Update RPZ zone records
Anvar Kuchkartaev
anvar at aegisnet.eu
Thu Jan 25 02:14:02 UTC 2018
it worked!!! finally thank you for help. It was the directory permission
issue causing dns to SERVFAIL
On 25/01/18 01:40, Mark Andrews wrote:
> Look at the sever’s logs.
>
>> On 25 Jan 2018, at 11:39 am, Anvar Kuchkartaev <anvar at aegisnet.eu> wrote:
>>
>> I updated nsuptate.txt and added .rpz to the end of the record now SERVFAIL happened
>>
>> nsupdate.txt:
>>
>> server localhost
>> zone rpz
>> update add 32.213.60.86.188.rpz-client-ip.rpz 60 CNAME rpz-passtrhu.
>> show
>> send
>>
>>
>>
>> command result:
>>
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
>> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;rpz. IN SOA
>>
>> ;; UPDATE SECTION:
>> 32.213.60.86.188.rpz-client-ip.rpz. 60 IN CNAME rpz-passtrhu.
>>
>> update failed: SERVFAIL
>>
>>
>>
>>
>> On 24/01/18 22:46, Mark Andrews wrote:
>>> Nsupdate treats all names as absolute so you need to add the .rpz to the end.
>>>
>>>
>> On 25 Jan 2018, at 08:19, Anvar Kuchkartaev via bind-users <bind-users at lists.isc.org>
>> wrote:
>>
>> Hello,
>>
>> I am trying to update RPZ zone records dynamically using nsupdate. But unfortunately I am facing with NOTZONE option.
>>
>> nsupdate -k /etc/rndc.key < nsupdate.txt
>>
>> Outgoing update query:
>> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
>> ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
>> ;; ZONE SECTION:
>> ;rpz. IN SOA
>>
>> ;; UPDATE SECTION:
>> 32.213.60.86.188.rpz-client-ip. 60 IN CNAME rpz-passtrhu.
>>
>> update failed: NOTZONE
>>
>>
>> nsupdate.txt:
>>
>> server localhost
>> zone rpz
>> update add 32.213.60.86.188.rpz-client-ip. 60 CNAME rpz-passtrhu.
>> show
>> send
>>
>>
>> my rpz zone:
>>
>> zone "rpz" IN {
>> type master;
>> file "named.rpz";
>> allow-query { localhost; };
>> update-policy {
>> grant rndc-key zonesub ANY;
>> };
>> };
>>
>> Any help will be greatly appreciated,
>>
>> --
>> Anvar Kuchkartaev
>>
>> anvar at aegisnet.eu
>>
>>
>> _______________________________________________
>> Please visit
>> https://lists.isc.org/mailman/listinfo/bind-users
>> to unsubscribe from this list
>>
>> bind-users mailing list
>>
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>> --
>> Anvar Kuchkartaev
>>
>> anvar at aegisnet.eu
--
Anvar Kuchkartaev
anvar at aegisnet.eu
More information about the bind-users
mailing list