manual editing of dynamic zones files
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jan 4 22:35:38 UTC 2006
Merton Campbell Crockett wrote:
>On 03 Jan 2006, at 16:19 PST, Kevin Darcy wrote:
>
>
>
>>It might be a better approach to do *all* of your updates via Dynamic
>>Update from now on, including the "manual" ones. Use "nsupdate" or
>>some
>>other command-line tool. One of the advantages of this, versus editing
>>the zone files, is that you don't actually need to be on the master
>>server to make an update. If you want to exploit this "remote"
>>capability, though, you'll probably want to set up TSIG-authentication
>>for the Dynamic Updates, unless you have sufficient security at the
>>lower network levels (e.g. IPSEC or something like that).
>>
>>
>
>Nsupdate must be one of the most arcane applications in existence.
>Are there any plans afoot to create a more "user friendly"
>interface? Perhaps a "standard" web interface that can automatically
>determine which DNS zone files are dynamic and static and perform the
>appropriate actions.
>
I'm not aware of any such plans. I've written my own web interface, but
it's not releasable due to Intellectual Property concerns.
>I get the feeling, in my own organisation, that I'm the only one who
>knows how to use nsupdate. :(
>
>
FWIW, we have several people that use nsupdate semi-regularly for those
odd changes that can't be done via the aforementioned web interface. But
I get your point: it's a pretty steep learning curve, and there are lots
of pitfalls...
- Kevin
More information about the bind-users
mailing list