Fwd: Reverse zone reformatting after nsupdate execution

Greg Donohoe dubgregd at gmail.com
Wed Jan 27 18:14:01 UTC 2021


Adding mailing list for archiving.

---------- Forwarded message ---------
From: Greg Donohoe <dubgregd at gmail.com>
Date: Wed, Jan 27, 2021 at 6:11 PM
Subject: Re: Reverse zone reformatting after nsupdate execution
To: Chris Isaksen <Chris.Isaksen at nysed.gov>


Thank you very much for your reply Chris. Changing the masterfile-style has
addressed our issue.
I need to do more testing but so far it looks good :-)

Thanks again.

Rgds,
Greg.

On Wed, Jan 27, 2021 at 1:32 PM Chris Isaksen <Chris.Isaksen at nysed.gov>
wrote:

>
>
> ------------------------------
> *From:* bind-users <bind-users-bounces at lists.isc.org> on behalf of Ondřej
> Surý <ondrej at isc.org>
> *Sent:* Wednesday, January 27, 2021 8:29 AM
> *To:* Greg Donohoe <dubgregd at gmail.com>
> *Cc:* bind-users at lists.isc.org <bind-users at lists.isc.org>
> *Subject:* Re: Reverse zone reformatting after nsupdate execution
>
> You might want to change `masterfile-style` configuration option:
>
>
> https://bind9.readthedocs.io/en/latest/reference.html?highlight=masterfile-style#tuning
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
>
> > On 27. 1. 2021, at 14:23, Ondřej Surý <ondrej at isc.org> wrote:
> >
> > Greg,
> >
> > there’s nothing wrong with the zone contents. $ORIGIN means “now append
> this to every name not ending with dot”.
> >
> > Ondřej
> > --
> > Ondřej Surý — ISC (He/Him)
> >
> >> On 27. 1. 2021, at 14:06, Greg Donohoe <dubgregd at gmail.com> wrote:
> >>
> >> 
> >> Hello. I am hoping that someone can help me to figure out the cause of
> an issue I am seeing when running nsupdate on my BIND9 server.
> >> Below you will find all the the details as to how my server is
> configured and also the nsupdate commands that I am running.
> >>
> >> The issue I am seeing is that I have configured a /16
> 10.10.in-addr.arpa reverse zone, however when I execute nsupdate the
> 10.10.in-addr.arpa.dns zone file re formats the $ORIGIN to a /24
> 156.10.10.in-addr.arpa.
> >> This appears to be an issue with nsupdate rather than BIND itself as I
> can manually amend the 10.10.in-addr.arpa.dns zone file whcih always
> remains in a /16 format.
> >>
> >> Please see below for details and if you need any further information
> please let me know.
> >>
> >> ###############################
> >> named.conf
> >> ###############################
> >> greg at hp-linux:/etc/bind$ cat named.conf
> >> ##  OPTIONS
> >> options {
> >> directory "/var/cache/bind";
> >>
> >>         recursion no;
> >> listen-on port 53 { any; };
> >> allow-query  { any; };
> >> allow-update { any; };
> >>
> >> forwarders {
> >> 10.10.8.120;
> >> 10.196.207.11;
> >> };
> >>
> >> dnssec-validation auto;
> >>
> >> auth-nxdomain no;    # conform to RFC1035
> >> listen-on-v6 { any; };
> >> };
> >>
> >>
> >> ## ZONES
> >> # Zone statement for forward DNS lookups
> >> zone "example.com" IN {
> >>     type master;
> >>     file "/etc/bind/master/example.com.dns";
> >>     allow-update { any; };
> >> };
> >> zone "10.10.in-addr.arpa"  IN  {
> >>     type master;
> >>     file "/etc/bind/master/10.10.in-addr.arpa.dns";
> >>     allow-update { any; };
> >> };
> >>
> >> ###################################################
> >> The batch.txt file I use to run nsupdate
> >> ###################################################
> >> server 127.0.0.1
> >> zone example.com
> >> update add test.example.com 86400 IN A 10.10.156.37
> >> send
> >> server 127.0.0.1
> >> zone 10.10.in-addr.arpa.
> >> update add 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com
> >> send
> >> server 127.0.0.1
> >> zone example.com
> >> update add test1.example.com 86400 IN A 10.10.156.38
> >> send
> >> server 127.0.0.1
> >> zone 10.10.in-addr.arpa.
> >> update add 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com
> >> send
> >>
> >> ######################################################
> >> nsupdate debug output
> >> ######################################################
> >> greg at hp-linux:/etc/bind/master$ nsupdate -D -v batch1.txt
> >> setup_system()
> >> reset_system()
> >> user_interaction()
> >> do_next_command()
> >> do_next_command()
> >> do_next_command()
> >> evaluate_update()
> >> update_addordelete()
> >> do_next_command()
> >> start_update()
> >> send_update()
> >> Sending update to 127.0.0.1#53
> >> show_message()
> >> Outgoing update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  15755
> >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;example.com. IN SOA
> >>
> >> ;; UPDATE SECTION:
> >> test.example.com. 86400 IN A 10.10.156.37
> >>
> >> update_completed()
> >> show_message()
> >>
> >> Reply from update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  15755
> >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;example.com. IN SOA
> >>
> >> done_update()
> >> reset_system()
> >> user_interaction()
> >> do_next_command()
> >> do_next_command()
> >> do_next_command()
> >> evaluate_update()
> >> update_addordelete()
> >> do_next_command()
