Using nsupdate in scripts
Tony Finch
fanf at isc.org
Mon Mar 14 22:25:08 UTC 2022
Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>
> But I've noticed that since I added the following to my options { }:
>
> allow-transfer { none; };
> dnssec-validation auto;
> listen-on-v6 { none; } ;
>
> That I get a *lot* of lines like:
>
> ; Communication with ::1#53 failed: connection refused
"Doctor it hurts when I do this!"
When you use `nsupdate -l` you are using a hard-coded configuration, that
uses a compiled-in path to the session key and fixed IPv4 and IPv6
localhost addresses.
If that doesn't fit your setup then you need to adjust the command-line
options for `nsupdate`.
I think for your purposes it would be best to add an environment variable
for the nsupdate options, so that the admin can set the variable to
contain different options if bare -l doesn't fit their needs. So if in
some fit of self-harm they have turned off IPv6, they can add -4 to the
variable, or they can get more creative with the -k option. (Sadly you
have to set the server address in the update script, not on the command
line.)
--
Tony Finch <fanf at isc.org> (he/they) Cambridge, England
Rockall: West or southwest 7 to severe gale 9, decreasing 4 to 6
later. Very rough, becoming very rough or high. Rain or showers. Good,
occasionally poor.
More information about the bind-users
mailing list