adding DS record via nsupdate

Andrew Latham lathama at gmail.com
Wed Feb 6 00:25:51 UTC 2013 

On Tue, Feb 5, 2013 at 6:30 PM, Jack Tavares <j.tavares at f5.com> wrote:
> Hello -
>
> I am trying to add a DS record via nsupdate and I can't get it to succeed.
>
> It does not generate an error, but when I dig for the DS record I get NXDOMAIN.
>
> What I edit the zone file and add the same DS record  and reload, I can query it
> just fine.
>
> I do the following as an example:
>
> nsupdate -d
> server <ip addr>
> zone test.net
> update add subzone.test.net 9999 IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
> send
>
> The output is
> Sending update to <ip>#53
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45236
> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 0
> ;; ZONE SECTION:
> ;test.net.                      IN      SOA
>
> ;; UPDATE SECTION:
> subzone.test.net.       9999    IN      DS      34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
>
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  45236
> ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
> ;; ZONE SECTION:
> ;test.net.                      IN      SOA
>
> <end>
>
> Dig results
>
>  dig @<ip> +noadflag +nocdflag -t ds subzone.test.net.
>
> ; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21747
> ;; flags: qr aa rd cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;subzone.test.net.              IN      DS
>
> ;; AUTHORITY SECTION:
> test.net.               500     IN      SOA     xxxx.test.net. hostmaster.xxxx.test.net. 2013010938 10800 3600 604800 86400
>
>
> When I put the DS record in the zone manually:
>
> tail <zonefile>:
> subzone.test.net.       9999    IN      DS      34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
>
> and do a dig, it works:
> dig @<ip> -t ds subzone.test.net.
>
> ; <<>> DiG 9.8.4-P1 <<>> @<ip> -t ds subzone.test.net.
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21326
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;subzone.test.net.              IN      DS
>
> ;; ANSWER SECTION:
> subzone.test.net.       9999    IN      DS      34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F
>
> ;; Query time: 0 msec
>
> Should this work?
> Thank you
>
> --
> Jack Tavares


First guess is that the Serial is not getting updated correctly.

-- 
~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~

More information about the bind-users mailing list