> >> start_update()
> >> send_update()
> >> Sending update to 127.0.0.1#53
> >> show_message()
> >> Outgoing update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38067
> >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;10.10.in-addr.arpa. IN SOA
> >>
> >> ;; UPDATE SECTION:
> >> 37.156.10.10.in-addr.arpa. 86400 IN PTR test.example.com.
> >>
> >> update_completed()
> >> show_message()
> >>
> >> Reply from update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38067
> >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;10.10.in-addr.arpa. IN SOA
> >>
> >> done_update()
> >> reset_system()
> >> user_interaction()
> >> do_next_command()
> >> do_next_command()
> >> do_next_command()
> >> evaluate_update()
> >> update_addordelete()
> >> do_next_command()
> >> start_update()
> >> send_update()
> >> Sending update to 127.0.0.1#53
> >> show_message()
> >> Outgoing update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22045
> >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;example.com. IN SOA
> >>
> >> ;; UPDATE SECTION:
> >> test1.example.com. 86400 IN A 10.10.156.38
> >>
> >> update_completed()
> >> show_message()
> >>
> >> Reply from update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22045
> >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;example.com. IN SOA
> >>
> >> done_update()
> >> reset_system()
> >> user_interaction()
> >> do_next_command()
> >> do_next_command()
> >> do_next_command()
> >> evaluate_update()
> >> update_addordelete()
> >> do_next_command()
> >> start_update()
> >> send_update()
> >> Sending update to 127.0.0.1#53
> >> show_message()
> >> Outgoing update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7571
> >> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;10.10.in-addr.arpa. IN SOA
> >>
> >> ;; UPDATE SECTION:
> >> 38.156.10.10.in-addr.arpa. 86400 IN PTR test1.example.com.
> >>
> >> update_completed()
> >> show_message()
> >>
> >> Reply from update query:
> >> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7571
> >> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> >> ;; ZONE SECTION:
> >> ;10.10.in-addr.arpa. IN SOA
> >>
> >> done_update()
> >> reset_system()
> >> user_interaction()
> >> cleanup()
> >> Shutting down task manager
> >> shutdown_program()
> >> Shutting down request manager
> >> Destroy DST lib
> >> Destroying request manager
> >> Freeing the dispatchers
> >> Shutting down dispatch manager
> >> Destroying event
> >> Shutting down socket manager
> >> Shutting down timer manager
> >> Removing log context
> >> Destroying memory context
> >> greg at hp-linux:/etc/bind/master$ systemctl restart named.service
> >>
> >> ######################################################
> >> Forward zone file after the nsupdate
> >> ######################################################
> >> greg at hp-linux:/etc/bind/master$ cat example.com.dns
> >> $ORIGIN .
> >> $TTL 3600 ; 1 hour
> >> example.com IN SOA ns1.example.com. admin\.example.com. (
> >> 2          ; serial
> >> 900        ; refresh (15 minutes)
> >> 600        ; retry (10 minutes)
> >> 1209600    ; expire (2 weeks)
> >> 3600       ; minimum (1 hour)
> >> )
> >> NS ns1.example.com.
> >> $ORIGIN example.com.
> >> ns1 A 192.168.0.15
> >> $TTL 86400 ; 1 day
> >> test A 10.10.156.37
> >> test1 A 10.10.156.38
> >>
> >> ########################################################
> >> Reverse zone file after the update
> >> ########################################################
> >> greg at hp-linux:/etc/bind/master$ cat 10.10.in-addr.arpa.dns
> >> $ORIGIN .
> >> $TTL 3600 ; 1 hour
> >> 10.10.in-addr.arpa IN SOA ns1.example.com. admin\.example.com. (
> >> 2          ; serial
> >> 3600       ; refresh (1 hour)
> >> 600        ; retry (10 minutes)
> >> 1209600    ; expire (2 weeks)
> >> 3600       ; minimum (1 hour)
> >> )
> >> NS ns1.example.com.
> >> $ORIGIN 156.10.10.in-addr.arpa.
> >> $TTL 86400 ; 1 day
> >> 37 PTR test.example.com.
> >> 38 PTR test1.example.com.
> >>
> >> If any additional info is required please let me know and I will send
> it asap.
> >>
> >> Look for to your response.
> >>
> >> Rgds,
> >> Greg Donohoe.
> >> _______________________________________________
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >>
> >> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >>
> >>
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> Confidentiality Notice
>
> This email including all attachments is confidential and intended solely
> for the use of the individual or entity to which it is addressed. This
> communication may contain information that is protected from disclosure
> under State and/or Federal law. Please notify the sender immediately if you
> have received this communication in error and delete this email from your
> system. If you are not the intended recipient you are notified that
> disclosing, copying, distributing or taking any action in reliance on the
> contents of this information is strictly prohibited.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210127/8763cb7f/attachment-0001.htm>


More information about the bind-users mailing list