Claiming Authority for root
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jun 29 19:05:05 UTC 2000
Jim Reid wrote:
> Allen> Essentially, I am wanting to do this so that I can add (or
> Allen> remove) zones dynamically using nsupdate. This procedure
> Allen> works perfectly, and the name server does give the correct
> Allen> answers when it is queried.
>
> I think you are mistaken. Every zone has exactly 1 SOA record. How can
> you create a new zone by getting nsupdate to add a SOA record for it?
> This update would have to go to the parent zone. If that SOA record
> was added successfully, it would mean the parent zone had two SOA
> records. This is just wrong. I'd be very surprised if nsupdate and
> named let you do this. [Not that I'm silly enough to have tried such a
> thing.] And can you do zone transfers of these dynamically added
> "zones"?
Well, *I'm* silly enough to try it! :-) "nsupdate" returns NOTZONE for an
attempt to add an SOA record for a zone that is self-delegated from the
master for the parent zone but (obviously) not defined in that master's
named.conf file. As far as the nameserver is concerned, the zone doesn't
exist. Given that creation and deletion of SOA records via Dynamic Update
is specifically unsupported by RFC 2136, I'm surprised that
"nsupdate" even let the update go through!
I suspect that the original poster has some scripting "glue" that creates
zonefiles and zone definitions in named.conf, whenever it detects the
presence of new delegations created by Dynamic Update. You could just use
a boilerplate SOA for those "dynamically-created" zones, I suppose.
Or maybe he isn't even using BIND. But what are the chances of that,
given that this is a BIND list?
- Kevin
More information about the bind-users
mailing list