Dynamically add zones

Thu Jul 29 18:33:03 UTC 2010

Alan/ Evan,

Thanks didn't get to reading the beta release notes yet.  Wow, how timely is
this :)

Thanks

-m

On Wed, Jul 28, 2010 at 8:08 PM, Alan Clegg <aclegg at isc.org> wrote:

> On 7/28/2010 10:41 PM, Mike Flathers wrote:
>
> > Is there a patch for bind 9 to add new zones dynamically without
> > having to run rndc reconfig?  The server stops answering queries when
> > reconfig is loading in the new config as the config grows this timeout
> > increases.  I haven't hit the source code yet, but something like rndc
> > addzone zonename [config options | clone zone] would be nice :)
>
> Look for it in BIND 9.7.2
>
> Here's what I have that creates zones, makes them dynamic and signs them
> with no human interference (producing the DS record for the parent):
>
> ==SNIP==
> #!/bin/bash
> cd /etc/namedb
> cp template master/${1}
>
> rndc addzone ${1} { type master\;\
>                                file \"master/${1}\"\;\
>                                update-policy local\; \
>                                auto-dnssec maintain\; \
>                                }\;
>
> dnssec-keygen -f KSK -K /etc/namedb/keys $1
> dnssec-dsfromkey -2 /etc/namedb/keys/K${1}.*.key > ds/${1}
>
> dnssec-keygen -K /etc/namedb/keys $1
>
> rndc sign ${1}
> ==SNIP==
>
> Yes, no error checking, etc, but it works well as a proof-of-concept...
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100729/a7a253ae/attachment.html>