adding DS record via nsupdate
Jack Tavares
j.tavares at F5.com
Tue Feb 5 23:30:48 UTC 2013
Hello -
I am trying to add a DS record via nsupdate and I can't get it to succeed.
It does not generate an error, but when I dig for the DS record I get NXDOMAIN.
What I edit the zone file and add the same DS record and reload, I can query it
just fine.
I do the following as an example:
nsupdate -d
server <ip addr>
zone test.net
update add subzone.test.net 9999 IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
send
The output is
Sending update to <ip>#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 45236
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
;; ZONE SECTION:
;test.net. IN SOA
;; UPDATE SECTION:
subzone.test.net. 9999 IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 45236
;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;test.net. IN SOA
<end>
Dig results
dig @<ip> +noadflag +nocdflag -t ds subzone.test.net.
; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21747
;; flags: qr aa rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;subzone.test.net. IN DS
;; AUTHORITY SECTION:
test.net. 500 IN SOA xxxx.test.net. hostmaster.xxxx.test.net. 2013010938 10800 3600 604800 86400
When I put the DS record in the zone manually:
tail <zonefile>:
subzone.test.net. 9999 IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
and do a dig, it works:
dig @<ip> -t ds subzone.test.net.
; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21326
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;subzone.test.net. IN DS
;; ANSWER SECTION:
subzone.test.net. 9999 IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
;; Query time: 0 msec
Should this work?
Thank you
--
Jack Tavares
More information about the bind-users
mailing list