always remains in a /16 format.
>>
>> Please see below for details and if you need any further information please let me know.
>>
>> ###############################
>> named.conf
>> ###############################
>> greg at hp-linux:/etc/bind$ cat named.conf
>> ##  OPTIONS
>> options {
>> directory "/var/cache/bind";
>>
>>         recursion no;
>> listen-on port 53 { any; };
>> allow-query  { any; };
>> allow-update { any; };
>>
>> forwarders {
>> 10.10.8.120;
>> 10.196.207.11;
>> };
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no;    # conform to RFC1035
>> listen-on-v6 { any; };
>> };
>>
>>
>> ## ZONES
>> # Zone statement for forward DNS lookups
>> zone "example.com" IN {
>>     type master;
>>     file "/etc/bind/master/example.com.dns";
>>     allow-update { any; };
>> };
>> zone "10.10.in-addr.arpa"  IN  {
>>     type master;
>>     file "/etc/bind/master/10.10.in-addr.arpa.dns";
>>     allow-update { any; };
>> };
>>
>> ###################################################
>> The batch.txt file I use to run nsupdate
>> ###################################################
>> server 127.0.0.1
>> zone example.com
>> update add test.example.com 86400 IN A 10.10.156.37
>> send
>> server 127.0.0.1
>> zone 10.10.in-addr.arpa.
>> update add 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com
>> send
>> server 127.0.0.1
>> zone example.com
>> update add test1.example.com 86400 IN A 10.10.156.38
>> send
>> server 127.0.0.1
>> zone 10.10.in-addr.arpa.
>> update add 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com
>> send
>>
>> ######################################################
>> nsupdate debug output
>> ######################################################
>> greg at hp-linux:/etc/bind/master$ nsupdate -D -v batch1.txt
>> setup_system()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  15755
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>>
>> ;; UPDATE SECTION:
>> test.example.com. 86400 IN A 10.10.156.37
>>
>> update_completed()
>> show_message()
>>
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  15755
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>>
>> done_update()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38067
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>>
>> ;; UPDATE SECTION:
>> 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com.
>>
>> update_completed()
>> show_message()
>>
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38067
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>>
>> done_update()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22045
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>>
>> ;; UPDATE SECTION:
>> test1.example.com. 86400 IN A 10.10.156.38
>>
>> update_completed()
>> show_message()
>>
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22045
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;example.com. IN SOA
>>
>> done_update()
>> reset_system()
>> user_interaction()
>> do_next_command()
>> do_next_command()
>> do_next_command()
>> evaluate_update()
>> update_addordelete()
>> do_next_command()
>> start_update()
>> send_update()
>> Sending update to 127.0.0.1#53
>> show_message()
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7571
>> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>>
>> ;; UPDATE SECTION:
>> 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com.
>>
>> update_completed()
>> show_message()
>>
>> Reply from update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7571
>> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;10.10.in-addr.arpa. IN SOA
>>
>> done_update()
>> reset_system()
>> user_interaction()
>> cleanup()
>> Shutting down task manager
>> shutdown_program()
>> Shutting down request manager
>> Destroy DST lib
>> Destroying request manager
>> Freeing the dispatchers
>> Shutting down dispatch manager
>> Destroying event
>> Shutting down socket manager
>> Shutting down timer manager
>> Removing log context
>> Destroying memory context
>> greg at hp-linux:/etc/bind/master$ systemctl restart named.service
>>
>> ######################################################
>> Forward zone file after the nsupdate
>> ######################################################
>> greg at hp-linux:/etc/bind/master$ cat example.com.dns
>> $ORIGIN .
>> $TTL 3600 ; 1 hour
>> example.com IN SOA ns1.example.com. admin\.example.com. (
>> 2          ; serial
>> 900        ; refresh (15 minutes)
>> 600        ; retry (10 minutes)
>> 1209600    ; expire (2 weeks)
>> 3600       ; minimum (1 hour)
>> )
>> NS ns1.example.com.
>> $ORIGIN example.com.
>> ns1 A 192.168.0.15
>> $TTL 86400 ; 1 day
>> test A 10.10.156.37
>> test1 A 10.10.156.38
>>
>> ########################################################
>> Reverse zone file after the update
>> ########################################################
>> greg at hp-linux:/etc/bind/master$ cat 10.10.in-addr.arpa.dns
>> $ORIGIN .
>> $TTL 3600 ; 1 hour
>> 10.10.in-addr.arpa IN SOA ns1.example.com. admin\.example.com. (
>> 2          ; serial
>> 3600       ; refresh (1 hour)
>> 600        ; retry (10 minutes)
>> 1209600    ; expire (2 weeks)
>> 3600       ; minimum (1 hour)
>> )
>> NS ns1.example.com.
>> $ORIGIN 156.10.10.in-addr.arpa.
>> $TTL 86400 ; 1 day
>> 37 PTR test.example.com.
>> 38 PTR test1.example.com.
>>
>> If any additional info is required please let me know and I will send it asap.
>>
>> Look for to your response.
>>
>> Rgds,
>> Greg Donohoe.
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users



Confidentiality Notice

This email including all attachments is confidential and intended solely for the use of the individual or entity to which it is addressed. This communication may contain information that is protected from disclosure under State and/or Federal law. Please notify the sender immediately if you have received this communication in error and delete this email from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210127/d9a84260/attachment-0001.htm>

More information about the bind-users mailing list