Nsupdate and TTL

[Petr Bena]

Hello,

 From my experience you don't need to delete whole set, I was actually 
doing this quite recently and discovered and interesting behavior of 
BIND server - last record you add will override the TTL value for a set.

So if you add another NS record to a zone, all existing NS records will 
have TTL overriden with the last one you add.

On 23/04/2020 01:06, Mark Andrews wrote:
>
>> On 23 Apr 2020, at 07:20, Evan Hunt <each at isc.org> wrote:
>>
>> On Wed, Apr 22, 2020 at 03:04:38PM -0600, @lbutlr via bind-users wrote:
>>> # nsupdate -k /path/to/key
>>>> zone example.com
>>>> ttl 3600
>>>> send
>>>> ^d
>>> No errors, but no change in the TTL.
>> "ttl 3600" just means "from now on assume I mean ttl 3600 in all the
>> records I send". You didn't actually send an update, so nothing changed..
>>
>> As far as I can recall, the only way to change a TTL in nsupdate is to
>> delete the whole RRset and then add it back in the same transaction:
>>
>>> zone example.com
>>> ttl 3600
>>> update del example.com in a
>>> update add example.com in a 192.0.2.1
>>> update add example.com in a 192.0.2.2
>>> update add example.com in a 192.0.2.3
>>> send
> Also don’t forget to add a prerequisite section to ensure you are removing
> the records you think you are.
>
> zone example.com
> ttl 3600
> prereq yxrrset example.com in a 192.0.2.1
> prereq yxrrset example.com in a 192.0.2.2
> prereq yxrrset example.com in a 192.0.2.3
> update del example.com in a
> update add example.com in a 192.0.2.1
> update add example.com in a 192.0.2.2
> update add example.com in a 192.0.2.3
> send
>
> Also note you can’t do it this way for the NS RRset at top of zone.  You need to
> delete the NS RRs individually and then add them back without deleting all the
> NS at any point in the process as the NS RRset is required to always exist.
>
> Note: named only keeps a single TTL for a RRset so it will update the TTL on all
> the records when you add a new one with a different TTL but this is not part of
> the UPDATE RFC.
>