dynamic DNS configuration question

Kevin Darcy kcd at daimlerchrysler.com
Thu Feb 9 22:51:02 UTC 2006 

Noah wrote:

>Hi there,
>
>I configured dynamic DNS sometime ago and trying to figure if I understand it
>correctly so I apologize in advance since I still should be considered a newbie.
>
>client side:  redhat-8.0 dhcp-3.0.3 using dhclient for updating 
>server side:  bind-9.2.3 on SuSE machine.  
>
>So here is what I am not completely undestanding:
>I am wanting to manually update the zone file on my primary DNS server and 
>see on the that there is an update to the zone file (called zones/domain.com).
> and there is a creation of a zones/domain.com.jnl file.  There are $ORIGIN
>and $TTL tags places in the zones/domain.com file.  Is this proper behavior? 
>
Once a zone is configured for Dynamic Update, think of it as "owning" 
the zone file and writing whatever it wants, whenever it wants, into 
that file. To be sure, the Dynamic Update extension mandates that 
changes be committed immediately to non-volatile storage, but the BIND 
implementation chooses to write the changes first to the journal file, 
and only "whenever" to the zone file. So it's really a crapshoot what 
the zone file contains at any given point in time. If you want to see 
exactly what's in a zone at a particular time, the most straightforward 
way is a zone transfer, although I suppose one could hack together 
something that reads the zone file, reads and parses the journal file, 
and comes up with a "merged" view of both.

>Is it okay to manually change the information in this file and restart the
>named daemon?
>
Generally, it's a good idea to get into the habit of using nsupdate or 
some other Dynamic Update client software to "manually" maintain zones 
that are configured for Dynamic Update. Put a fancy shmancy frontend on 
it if you wish, write something in Perl using the Dynamic Update 
capabilities of the Net::DNS module, set up TSIG-authentication if you 
want to do updates remotely and are worried about them being spoofed. 
Otherwise, if you don't use Dynamic Update in some shape or form to do 
these "one-off" updates, you're going to have to be more intrusive than 
necessary to the nameserver's operational status, with stop/restart, 
freeze/thaw or whatever. Stopping the nameserver's ability to accept 
updates for a particular zone, while a manual change is being made to 
the zone file, is not something that scales very well, certainly not to 
the enterprise level...

                                                                         
                                                - Kevin

More information about the bind-users mailing list