adding DS record via nsupdate

Jack Tavares j.tavares at F5.com
Tue Feb 5 23:30:48 UTC 2013 

Hello -

I am trying to add a DS record via nsupdate and I can't get it to succeed.

It does not generate an error, but when I dig for the DS record I get NXDOMAIN.

What I edit the zone file and add the same DS record  and reload, I can query it
just fine.

I do the following as an example:

nsupdate -d
server <ip addr>
zone test.net
update add subzone.test.net 9999 IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
send

The output is
Sending update to <ip>#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45236
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
;; ZONE SECTION:
;test.net.			IN	SOA

;; UPDATE SECTION:
subzone.test.net.	9999	IN	DS	34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F


Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45236
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;test.net.			IN	SOA

<end>

Dig results

 dig @<ip> +noadflag +nocdflag -t ds subzone.test.net.

; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21747
;; flags: qr aa rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;subzone.test.net.		IN	DS

;; AUTHORITY SECTION:
test.net.		500	IN	SOA	xxxx.test.net. hostmaster.xxxx.test.net. 2013010938 10800 3600 604800 86400


When I put the DS record in the zone manually:

tail <zonefile>:
subzone.test.net.	9999	IN	DS	34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F

and do a dig, it works:
dig @<ip> -t ds subzone.test.net.

; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21326
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;subzone.test.net.		IN	DS

;; ANSWER SECTION:
subzone.test.net.	9999	IN	DS	34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F

;; Query time: 0 msec

Should this work?
Thank you

--
Jack Tavares

More information about the bind-users mailing list